Magyar English Deutsch
Tank and Tube Tank and Tube

Privacy Policy

1. GENERAL PROVISIONS AND CONTACT INFORMATION


1.1 Purpose and Scope of the Policy


The purpose of this Privacy Policy (hereinafter: "Policy") is to provide transparent information to the users of the Tank and Tube website (hereinafter: "Website") about the data processing principles, the practice of processing personal data, and the rights and remedies available to data subjects.


The Policy has been developed in accordance with Regulation (EU) 2016/679 (hereinafter: "GDPR") and Act CXII of 2011 on the Right to Informational Self-determination and Freedom of Information (hereinafter: "Privacy Act").


This Policy is effective from January 1, 2023 and remains valid until revocation.


1.2 Data Controller Information


Name: Nagy József Attila
Registered office and postal address: 2251 Diófa utca 40.
Business activity commenced: 2021
Registration number: 56178197
Tax number: 57539980-2-33
Email address: info@tankandtube.hu
Phone number: +36 30 286 7220
(hereinafter: "Data Controller")


1.3 Hosting Provider Information


Company name: ResellerPanel Limited
Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Company registration number: 9712522 (Companies House, UK)
Email address: support@resellerspanel.com
Website: www.resellerspanel.com


1.4 Data Protection Officer


The Data Controller is not required to appoint a Data Protection Officer under Article 37 of the GDPR.


1.5 Definitions


The terms used in this Policy are to be interpreted in accordance with Article 4 of the GDPR as follows:


  • personal data: any information relating to an identified or identifiable natural person;
  • data subject: a natural person who is identified or identifiable based on personal data;
  • processing: any operation performed on personal data;
  • controller: the natural or legal person who determines the purposes and means of the processing of personal data;
  • processor: a natural or legal person who processes personal data on behalf of the controller;
  • third party: a natural or legal person other than the data subject, controller, processor;
  • consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies agreement to the processing of personal data relating to him or her;
  • personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

1.6 Principles of Data Processing


The Data Controller follows the following principles when processing personal data:


  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

1.7 Customer Service


Opening hours: Monday to Friday 8:00-16:00
Phone number: +36 30 286 7220
Email address: info@tankandtube.hu / hello@tank-pool.com
Website: www.tank-pool.com


2. LEGAL BASES FOR DATA PROCESSING


The legal bases for data processing according to Article 6 of the GDPR are as follows:


2.1 Consent-based Processing


The data subject has given consent to the processing of his or her personal data. Consent may be withdrawn at any time, which does not affect the lawfulness of processing based on consent before its withdrawal.


2.2 Contract-based Processing


Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.


2.3 Legal Obligation-based Processing


Processing is necessary for compliance with a legal obligation to which the Data Controller is subject.


2.4 Legitimate Interest-based Processing


Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.


3. SCOPE OF PROCESSED PERSONAL DATA, PURPOSE, LEGAL BASIS AND DURATION OF PROCESSING


3.1 Data Processed During Contact


3.1.1 Scope of Data Processed

Mandatory data:


  • Name
  • Email address
  • Message content

Optional data:


  • Phone number

3.1.2 Purpose of Data Processing

  • Contact and communication with the data subject
  • Providing quotes, information about services
  • Identification of the data subject

3.1.3 Legal Basis for Processing

  • The data subject's voluntary consent (GDPR Article 6(1)(a))
  • In certain cases, preparation for contract performance (GDPR Article 6(1)(b))

3.1.4 Duration of Data Processing

  • Until the purpose of contact is fulfilled, but for a maximum of 1 year
  • Until withdrawal in case consent is withdrawn
  • In case of contract conclusion, for the duration of the contractual relationship, then according to the civil law limitation period (5 years)

3.2 Data Requested from Reseller Partners


3.2.1 Scope of Data Processed

Contact person data:


  • Last name
  • First name
  • Email address
  • Phone number
  • Website (optional)

Company data:


  • Company name
  • Registered address
  • Tax number

3.2.2 Purpose of Data Processing

  • Establishment and maintenance of reseller partnership
  • Contract performance, business communication
  • Fulfillment of accounting obligations

3.2.3 Legal Basis for Processing

  • Contract performance (GDPR Article 6(1)(b))
  • Compliance with legal obligations in the case of accounting documents (GDPR Article 6(1)(c))
  • The Data Controller's legitimate interest in communication (GDPR Article 6(1)(f))

3.2.4 Duration of Data Processing

  • For the duration of the contractual relationship, then according to the civil law limitation period (5 years)
  • In the case of accounting documents, 8 years (Accounting Act, Section 169(2))

3.3 Use of Cookies


3.3.1 Scope of Data Processed

  • Session ID
  • User settings
  • Visitor statistics, analytical data

3.3.2 Purpose of Data Processing

  • Ensuring proper functioning of the website
  • Improving user experience
  • Service development
  • Creating visitor statistics

3.3.3 Legal Basis for Processing

  • For necessary cookies, the legitimate interest of the Data Controller (GDPR Article 6(1)(f))
  • For marketing and statistical cookies, the data subject's consent (GDPR Article 6(1)(a))

