Privacy Policy


The objective of the present data processing information is to give particulars on the activities and practice of Pullit! Kft. (“Pullit!”) as data controller regarding to data processing and data management, based on the Regulation No. 2016/679 (“Regulation”) of the European Parliament and of the Council.

With the present data processing information Pullit! Kft. fulfils its obligations to provide prior information as laid down in the Act CXII of 2011 on informational self-determination and freedom of information (“InfoAct”).

  1. Data Controller

Name: Pullit! Kft. (‘data controller’)

Registered seat: 1212 Budapest, Lőcsei utca 19, Hungary



Company registry number: 01-09-736635

Tax number: 13465904-2-43

Managing director: Mr. Rüdiger Happe

Pullit! Kft. as ’data controller’ and ’data processor’ according to the Act CXII of 2011, expresses its consent to the privacy policy herewith and its principles and provisions to be bound. Pullit! Kft. agrees to respect the fundamental rights and freedoms of natural persons concerned (as data subjects), in particular, those concerning of personal data protection and commit themselves that all data controlling and processing during their services provided are in line with the provisions of the present privacy policy and the relevant legislation.

  1. Terms & definitions

Definitions used in the present Privacy Policy have the meanings as follows in compliance with Article 3 of the InfoAct, as well as Article 4 of the Regulation:

Data subject: shall mean any natural person, who may be identified directly or indirectly based on any definite, personal data (InfoAct, Article 3, (1)) ; a natural person is defined to be identified, if directly or indirectly, it may be identified based on one or more factors regarding identity, in particular an identifying personal data (Regulation, Article 4. (1))

Personal data: shall mean any information relating to an identified or identifiable natural person (‘data subject’) an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (InfoAct Article 3 (2), Regulation, Article 4 (1))

Data controller: shall mean a natural or legal person, or an entity without a legal personality, which alone or jointly with others determines the purposes and means of the processing of personal data; reaches decisions regarding data processing (including the tool used) and implements them, or ensures the implementation by a data processor appointed by him; (InfoAct Article 3 (9), Regulation, Article 4 (7))

Data controlling: shall mean any operation or a set of operations, irrespective of the procedure applied, in particular: any collection, recording, classification, systematisation, storage, adaptation or alteration, use, consultation, consultation by transmission, disclosure, alignment, combination, restriction, blocking, erasure or destruction, as well as preventing  further use of the data, taking photos, making voice or visual recordings, just as any recording of identifying physical characteristics (e.g. finger–, or palmprints, DNA-profile, iris characteristics) (InfoAct Article 3 (10), Regulation, Article 4 (2))

Data processing: shall mean operations related to the technical tasks of data processing, irrespective of the method and tools applied for the implementation of the operations, as well as the place of application, provided, that the technical task is being carried out on the data; (InfoAct Article 3 (17))

Data processor: shall mean a natural or legal person, or an entity without a legal personality, a public authority, agency or any such body processing data based on a valid contract with the data controller, including a contract in compliance with the provisions of law; controls personal data on behalf of the data controller; InfoAct Article 3 (18), Regulation, Article 4 (8).

Third party: shall mean a natural or legal person, or an entity without a legal personality who or which is not identical with the data subject, the data controller or the data processor (InfoAct Article 3, (22)) or those persons who have the authorisation to control personal data, under the direct management of the data controller or the data processor (Regulation, Article 4 (10));

Consent of the data subject: shall mean a freely given and explicit statement on the wishes of the data subject, which is based on appropriate information provided to them and by which it gives its unambiguous consent to the control of its personal data – unlimited or limited to certain operations;

Data transmission: shall mean making the data available to a defined third party (InfoAct Article 3 (11));

Erasure of data: shall mean making data unrecognisable in a way that their restoration may not be possible any longer (InfoAct Article 3 (13));

Statement of objection: shall mean a statement from the data subject to claim the processing of its data, and may demand the suspension or termination of the data processing or erasure of its data processed (InfoAct Article 3 (8));

Privacy incident: shall mean a security breach may resulting in accidental or illegal annulment, lost, change or unauthorized disclosure of to the transmitted, stored or in other ways processed data or facilitates an unauthorized access to them.

