tokaj - A Taste full of Secrets

“Tokaj-Hétszőlő” Viticulture and Enology Private Limited Liability Company DATA MANAGEMENT INFORMATION


This Privacy Policy describes the personal information that is collected, created (managed) when you use the website (the “Website”). The Policy also describes how you use, share and protect your personal information, what choices you have about your personal information, and how you can contact us.


The “Tokaj-Hétszőlő” Viticulture and Wine Private Limited Company always ensures the legality and expediency of the data processing with regard to the personal data managed by it. The purpose of this prospectus is to enable customers and individuals using the services of our company to receive adequate information about the conditions and guarantees for which our company handles their data before providing their personal data. Our company adheres to the contents of this information in all cases involving the processing of personal data, and we consider the information described here to be mandatory for us.

However, we reserve the right to change the contents of this unilateral disclaimer, in which case we will inform those concerned in advance. If you have any questions about the contents of this leaflet, please write to us. The data processing of our company’s activities is based on voluntary consent, and in certain cases the data processing is based on a legal obligation, a contract, the reasons necessary to take steps at the request of the data subject before concluding the contract, and the data controller’s legitimate interest.

Our data processing complies with the relevant legislation, in particular the following:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation, hereinafter “GDPR”)
  • Act CXII of 2011 on the right to information self-determination and freedom of information. Act (“Act”)

Who is responsible for handling your personal data?

Responsible for the processing of your personal data:

Name: Tokaj-Hétszőlő Zrt

Headquarters: 3910 Tokaj Bajcsy-Zsilinszky utca 19-21

Phone: 47 / 352-009


VAT number: 10704444-2-05

Company registration number: 05-10-000063

  • “personal data” means any information relating to an identified or identifiable natural person (“data subject”); identifies a natural person who, directly or indirectly, in particular by reference to an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identified
  • “data management” means any operation or set of operations on personal data or files, whether automated or non-automated, such as collection, recording, systematisation, segmentation, storage, transformation or alteration, retrieval, consultation, use, communication, transmission or other communication. harmonization or interconnection, restriction, deletion or destruction
  • “controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law
  • “processor” means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller
  • “recipient” means a natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. Public authorities that may have access to personal data in the framework of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing
  • “data subject’s consent” means the voluntary, specific and duly informed and unambiguous expression of the data subject’s consent, by means of a statement or unequivocal statement of consent, to consent to the processing of personal data concerning him or her
  • “data protection incident” means a security breach in which personal data transmitted, stored or otherwise handled are accidentally or unlawfully destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to

WHAT personal data do we collect and WHEN will it be collected?

In order to provide the services you have requested, we ask you to provide certain personal information. Such personal data includes:

  • contact details, including your name, email address, telephone number, and shipping or billing address
  • personal data, including data on previous purchases of gender
  • custom settings, including your wish list, settings for marketing messages and cookies.

For more information on the above processes, see the Cookies and Web Tags (Pixel Tags) section of this Privacy Policy below. Such data are as follows:

Cookies, IP addresses, referrer headers, data identifying your browser and its version, and web beacons and tags.

Personal data on CHILDREN

We comply with local laws and do not allow children to register on our website unless they have reached the legal age limit in their country of residence.

It is important to emphasize that this age is 18 years in Hungary. In the case of a child under the age of 18, the processing of children’s personal data is lawful only if and to the extent that the consent has been given or authorized by the person exercising parental supervision over the child.

Therefore, we ask for parental consent for children participating in our programs and events.

We are not in a position to check the consent of the consenting person or to get acquainted with the content of the statement of the legal representative, so the Data Subject or his / her legal representative guarantees that the consent complies with the law. We consider the appropriate consent of the legal representative to be given when using the service.

TOOLS used to manage the personal data collected

When you use our website, your browser or mobile device platform provides you with additional tools to control when your device collects or shares certain categories of personal information. For example, your mobile device or browser may provide tools that allow you to control the use of cookies or location sharing. We recommend that you familiarize yourself with and use the tools available on your devices.

WHY and HOW do we use (handle) your personal information?

