0 Ft


Cart empty



  • This Privacy Statement shall set down the data protection and data processing principles and policies as applied by GARUDA TRADE Kereskedelmi, Ipari és Szolgáltató Korlátolt Felelősségű Társaság (registered seat: 1055 Budapest, Balaton utca 22-24. VI. em. 3.; company reg. no.: 01-09-074713; represented by Berényi Ágnes Judit managing director; hereinafter referred to as: „COMPANY” or „CONTROLLER”), to express consent by the Company as Controller to be bound by that principles and policies.

  • This Privacy Statement includes the principles applied when processing personal data as supplied on a voluntary basis by the Users on the Website for the purpose of receiving certain services from the Company.

  • When drawing up this Privacy Statement, special attention was paid to the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: „GENERAL DATA PROTECTION REGULATION” or „GDPR”), to the Act CXII of 2011 on the right of informational self-determination and on freedom of information (hereinafter referred to as: „INFOTV”) as well as to the Act V of 2013 on the Civil Code (hereinafter referred to as „PTK”).

  • Unless otherwise stated, this Privacy Statement does not apply to services and data processing activities relating to promotions, services, campaigns or published contents of third parties (other than the Controller) who are publishing advertisements, games or appearing otherwise on the Website as referred to further below in this Privacy Statement.

  • Unless otherwise stated, this Privacy Statement does not apply to services and processing activities of websites and providers that can be accessed by clicking links placed on the Website as defined under this Privacy Statement. To this end, the privacy policy issued by the service provider or website operator shall be applicable, the Controller does not accept any liability for such data processing activities.


  • Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • Controller: a person which, alone or jointly with others, determines the purposes and means of the processing of personal data.

  • Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  • Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

  • Data processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. In connection with the services difened in theis Privací Statement Data Processorrs may be:
    • Magyar Posta Zártkörűen Működő Részvénytársaság
      • Budapest,
      • Dunavirág utca 2-6.
      • 1138
    • GLS General Logistics Systems Hzngary Parcel Logistics Company Limited
      • Alsónémedi
      • GLS Európa u. 2.
      • 2351
    • Budapest Credit and Development Bank Private Company Limited by Shares
      • Budapest
      • Váci út 193.
      • 1138

  • Website: the website garuda.hu operated by the Controller.

  • Service(s): the services operated and offered by the Controller available on the Website.

  • User(s): natural person(s) registered for Services and supplying their personal data as listed below for this purpose.

  • Privacy Statement: the Privacy Statement at hand, issued by the Controller.


  • The IP-addresses of Users visiting the Website are automatically recorded in Controller’s system.

  • Upon Users’ decision, the Controller may have the right to process following data related to the use of certain Services available on the Website:

  • Registration:
    • e-mail address;
    • phone number;
    • name;
    • user name;
    • password;
    • address;
    • delivery address, if differs from the billing address.

  • Subscription to newsletters: e-mail address.

  • Contacting:
    If a User sends a message to the Controller per e-mail (e.g. using message or reader’s letter), the Controller records the User's e-mail address. Such information shall be processed by the Controller to the extent and for the duration necessary for the provision of Services.

  • Recruiting:
    The Controller provides the Users the opportunity to sign up for published job advertisements on the Website by submitting their resume. In this case, the Controller processes the User's e-mail address and the personal date given in the resume.

  • Regardless of the above, providers technically involved in the operation of Services may perform data processing activities on the Website without informing the Controller thereof. Such activities are not to be considered as data processing performed by the Controller. The Controller shall make every effort to prevent and to detect that kind of processing activities.


  • As a customization function, the Controller may set small data files („cookies”) on the computer of the User. Cookies are applied to ensure operation of the given website at the highest possible quality level, customization of the provided services and improvement of user experience. Users are able to erase cookies from their computer or configure their browser to prevent cookies. The User declares to be aware of that preventing cookies may cause incomplete operation of the given website.

  • The Controller processes the following Personal Data by using cookies during providing the Services: demographic data (based on the above data), and interest information, habits, preferences (based on browsing history).
  • Data recorded by technical means while operating the systems include data of the computer the User has logged on to, data generated while using the Service and recorded in the Controller’s system as a result of automated technical processes. In the absence of a specific statement or conduct by the User, automatically recorded information shall be logged by the system every time the User logs in or out respectively.


  • Purpose of processing activities performed by the Controller:
    • Registration:
      • fulfilment of services;
      • other services related to the operation of other webshop;
      • preparation statistics, analyses;
      • direct communication for business or marketing purposes (e.g. newsletters, event notification, etc.);
      • protection of Users rights;
      • enforcement of Controller’s legitimate interests.
    • Subscription to newsletters:
      • delivery of online content;
      • contact with the User;
      • fulfilment of services;
      • preparation statistics, analyses;
      • direct communication for business or marketing purposes (e.g. newsletters, etc.);
      • protection of Users rights;
      • enforcement of Controller’s legitimate interests.
    • Contacting:
      • contact with the User;
      • fulfilment of services;
      • handling and processing specific requests made by Users;
      • preparation statistics, analyses;
      • protection of Users rights;
      • enforcement of Controller’s legitimate interests.
    • Recruiting:
      contact with candidate;
      • protection of Users rights;
      • enforcement of Controller’s legitimate interests.