  1. Activities related to the data processing
    • Cookies

The Controller is using cookies at the website. Cookies are small text files of information stored by your browser on the hard drive of your computer. Cookies allow web applications to adjust their operation to your preferences and to learn more about your likes and dislikes, by collecting and storing preference-related information.

The policy on the use of cookies is available here:

Purpose of data processing: To improve the quality of the Controller’s services; to develop the website content according to the visitors’ needs

Legal basis of data processing: The explicit consent granted in terms of the use of cookies.

Duration of data processing: Until the cookies are deleted by the Data Subject

Erasure or modification of data: Most browsers allow you to view the active cookies on your computer and you may delete them, furthermore you can block the cookies of a specific website or all of the websites. You have the option to set your browser so that it will reject the cookies or warn you when cookies are sent to your device.

  • Purchasing and registration

Upon registration and a purchase orders Pullit! only requires data from its Customers being strictly necessary for the purchase order transaction, delivery or its reproduction. These data may be handled in accordance with this Privacy Policy. With the registration resp. finalisation of a purchase order the Customer agrees to the processing of its personal data up to an extent necessary in order to fulfil the contract (arising from a purchase order sent to Pullit!), billing and delivery.

Processed personal data: Surname and first name, country, telephone number, e-mail, billing address, delivery address

Purpose of data processing: To comply with the obligation to provide/issue invoices; To exercise and perform the rights and obligations arising from the contract concluded with the Data Subject

Legal basis of data processing: Legitimate interest, mandatory data processing required pursuant to the tax regulations (statutory legal provision)

Duration of data processing: Obligation of retention according to the tax laws: 10 tax years; the period of time required for achievement of the purpose of data processing

Erasure or modification of data: The Data Subject can ask for information about the processed data and may request rectification of such data.

Payment takes place at SIX Payment Services’ website. Controller shall not receive any information about the data content of the SIX Payment Services payment site (i.e. the data of the respective bank or credit card) since the payment site is a completely secure and protected Internet site, independent from the Controller.

For more information please visit:,

  • Newsletter

If the Customer had given its consent upon registration, Pullit! Kft. is entitled to send a newsletter and to ensure the unsubscription of it – in line with the InfoAct.

Processed personal data: Surname and first name, e-mail address

Purpose of data processing: Provision of information to the persons subscribing to the newsletter about the Controller’s activities, services, different news.

Legal basis of data processing: The data subject’s voluntary consent

Duration of data processing: Until withdrawal of the consent granted for the sending of newsletters, but maximum for the period of time required for achievement of the processing purpose.

  1. Google Analytics
    This website uses Google Analytics, a web analytics service from Google LLC (“Google”). Google Analytics uses “cookies”, which are text files that are stored on your computer and that allow your use of the website to be analyzed. The information generated by the cookie about your use of this website is transmitted to and stored by Google on servers in the U.S. If IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the U.S. and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide the website operator with other services relating to website activity and Internet usage. The IP address transmitted by your browser in the context of Google Analytics will not be combined with other Google data. You can prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that if you choose to do this you may not be able to use all of the features of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie relating to your use of the website (including your IP address), and prevent Google from processing this data, by downloading the browser plug-in available at the following link ( As an alternative to installing the browser plug-in, or when using browsers on mobile devices, you can also prevent Google Analytics from collecting your data by clicking on the following link. Clicking on the link sets an opt-out cookie that prevents your data from being collected when you visit this website in the future:

    Deactivate Google Analytics
    An opt-out cookie will be stored on your device. If you clear your cookies, you will have to click this link again.

    For more information on the terms of use and data protection, see or We would also like to point out that Google Analytics has been tweaked on this website using the code “gat._anonymizeIp();”, which ensures that IP addresses are collected anonymously (this is known as “IP masking”).
    Data processing takes place on the basis of Art. 6 (1) (f) GDPR. We have a legitimate interest in analyzing the use of our website for optimization purposes.

