Privacy policy

1. Introduction

With the following information we want to provide an overview of how we process your personal data as a "data subject" and inform you about your rights under applicable data protection laws. In most cases, you can use our website without sharing any personal data. However, if you wish to take advantage of certain services offered by our company through the website, it may become necessary to process your personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.

The processing of personal data—such as your name, address, or email address—is conducted in strict compliance with the General Data Protection Regulation (GDPR) and other relevant national data protection laws applicable to us. This data protection notice serves to inform you about the nature, purpose, and scope of the personal data we collect, utilize, and process.

As the data controller, we have implemented a wide range of technical and organizational measures to ensure the highest possible level of security for personal data processed via our website. However, please be aware that data transmission over the internet may have inherent security vulnerabilities, so absolute security cannot be guaranteed.

2. Data controller

The entity responsible for data processing within the meaning of GDPR is (“controller”):

Prioritas Viridis Kft

2161 Csomád, Kossuth Lajos út 47.

phone: +36-20/408-9098

email: info@pviridis.com

Authorized Representative:

Dénes Sóki

3. Data protection officer

For any questions, concerns, or suggestions regarding data protection, you can reach out to our data protection team at: info@pviridis.com

4. Legal basis

When we obtain your consent for a specific purpose, Article 6(1)(a) GDPR (in conjunction with Section 25(1) TDDDG [formerly TTDSG]) serves as the legal basis for the processing of your personal data.

If the processing of personal data is necessary for the performance of a contract to which you are a party —for instance, processing activities required for delivering goods or providing other services —the processing is based on Article 6(1)(b) GDPR. The same applies to processing activities necessary for pre-contractual measures, such as inquiries about our products or services.

When the processing of personal data is required to meet legal obligations, such as fulfilling tax or regulatory requirements, the processing is based on Article 6(1)(c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. In such cases, the processing would be based on Article 6(1)(d) GDPR.

Finally, processing activities could be based on Article 6(1)(f) GDPR. This legal basis applies to processing activities not covered by the aforementioned grounds if processing is necessary to safeguard the legitimate interests of our company or a third party, provided that these interests are not overridden by the interests, fundamental rights, or freedoms of the data subject. Such processing activities are particularly permitted because they have been specifically mentioned by the European legislator. In this context, the legislator considered that a legitimate interest might exist, for example, if you are a customer of our company (Recital 47, Sentence 2 GDPR).

5. Data transfer to third parties

Your personal data will only be shared with third parties under the conditions outlined below. Any transfer beyond these purposes will not occur.

We may share your personal data with third parties if:

You have explicitly provided your consent in accordance with Article 6(1)(a) GDPR;

The transfer is necessary to protect our legitimate interests under Article 6(1)(f) GDPR, and there is no indication that your overriding interests or fundamental rights require the protection of your personal data;

The disclosure is required to comply with a legal obligation under Article 6(1)(c) GDPR; or

The transfer is legally permissible and necessary for the performance of a contract with you under Article 6(1)(b) GDPR.

As part of the data processing activities described in this Privacy Policy, personal data may be transferred to the United States. Companies in the United States are only deemed to have an adequate level of data protection if they are certified under the EU-US Data Privacy Framework, allowing the adequacy decision of the European Commission under Article 45 GDPR to apply. We explicitly identify such service providers in this Privacy Policy.

In all other cases, we have concluded data processing agreements based on the European Commission's Standard Contractual Clauses to protect your personal data. If the Standard Contractual Clauses are insufficient to ensure an adequate level of security, your consent pursuant to Article 49(1)(a) GDPR may serve as the legal basis for transfers to third countries. This does not apply to data transfers to countries for which the European Commission has issued an adequacy decision under Article 45 GDPR.

6. Technology

6.1 SSL/TLS Encryption

This website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the “https://” instead of “http://” in the address line of the browser and by the lock symbol in your browser line.

We use this technology to safeguard your transmitted data and ensure its security during communication.

6.2 Data collection during website visits

When you use our website for informational purposes only—meaning you do not register, provide information, or consent to processing activities requiring your explicit approval—we collect only the data that is technically necessary for the provision of the service. This data is typically transmitted by your browser to our server and stored in "server log files." Each time you or an automated system accesses our website, a range of general data and information is collected and stored in the server log files. This may include:

1. the types and versions of browsers used,

2. the operating system used by the accessing system,

3. the website from which the accessing system reaches our site (the "referrer"),

4. the subpages accessed on our website,

5. the date and time of access,

6. a truncated Internet Protocol (IP) address (anonymized), and

7. the Internet service provider of the accessing system.