  • The Controller is not allowed to use the supplied personal data for purposes other than set out above.

  • Processing activities are based on an informed, voluntary statement made by Users, including express consent to the use of personal data supplied by them when visiting the Website or in an explicit message, as well as of personal data generated of them. In case of processing upon consent, the User shall have the right to withdraw his or her consent at any time. The withdrawal of consent, however, shall not affect the lawfulness of processing based on consent before its withdrawal. 

  • Every time when a User logs in to the Website, his or her IP-address will be recorded by the Controller for the provision of Services, to protect Controller’s legitimate interests and to ensure lawful provision of Services (e.g. in order to detect unlawful use or unlawful content), even without prior consent of the User.

  • The User warrants to have legally obtained prior consent from other natural persons, whose personal data were supplied or made available by him or her during the use of Services.

  • The User shall be responsible for all user’s contents provided by him or her. By supplying the e-mail address and any information subject to registrationg, User warrants that from the supplied e-mail address or using other data provided by the User, the Services are used solely by him or her. Accordingly, any liability relating to the use of Services from a given e-mail address and / or using previously provided data shall be borne exclusively by the User who has registered the e-mail address or provided the data.


  • The Controller shall process personal data according to the principles of good faith, fairness and transparency, in compliance with law and with this Privacy Statement.

  • Personal data that are indispensably necessary to use the Services shall be processed by the Controller upon consent of the User and used only in a purpose-bound manner.

  • The Controller shall process personal data only for the purposes as specified in this Privacy Statement or in the relevant legislation. The scope of processed personal data must be proportionate to the purpose of data processing and must not go beyond it. Every time when the Controller is going to use personal data for purposes other than initially specified, the Controller shall inform the User accordingly, obtain User’s explicit prior content and give him or her the opportunity to prohibit the use of that data.

  • The Controller does not check the personal data supplied. The responsibility for the correctness of such personal data lies solely with the person who provides that data. Nevertheless, the Controller shall take all reasonable steps to immediately erase or rectify all personal data that are inaccurate for processing purposes.

  • Processing personal data of data subjects below the age of 16 years shall be lawful only if consent is given by the adult holder of parental responsibility over the child. The Controller is not able to check the authority of that person to give consent or the content of his or her statement. The User or the person exercising parental control over the User shall warrant that the given consent complies with law. In the absence of consent, the Controller is not allowed to collect personal data related to data subjects below the age of 16 years – with the exception of the IP-address used for accessing the Services, which, given the nature of Internet services, shall be recorded automatically.

  • The Controller is not allowed to disclose to third parties any personal data processed under this Privacy Statement – except for the Processors defined in present Privacy Statement.

  • As an exception to the above, the data can be used in aggregated form for statistical purposes. Such data must not include any information suitable for the identification of the User as data subject, therefore the use thereof for statistical purposes does not constitute a data processing or transmission.

  • The Controller shall notify the User and anybody to whom the personal data was transferred to of any rectification, restriction or erasure of personal data processed by Controller. A notification may be omitted if it does not hurt the legitimate interests of the User.

  • To ensure security of the personal data, the Controller must implement adequate safeguards, appropriate technical and organisational measures and adequate procedural rules to protect the recorded, stored and processed data, including protection against accidental loss, unlawful destruction, unauthorised access, unauthorised use, unauthorised amendment and unauthorised dissemination thereof. The Controller shall oblige all third parties to whom Personal Data have been transferred to comply with this obligation.

  • Under the relevant provisions of GDPR, the Controller is not obliged to appoint a data protection officer.


  • Automatically recorded IP addresses are stored by the Controller for up to 7 days of the recording.

  • In case of e-mails sent by the User for contacting purposes only, the Controller shall erase the e-mail address within 90 days of closing the case referred to in the mail, with the exception of individual cases, where the Controller has a legitimate interest in further processing of personal data, until such legitimate interest of the Controller ceases to exist.

  • Personal data supplied by the User shall be subject to processing activities until the User unsubscribes from the Service, requests the erasure of personal data, withdraws his or her consent, or the Controller stops providing that Service. In latter cases, the personal data shall be erased from the Controller's system.

  • The right of User to use the Service remains unaffected by a User’s request to stop processing his or her data without unsubscribing from the Service. However, in the absence of personal data, Services may not be fully available.

  • If a User has supplied unlawful or misleading personal data, has committed a criminal offence or a system violation, the Controller shall have the right to immediately erase the personal data of that User. However, if there are indications of a criminal offense or of a violation of the Civil Code, the Controller shall have the right to retain that personal data for the duration of the proceedings to be conducted.

  • If courts or authorities make a final decision ordering the erasure of personal data, the Controller shall erase the data accordingly.