We use your personal information as follows:
In order to provide our Website and the features you request during its Services
When you use our website, we use your personal information to provide the product or service you request. This may be the case when you make a purchase or take part in an event or promotion on our website, we will use the contact details you provide to communicate such a purchase, event or promotion. When you contact our customer service, we use information about you, such as shipping or payment, or information about the product or service you purchased, to help you resolve a problem or issue.
Data provided by the newsletter subscribers during the subscription, the purpose of which is to send future promotions and marketing offers: Name, e-mail, mobile phone number
Stakeholders: those who subscribe to the newsletter during the purchase or registration
Data provided on the contact form for the purpose of answering the customer’s question: Name, e-mail.
When sending the message, the option to subscribe to the newsletter is also optional, the customer service stores the details of the request for technical reasons until the customer’s needs are answered, it does not send a message for marketing purposes without the customer’s permission.
Stakeholders: senders of messages.
In many cases, you may need to provide additional information or consent to use certain features of our website in order to use certain information in a specific way. For example, to share content on social media. Such can be provided by Facebook, Messenger, Twitter, Google+ and WhatsApp. To use them, you have agreed to their privacy policy, otherwise you will not be able to access these pages or use these features on our website.
For the purpose of providing information about our products, services, events and for other promotional purposes
If you consent to this, we will send you marketing announcements and news related to our services, events and other promotions. You can indicate at any time after giving your consent that you do not wish to receive such information. The information you provide, as well as your purchases and events

We may use information from your participation data and other sources to send you personalized messages about products and services of interest to you. You can request a change from us at any time.
To continue our business in order to develop and support our products and services
We also use the personal information you provide to us for the purpose of conducting our business. For example, in the case of your purchase, we use the relevant information for accounting and other internal functions. We use personal information about how you use our products and services to improve the user interface, and such information helps us identify technical and service issues.

Other purposes

We may use your personal data in other ways and we will send you a separate notice at the time of data collection (eg a satisfaction survey) and, if necessary, ask for your consent.
Legal basis for data management
The processing of your personal data is subject to certain legal bases, depending on how you use our website.

  • If you buy products or services on our website, we need your personal data in order to fulfill the contract with you. For example, in order to fulfill your order, we need your payment and contact information.
  • We also invoke other legal grounds, such as our legitimate interest as a business in complying with a legal obligation or in protecting your vital interests.


Information on data processing not listed in this prospectus is provided at the time of data collection. We inform our clients that certain authorities, bodies performing public tasks, courts may contact our company for the purpose of disclosing personal data. Our company will provide personal data to these bodies only if and to the extent that it is absolutely necessary to achieve the purpose of the request and if the fulfillment of the request is required by law.


Our company’s computer systems and other data storage locations can be found at the headquarters and on the servers rented by the data processor. Our company selects and operates the IT tools used to manage personal data during the provision of the service in such a way that the managed data:

  • accessible to those entitled to it (availability);
  • its authenticity and authentication are ensured (authenticity of data management);
  • its invariability can be justified (data integrity);
  • be protected against unauthorized access (data confidentiality).

We pay particular attention to data security, take the technical and organizational measures and establish the procedural rules necessary to enforce the guarantees under the GDPR. The data shall be protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage or inaccessibility due to changes in the technology used.
Our company’s and our partners’ IT systems and networks are both protected against computer-assisted fraud, computer viruses, computer hacking, and denial-of-service attacks. The operator also ensures security through server-level and application-level protection procedures. Daily data backup resolved. In order to avoid data protection incidents, our company takes all possible measures, in the event of such an incident – in accordance with our incident management policy – we take immediate action to minimize the risks and eliminate the damage.


Encryption and security
To maintain the security of your personal information, we use a number of technical and organizational security measures, including encryption and authentication tools.
Our computers and mobile phones, which we work on, can only be accessed with a PIN code. This also applies, for example, to returning from the screen saver. We use 2-factor authentication on our social interfaces.
Retention of your personal information
We will store your personal data for the time necessary to fulfill the purposes set out in this Privacy Policy (unless applicable law provides for a longer retention period). If you have also requested advertising information from us, then until you request us to delete your account.
In the case of personal data relating to product purchases, such data will be retained for a longer period of time in accordance with legal obligations (such as tax and sales legislation).

s purpose.