  2. Google Tag Manager
    This website uses Google Tag Manager, a tag management system from Google LLC (“Google”). Google Tag Manager does not collect any personal data. The Tag Manager makes it easier to integrate and manage certain tags. Tags are small code elements that are used for various reasons, including to measure traffic and visitor behavior, to record the impact of online advertising and social media channels, to set up re-marketing and targeting, and to test and optimize websites. If you have deactivated this feature, this deactivation will be taken into account by Google Tag Manager. For more information on Google Tag Manager, please see:


  1. Google Ads
    On the basis of your consent (Art. 6 (1) (a) GDPR), we integrate the marketing and remarketing service Google Ads into our website. This service is also operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. You may revoke your consent to this at any time with future effect. To do so, simply use one of the listed opt-out options. Google is directly responsible for parts of the data processing.

    We can use Google Ads to target advertisements for our website in Google Search. Google Ads allows us to set certain keywords. An ad in Google’s search engine results will only be displayed if you use the search engine to retrieve a keyword-relevant search result. The ads are distributed to topically related websites in the Google advertising network using an automatic algorithm while taking into account the previously defined keywords. If you click on a Google Ads ad and are redirected to our website, Google will place a remarketing tag and a conversion cookie on your device. This can be a cookie or a similar technology. If you then visit another website from the AdWords advertising network, this remarketing tag, will be read and, for example, you will receive a corresponding advertising message. The conversion cookie allows us to determine how many users are performing a certain action in relation to one of our ads.

    This data is processed pseudonymously in connection with Google AdWords. This means that Google does not save and process your name or your e-mail address, for example. Rather, it processes the relevant cookie-related data as part of pseudonymous user profiles. These profiles cannot be directly associated with you. This means that neither we nor Google know who you are. The ads are shown to the holder of a specific cookie ID, rather than a specific person.

    The information collected in the context of Google AdWords is transmitted to Google and stored on Google’s servers in the U.S. Google is certified under the Privacy Shield Agreement. This agreement ensures that a level of data protection comparable to that of the GDPR is observed ( You can find additional information and the applicable Google data protection provisions at

    You can prevent our website from storing cookies on your end device at any time in your browser settings. This also prevents cookies associated with Google AdWords from being stored on your end device. You can delete cookies that are already stored on your end device.

    You can also prevent interest-based advertising from Google. You can configure your desired settings at Finally, you can also configure a corresponding opt-out cookie at!/.

  2. Policy on processing data and data transmission

Data processors are as per the present Privacy Policy:

  1. Website operator, webhosting, system administrator, data storage:

LuniX Informatikai Szolgáltató és Kereskedelmi Kft.

Registered seat: 1183 Budapest, Szemere Miklós utca 7.


  1. Payment Services

SIX Payment Services

Registered Seat: Hardturmstrasse 201, 8021 Zurich,Switzerland

E-Mail:      For SIX Payment Services Ltd:

For SIX Payment Services (Europe) S.A.:

Data controller shall pay attention to data protection of its Customers and partners and to respect their rights to informational self-determination. Therefore, it guarantees to handle any obtained personal data confidentially and shall endeavour to make every effort to ensure safety of these data.

Objective of the data control: the data processor/controller and the operating parties solely process the data of the data subject in connection with the purchase or to deliver them and fulfil related legal obligations.

Data to be processed: The data of the Customer provided at, such as name, address, e-mail, delivery address, phone number, classified password. On the invoice there will be stated the name and address of the data subject. Electronic invoice may only be sent to the e-mail address provided by the Customer, or will be given to them upon personal pickup, or in case of a delivery, sent in closed packaging.

The data obtained upon registration, purchase order or e-mail request/upon placing an order are confidential and will be used and managed by the data controller and the data processor for the purpose of fulfilling purchase orders.

Data subject shall be responsible for the veracity of the data provided, these shall not infringe any personal or other rights of third parties.