  • The User shall have the right to obtain from the Controller confirmation as to whether or not his or her personal data are being processed, and, where that is the case, access to the personal data, particularly to the information as listed below:
    • the purposes of the processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    • the existence of the User’ right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data or to object to such processing;
    • the right to lodge a complaint with a supervisory authority;
    • where the personal data are not collected from the data subject, any available information as to their source;
    • the existence of automated decision-making, including profiling and, at least in those cases, meaningful information about the logic involved, as well as about the significance and the envisaged consequences of such processing for the data subject.
  • Users may request the Controller anytime – by sending a registered letter with acknowledgment of receipt to Controller’s address or an e-mail This email address is being protected from spambots. You need JavaScript enabled to view it. – to provide information about processing their personal data.

  • Information requests via post mails shall be deemed authentic by the Controller, if the User can clearly be identified based on that request. Information requests via e-mails shall be deemed authentic by the Controller, if sent from the e-mail box as supplied previously by the User.

  • Users shall have the right to have rectified or amended their personal data processed by the Controller.

  • Regarding the purpose of processing, Users shall have the right to have completed their incomplete personal data.

  • Personal data supplied by Users relating to use of Services can be amended by sending an e-mail request to Controller’s e-mail address as stated above, or by modifying the user interface settings. Once the request to amend personal data has been satisfied, the old (erased) data can not be restored anymore.

  • Users shall have the right to have erased their personal data processed by the Controller. The request may be refused,
    • if the Controller is authorised by law to process personal data; and
    • processing is necessary for establishment, exercise or defence of legal claims.

  • The Controller shall notify the User of any refusal of erasure requests, including the reasons for refusal. Once the request to erase personal data has been satisfied, the old (erased) data can not be restored anymore.
  • Users can opt-out of Controller’s newsletters by clicking the unsubscribe link included in that newsletters. Upon unsubscription, the Controller shall erase in its database the personal data of the User.

  • The User shall have the right to obtain from the Controller restriction of processing if one of the following applies:
    • the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of that personal data;
    • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
    • the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
    • the data subject has objected to processing, pending the verification whether the legitimate grounds of the Controller override those of the data subject.

  • The User shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and/or to transmit those data to another controller.

  • Users shall have the right to object to the processing of their personal data, if
    • processing is carried out solely for the purpose of fulfilling the Controller’s legal obligations or for enforcing the rights and legitimate interests of the Controller or of a third party;
    • personal data are being processed for the purposes of direct marketing, public opinion polling or scientific research; or
    • data are processed for the purposes of carrying out tasks in the public interest.

The Controller shall investigate the cause of objection. If, according to the findings of the Controller, the objection is justified, the Controller shall terminate all processing activities, block the personal data involved and notify all recipients to whom any of these personal data had previously been transferred of the objection and of the ensuing measures taken by the Controller.


  • If a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Controller shall communicate the personal data breach to the User without undue delay. The communication to the User shall not be required if any of the following conditions are met:
    • the Controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those – such as encryption – that render the personal data unintelligible to any person who is not authorised to access that data;

    • the Controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialise;
    • the communication of data breach would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure taken by the Controller whereby the data subjects are informed in an equally effective manner.


  • The Controller uses the above detailed Processors for performing its services.


  • The Processors shall not make individual decisions, they may only process the personal data in accordance with the agreement concluded with the Controller and with the instructions of the Controller.
  • The Controller controls the performance of the Processors.

  • The Processors may only use sub-processor with the prior written consent of the Controller.


  • The transfer of the personal data to the Processors defined in this Privacy Statement may be realized without the prior specific consent of the User as the User gave his or her consent by accepting this Privacy Statement. Any disclosure of personal data to third parties or to authorities – unless otherwise required by law – is only allowed on the basis of authorities’ decisions or upon explicit prior consent of User.


  • The Controller shall have the right and be obliged to transfer to the competent authorities personal data available to and stored by the Controller in a lawful manner, if required to do so by law or by final decisions of authorities. The Controller can not be hold responsible for such data transfer or for resulting consequences.

  • The Controller shall keep data transfer records for the purpose of checking the lawfulness of data transfer and of ensuring its proper communication to the User.


  • The Controller reserves the right to make amendments to this Privacy Statement at any time by unilateral decision.

  • By entering the Website next time, the User accepts the provisions of this Privacy Statement as may be amended from time to time. Obtaining any additional consent from the User is not required. The Controller shall inform the Users on the change of the Privacy Statement upon the next entry into the Webpage.




  • The staff of the Controller can be contacted via e-mail with any questions or concerns to data processing: This email address is being protected from spambots. You need JavaScript enabled to view it..

  • Users may lodge a privacy complaint directly with the National Authority for Data Protectionand Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: 36-1-391-1400; e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it. web: www.naih.hu).

  • In case of infringement of their rights, Users may bring the matter before a court, which will then have jurisdiction. The case – at the option of the data subject – may be brought before the tribunal in whose jurisdiction the data subject’s permanent or temporary residence is located. Upon request, the Controller shall inform the User of the possibilities and means for seeking legal remedy.


Budapest, 26 January, 2021

Let's keep in touch
Garuda Ayurveda

Garuda Trade Kft.

  • This email address is being protected from spambots. You need JavaScript enabled to view it.
© Garuda Trade Kft.
Site by Meraki.