You are entitled to claim:

  • request information on the handling of your personal data;
  • request the correction of your personal data;
  • request the deletion or blocking of your personal data;
  • object to the processing of your personal data.

If you have given us your consent to the processing of your personal data, you have the right to withdraw your consent at any time.
If you wish to receive a copy of your personal information or to exercise any other right, please contact us.
These may include the data we process, the purpose, legal basis, duration of the data processing, the names and addresses of the Data Processors and their activities related to the data processing, as well as who receives or has received the data and for what purpose. We will send you this in writing within 30 (thirty) calendar days.

Your personal information will be deleted if

  • its handling is illegal;
  • You request the deletion of data;
  • incomplete or incorrect – and this condition cannot be legally corrected – provided that cancellation is not precluded by law;
  • the purpose of data management has ceased;
  • the statutory deadline for data storage has expired;
  • the cancellation has been ordered by a court or the National Data Protection and Freedom of Information Authority.

COOKIES and web beacons (Pixel Tags)

When you use our website, we collect information sent by your internet browser, which may include personal information. We use a variety of methods to collect such information, such as cookies and web beacons. The information collected in this way may be included by you

  • unique cookie ID, cookie information, and information about whether your device has the software to use certain features;
  •  unique device ID and device type;
  • domain, browser type and language.
  • operating system and system settings
  • country and time zone; and
  •  details of previously visited websites;
  • information about your visits to our Websites, such as your click habits, purchases, and marked preferences; as well as
  • access times and referrer URL headers.

Through our website, third parties may also collect information through the use of cookies, third-party plug-ins and widgets. Such third parties collect data directly from your internet browser and such data is handled in accordance with that third party’s own privacy policy. Such can be Google, Facebook, Hotjar, Salesautopilot.
We use cookies and web beacons to track the use of our website by customers and to examine customer preferences. This allows us to provide services to our customers and enhance the online user experience. We also use cookies and web beacons to collect aggregate data about website traffic and interactions, to identify trends and to collect statistics to improve our websites. We generally use three types of cookies on our websites:
Necessary cookies: These cookies are necessary for the basic operation of the site and are therefore always switched on. Functional cookies include cookies that remember your settings on a single visit to our website or, if you wish, on each visit. They provide support on safety issues and compliance.
Statistics: These cookies allow us to improve the operation of our website by tracking usage. In some cases, these cookies increase the processing speed of your requests and remember the settings you choose on the website. Rejecting such cookies may prevent you from personalizing your offers and may slow down your site.
Marketing: Social media cookies allow you to connect to social networks and share content on our website through social media. Advertising cookies (used by third parties) collect information that helps us display advertisements that are relevant to your interests, both on our website and on other sites. In some cases, the use of such cookies involves the processing of your personal data. Disabling such cookies may result in ads that are less relevant to your interests, or that you may not be able to properly connect to Facebook, Twitter, or other social networks and / or share content. through social media.

You have the option to maintain and / or delete cookies as desired. Please visit for more information. You can delete all cookies stored on your computer and you can disable their installation in most browsers. In this case, however, you may need to make some settings manually each time you visit a particular page, and you may be aware that certain services and features may not work.


Our applicable laws and procedures change from time to time. If we decide to update our privacy policy, we will post the changes on our website.
We will give you prior notice of any material changes to the way we handle your personal information, or, if required by law, we will ask for your consent before making such changes.
By using the service provided by us, you accept the contents of the amended data management information by implied conduct.

You are the Infotv. You may object to the processing of your personal data for the reasons specified in § 21. In this case, We are obliged to examine your protest within 15 (fifteen) calendar days from the submission of the request and inform you of its result in writing.
If you do not agree with our decision, or if we do not comply with the deadline, you may go to court within 30 (thirty) calendar days from the notification of the decision or the last day of the deadline.
If you feel that your rights have been violated, you can go to court with Infotv. As defined in § 22.
It is also possible to appeal to the National Data Protection and Freedom of Information Authority:

Name: National Data Protection and Freedom of Information Authority
Headquarters: 1024 Budapest, Szilágyi Erzsébet avenue 22 / C.
Phone: +36 (1) 391-1400


We use third-party cookies in order to
personalize your site experience.