The Customer accepts the principles set out in the Privacy Policy at the time of the registration on the website and when ordering without registration, as well as through e-mail contacting and placing a purchase order and takes note of the following:

  • Data is provided on a voluntary basis (newsletter) or mandatory (invoicing, placing an order). The Customer gives its consent to the data processing by registering on the website or subscribing to newsletter and giving its personal data mandatory in order to place a purchase order.
  • Processing of the data is being carried out by the data controller and the data processor.
  • Data controller may use the personal data of the data subject free of charge in order to fulfil the purchase orders and for its documentation.
  • Pullit! Kft. as data controller offers the Customers the possibility to store their data for the next purchase order so that they would not have to be provided every single time again. If the Customer does not avail itself of this opportunity, it might initiate the complete deletion of its data after having placed its purchase order.
  • The date controller transmits the personal data provided in relation to the given purchase order to its contracted logistics partners, who in this respect also qualify as data processors. Transmission of the personal data is aiming the fulfilment of the delivery of the purchase order.
  1. Data storage and access

Data retention period: if a purchase order was placed through the website, the personal data may be processed up to one year, or until the withdrawal of consent of the data subject. Pullit! offers guarantee for its products for one year. In order to apply guarantee and the potential reproduction of the product we store the data related to the purchase order and to the Customer, as well as parameters of the product.

In case of individual purchase orders, where the demand of the Customer is different from the products to be designed under “custom items – design your own” at the website, the purchase order and therefore the product may be linked to the Customer (and to its personal data) in order to enable reproduction and may be stored until the withdrawal of consent by the data subject.

Excluded of the foregoing are the data of the accounting documents, which may be stored in compliance with national law.

  1. Rights of the Data subject

Pullit! Kft. guarantees that the data management follows the legal requirements in force. The rights of the data subject concerning the data management and the rules of judicial remedies are being stated in the Act CXII of 2011 on informational self-determination and freedom of information (‘InfoAct’) and Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Based on the legislations above the Customer may request the rectification of its personal data, restriction of the data processing, deletion of the data processed, or further supply of information on the data processing. It may oppose to third parties’ interest in processing its personal data (e.g. surveys).

Data subject is entitled to receive the personal data related to it in a typed, legible form, and to transmit those data to another data controller or processor, if the data management is being carried out on a consent and in an automated way.

If the Customer wishes to delete or amend its data in the database, it may express its intention at any times, without any restriction or justification, free of charge at or by sending a postal item to the data controller, in both cases with the subject indicated “Modification of processing personal data”.

Customer accepts and acknowledges that deletion of its personal data does not automatically mean the deletion of the purchase order already placed. In regard to the withdrawal from the order there shall be Clause 8 of the GTC (General Terms and Conditions) indicative.

Customer has the right to object the processing of its personal data. Data controller shall examine this request within the shortest time possible, but maximum within 25 days, shall take a decision on its reasonable justification and inform the petitioner about its decision in a written form.


The right of the data subject to legal remedy: In case the data subject does not agree with the decision taken by the data controller, it may be going to court within 30 days after the communication.

Legal remedies or complaints may be filed with the National Agency for Data Protection:

Name: National Agency for Data Protection


Postal address: 1530 Budapest, Pf.: 5.

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Phone number: +36 (1) 391-1400


Any privacy incident shall be reported to the responsible authorities (National Agency for Data Protection) without an unreasonable delay – within 72 hours – unless the incident is unlikely to risk any rights of natural persons. Should the incident be likely to carry high risks in regard to the rights and freedoms of natural persons, data controller shall inform the data subject about the incident without undue delay.

  1. Other provisions

Our privacy policy is available at the website in English language.

The Controller’s pages contains weblinks or hyperlinks pointing to pages operated by other service providers (such as Facebook and Instagram) where the Controller has no influence over the processing of personal data, therefore the Controller does not assume any liability for the data processing or data transmission actions or personality right related procedures executed by these pages.

The present privacy policy of the data controller enters into force on 1 July 2020. Data controller reserves the right to change the content of the present policy, which then shall be published on the website managed by him with immediate effect, so that the parties involved are being informed about this amendment through the disclosure on the website of the provider (under “Privacy Policy”).

Budapest, 1 July 2020

Nach oben scrollen