3.3.4 Duration of Data Processing

  • For session cookies, until the browser is closed
  • For persistent cookies, until the cookie's specific expiration date or until deletion by the user

4. DATA PROCESSORS


The Data Controller uses the services of the following data processors when processing personal data:


4.1 Hosting Provider


Company name: ResellerPanel Limited
Activity: providing website and email services
Scope of data processed: all personal data generated during the use of the website
Location of processing: servers located within the European Union


4.2 Accounting Service Provider


Company name: [Accounting company name]
Activity: accounting, invoicing tasks
Scope of data processed: billing name, address, tax number, ordered service data, payment data
Location of processing: Hungary


4.3 Online Payment Provider (if relevant)


Company name: [Payment provider name]
Activity: processing online payments
Scope of data processed: name, email address, billing data, transaction amount
Location of processing: [Processing location]


5. DATA SECURITY MEASURES


The Data Controller implements the following technical and organizational measures to protect personal data:


5.1 Technical Measures


  • Use of SSL (Secure Socket Layer) encryption on the website
  • Password-protected access, permission management
  • Regular security backups
  • Virus protection and firewall usage
  • Server-side and client machine protection

5.2 Organizational Measures


  • Development and adherence to data management policies
  • Regular data protection training for employees
  • Physical data security (lockable cabinets, alarm)
  • Confidentiality obligations

6. RIGHTS OF DATA SUBJECTS AND REMEDIES


6.1 Rights of Data Subjects


Under the GDPR, data subjects have the following rights:


6.1.1 Right to Information (GDPR Articles 13-14)

The data subject has the right to receive information about the processing of personal data in a concise, transparent, intelligible, and easily accessible form.


6.1.2 Right of Access (GDPR Article 15)

The data subject has the right to obtain confirmation from the Data Controller as to whether personal data concerning him or her are being processed, and, if so, the right to access the personal data and certain information.


6.1.3 Right to Rectification (GDPR Article 16)

The data subject has the right to request the rectification or completion of inaccurate personal data concerning him or her.


6.1.4 Right to Erasure (GDPR Article 17)

The data subject has the right to request the erasure of personal data if the purpose of processing no longer exists, consent has been withdrawn, the data subject objects to the processing, or the processing is unlawful.


6.1.5 Right to Restriction of Processing (GDPR Article 18)

The data subject has the right to request restriction of processing if the accuracy of the data is contested, the processing is unlawful, the Data Controller no longer needs the data, or the data subject has objected to the processing.


6.1.6 Right to Data Portability (GDPR Article 20)

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used, and machine-readable format or to request their transmission to another controller.


6.1.7 Right to Object (GDPR Article 21)

The data subject has the right to object to the processing of personal data if it is based on legitimate interests, for direct marketing purposes, or for scientific/historical research or statistical purposes.


6.1.8 Rights Related to Automated Decision-making (GDPR Article 22)

The data subject has the right not to be subject to a decision based solely on automated processing, which produces legal effects concerning him or her or similarly significantly affects him or her.


6.2 Remedies


6.2.1 Contact with the Data Controller

The data subject may submit a request regarding the exercise of his or her rights at the contact details of the Data Controller specified in Section 1.2.


6.2.2 Complaint to the Supervisory Authority

The data subject has the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information if he or she considers that the processing of personal data relating to him or her infringes the law.


Name: Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
Registered office: 1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest, Pf. 9.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Email: ugyfelszolgalat@naih.hu
Website: www.naih.hu


6.2.3 Judicial Remedy

The data subject may take legal action against the Data Controller or processor if he or she considers that the Data Controller or the processor engaged by or acting on the instructions of the Data Controller processes his or her personal data in breach of the provisions of the law or binding EU legal act on the processing of personal data.


The case falls within the jurisdiction of the regional court. The proceedings may also be brought before the regional court with jurisdiction over the data subject's place of residence or stay, at the data subject's choice.


7. DATA TRANSFERS


7.1 Data Transfer to Third Countries


As a general rule, the Data Controller does not transfer personal data outside the European Economic Area (EEA). If this were to occur, the Data Controller would ensure appropriate safeguards in accordance with Chapter V of the GDPR.


7.2 Data Transfer to Authorities


The Data Controller may be obliged to transfer certain data to the competent authorities (e.g., police, prosecutor's office, courts) on the basis of legal obligation or authority request. The legal basis for data transfer in this case is compliance with a legal obligation (GDPR Article 6(1)(c)).


8. AMENDMENT OF THE PRIVACY POLICY


The Data Controller reserves the right to unilaterally amend the Policy, of which it shall inform the users of the Website at least 15 days before the amendment takes effect, by publishing it on the Website.


9. FINAL PROVISIONS


For matters not regulated in this Policy, the GDPR, the Privacy Act, and other relevant provisions of Hungarian law shall apply.


Date of last modification of the Policy: March 25, 2025.

Weboldal készítés: PWS Solutions és Rhino Marketing