When processing this general data and information, we do not draw any conclusions about your identity. Instead, this information is used to:

1. deliver the content of our website correctly,

2. optimize our website's content and advertising,

3. ensure the continuous functionality of our IT systems and the technology of our website, and

4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

These collected data and information are analyzed statistically and used to enhance data protection and security in our organization. This allows us to maintain an optimal level of protection for the personal data we process. The anonymized data in the server log files is stored separately from any personal data you may provide.

The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest stems from the purposes listed above.

6.3 Hosting by WordPress.com

We host our website using Wordpress.com, provided by Automattic Inc.

60 29th Street #343

San Francisco, CA 94110

United States of America

When you visit our website, your personal data is processed on Wordpress servers. The use of Wordpress is based on Article 6(1)(f) GDPR, as we have a legitimate interest in ensuring the most reliable presentation of our website.

This US-based company is certified under the EU-US Data Privacy Framework. This certification constitutes an adequacy decision under Article 45 GDPR, allowing the transfer of personal data without requiring additional guarantees or measures.

For more information on Wordpress's privacy practices, please visit:

https://automattic.com/privacy/

7. Cookies

7.1 General information about cookies

Cookies are small files that your browser automatically creates and that are stored on your IT system (such as a laptop, tablet, or smartphone) when you visit our website.

These cookies contain information that is related to the specific device you are using. However, this does not mean that we can directly identify you through this information.

7.2 Cookiebot (Consent Management Tool)

We use the consent management tool "Cookiebot" provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. This service enables us to collect and manage the consent of website visitors for data processing.

Cookiebot collects data generated by end users who use our website. When an end user provides consent via the cookie consent tool, the following data is automatically logged by Cookiebot:

1.the end user’s IP address in anonymized form (the last three digits are set to 0),

2. the date and time of the consent,

3. the user agent of the end user’s browser,

4. the URL from which the consent was submitted,

5. an anonymous, random, and encrypted key,

6. the end user’s consent status, which serves as proof of the consent.

The key and the consent status are also stored in the "CookieConsent" cookie in the end user’s browser. This allows the website to automatically recognize the user’s consent for all subsequent page requests and future sessions for up to 12 months. The key is used to verify that the consent status stored in the end user’s browser has not been altered compared to the original consent submitted to Usercentrics.

The functionality of the website cannot be guaranteed without this processing. The "CookieConsent" cookie set by Cookiebot is classified as necessary.

Usercentrics is the recipient of your personal data and acts as a data processor on our behalf.

For detailed information about the use of Cookiebot, please visit: https://www.cookiebot.com/de/privacy-policy/.

8. Content on our website

When you contact us (e.g., via contact form or email), personal data is collected. Which data we collect when a contact form is used can be seen from the respective form. This data is stored and used exclusively for the purpose of responding to your inquiry and for the technical administration associated with it. The legal basis for processing this data is our legitimate interest in responding to your inquiry, in accordance with Article 6(1)(f) GDPR. If your contact aims at the conclusion of a contract, an additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted once your inquiry has been fully resolved, provided no legal retention obligations prevent its deletion. This is the case when it can be inferred from the circumstances that the matter has been conclusively addressed.

9. Web Analysis

We use Google Analytics 4 (GA4) on our websites, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

In this context, pseudonymized user profiles are created, and cookies are used (see the "Cookies" section). Information generated by the cookie about your use of this website may include, but not limited to:

a temporary collection of the IP address without permanent storage
location data
browser type/version
operating system used
referrer URL (previously visited page)
time of the server request

The pseudonymized data may be transferred to and stored on a server in the USA by Google.

This information is used to evaluate website usage, compile reports on website activities, and provide other services related to website and internet usage for the purposes of market research and needs-based website design. This information may also be passed on to third parties if required by law or if third parties process this data on behalf of Google. These processing activities only occur with explicit consent under Article 6 (1) (a) GDPR.

The default data retention period set by Google is 14 months. Personal data is otherwise retained as long as necessary to fulfill the processing purpose. The data will be deleted once it is no longer required for this purpose.

The parent company Google LLC, a US-based company, is certified under the EU-US Data Privacy Framework. This certification constitutes an adequacy decision under Article 45 GDPR, allowing the transfer of personal data without additional guarantees or measures.

For more information on data protection when using GA4, please visit: https://support.google.com/analytics/answer/12017362?hl=de

10. Advertising

We have integrated Google Ads on this website. The service provider of Google Ads is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an online advertising service that allows advertisers to place ads both in Google’s search engine results and within the Google advertising network. Google Ads enables advertisers to define specific keywords in advance, ensuring that an ad is only displayed in Google’s search engine results if a user retrieves a keyword-relevant search result using the search engine. Within the Google advertising network, ads are distributed to topic-relevant websites through an automatic algorithm based on predefined keywords.

The purpose of Google Ads is to promote our website by displaying interest-relevant advertising on third-party websites and in Google search engine results, as well as to display third-party advertising on our website. If you reach our website via a Google ad, Google places a so-called conversion cookie on your device. A conversion cookie expires after 30 days and is not used to identify you. If the cookie has not yet expired, it tracks whether specific subpages, such as the shopping cart of an online store, were accessed on our website. Using the conversion cookie, both we and Google can determine whether a user who accessed our website via a Google Ads ad completed a purchase or abandoned the process.

The data and information collected through the use of the conversion cookie are used by Google to generate visit statistics for our website. We use these statistics to determine the total number of users who were referred to us via Ads, evaluate the success or failure of individual Ads, and optimize our Ads for the future. Neither our company nor other Google Ads advertisers receive information from Google that could identify you.

The conversion cookie stores personal information, such as the websites you visit. Each time you visit our website, personal data, including your IP address, is transmitted to Google in the United States. These personal data are stored by Google in the United States. Google may transfer these personal data collected via the technical process to third parties. These processing activities occur exclusively with your explicit consent in accordance with Article 6 (1) (a) GDPR.

You can find Google Ads’ privacy policy and additional information at: https://www.google.de/intl/de/policies/privacy/

11. Google Tag Manager

We use Google Tag Manager on this website. The service provider of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies, headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool allows "website tags" (i.e., keywords embedded in HTML elements) to be implemented and managed via an interface. By using Google Tag Manager, we can automatically track which button, link, or personalized image you actively clicked on and can record which content on our website is of particular interest to you.

The tool also triggers other tags, which may in turn collect data. Google Tag Manager does not access this data. If you have disabled tracking at the domain or cookie level, this setting will remain effective for all tracking tags implemented via Google Tag Manager. These processing activities are carried out exclusively upon the granting of explicit consent in accordance with Article 6(1)(a) GDPR.

The parent company, Google LLC, is certified as a U.S. company under the EU-US Data Privacy Framework. Accordingly, there is an adequacy decision pursuant to Article 45 GDPR, allowing the transfer of personal data without further guarantees or additional measures.

For more information about Google Tag Manager and Google's privacy policy, please visit: https://www.google.com/intl/de/policies/privacy/.

13. Your Rights as a Data Subject

13.1 Right to Confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

13.2 Right to Access (Art. 15 GDPR)

You have the right to receive information from us at any time free of charge about the personal data stored about you and a copy of this data in accordance with the statutory provisions.

13.3 Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data concerning you. Additionally, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

13.4 Right to Erasure (Art. 17 GDPR)

You have the right to demand that we delete personal data concerning you without undue delay, provided that one of the legally stipulated reasons applies and processing or storage is not required.

13.5 Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing from us if one of the legal conditions applies.

13.6 Right to Data Portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent under Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract under Art. 6(1)(b) GDPR and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. Furthermore, when exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and where this does not adversely affect the rights and freedoms of others.

13.7 Objection (Art. 21 GDPR)

YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU THAT IS BASED ON ARTICLE 6(1)(E) (DATA PROCESSING IN THE PUBLIC INTEREST) OR ARTICLE 6(1)(F) (DATA PROCESSING BASED ON A BALANCING OF INTERESTS) OF THE GDPR.

THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS AS DEFINED IN ARTICLE 4(4) GDPR.

IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR UNLESS THE PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IN INDIVIDUAL CASES, WE PROCESS PERSONAL DATA FOR DIRECT MARKETING PURPOSES. YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA FOR SUCH MARKETING PURPOSES. THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT TO THE PROCESSING FOR DIRECT MARKETING PURPOSES, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA FOR THESE PURPOSES.

FURTHERMORE, YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SCIENTIFIC OR HISTORICAL RESEARCH PURPOSES OR FOR STATISTICAL PURPOSES PURSUANT TO ARTICLE 89(1) OF THE GDPR, UNLESS THE PROCESSING IS NECESSARY FOR THE PERFORMANCE OF A TASK CARRIED OUT FOR REASONS OF PUBLIC INTEREST.

YOU ARE ALSO FREE TO EXERCISE YOUR RIGHT TO OBJECT IN CONNECTION WITH THE USE OF INFORMATION SOCIETY SERVICES, NOTWITHSTANDING DIRECTIVE 2002/58/EC, BY MEANS OF AUTOMATED PROCEDURES THAT USE TECHNICAL SPECIFICATIONS.

13.8 Withdrawal of consent for data processing

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

13.9 Complaint to a supervisory authority

You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of your personal data.

14. Validity and changes to the privacy policy

This privacy information is currently valid as of January 2025

Due to the further development of our websites and services or because of changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The most up-to-date privacy information can always be accessed and printed from the website at: https://pviridis.com/privacy-policy

Privacy Policy

COMPANY INFO