Terms & Conditions and Privacy Statement

Webshop owner:

Harmati Dániel E.V.

Head office

Budapest 1051 József Nádor u. 11

Tax number: 56175194-1-41

EV registration number: 54805981

Phone number +36306833892

Hereinafter kiteshop.hu

When sending the order, the customer only indicates his/her intention to purchase to the supplier, the order becomes a civil contract (purchase) according to the PPA only after the kiteshop.hu webshop order confirmation. kiteshop.hu webshop does not assume any liability for price differences due to different region and browser settings. The stock information displayed on the website may differ from the stock in our warehouses because stock information is not updated continuously. In the case of discontinued and seasonal products, we can only fulfil the purchase while stocks last. When you make a purchase in our webshop by clicking on the order button, you declare that you have read these terms and conditions and that you consider the prices in the order confirmation e-mail of the kiteshop.hu webshop to be the prices that apply. Of course, if you do not agree with the terms of the confirmation e-mail, you can request the cancellation or modification of your order at any time within 14 working days without giving any reason.


According to § 4 - a of the Government Decree 17/1999 (II. 5.) on distance contracts, with the exceptions of § 5, the customer may exchange products purchased in the webshop within 14 days, provided that the purchase is supported by an invoice or receipt and the product is returned in its original, undamaged packaging, in a condition free of damage and with all accessories.


Pursuant to Article 4 - a of Government Decree 17/1999 (II. 5.) on distance contracts, the buyer may withdraw from the contract within 14 days of receipt of the goods, with the exceptions provided for in Article 5. In the case of written withdrawal, the withdrawal shall be deemed to have been effected in due time if the buyer sends his notice of withdrawal before the expiry of the time limit. In the event of a validly exercised right of withdrawal, the buyer shall be reimbursed the purchase price paid without delay and at the latest within 30 days of the withdrawal.

The buyer shall be liable for any costs incurred in returning the product and for any damage resulting from improper use of the product.


Warranty according to the GKM Decree 49/2003 (VII. 30.) is only given for problems resulting from manufacturing defects, for a period of at least 12 months. A longer warranty period is indicated on all products.

If you believe that the defective performance is due to warranty problems, you can report this to our customer service within 8 days. If we consider your complaint to be justified, we will replace the product where possible or you can re-purchase the value of the product in our online shop. You should be aware that in disputed warranty cases, you can request an expert opinion from the National Consumer Protection Authority to determine the real cause of the defect under Decree 49/2003 (VII. 30.) GKM. However, you will have to bear the initial costs of this. In the event that the expert opinion concludes that the complaint is justified, the kitesurf.hu webshop will reimburse you for the investigation fee.

You can find the fees for the opinions of the National Consumer Protection Authority at www.nfh.hu-n

You can make a warranty claim together with a receipt or invoice proving your purchase.


You can make your warranty claims by telephone during business hours (+36306833972) and by e-mail daniel@true-surfers.com.

The handling of warranty and guarantee claims under a consumer contract is governed by GKM Regulation No. 49/2003 (VII. 30.).

For clarification, special requests and possible problems, please contact our customer service by e-mail.

By submitting your order, the user accepts the civil contract between kiteshop.hu and the buyer, according to the terms of delivery of kiteshop.hu.

Privacy policy

Please read this Notice carefully in order to understand how we process your personal data and to know your rights regarding data processing.
The Service Provider or the Data Controller, as data controller, respects the privacy of all persons who provide personal data to us while using the kiteshop.hu website or by other means through one of our contact details. The Service Provider will treat personal data confidentially and will take all security, technical and organizational measures to ensure the security of the data.

In accordance with Article 13 of the European Union General Data Protection Regulation (Regulation No 679/2016, hereinafter referred to as "GDPR"), the following information is mandatory:
Effective date of data processing: 10.11.2018.
The Service Provider will make its best efforts to notify users of any changes to our Privacy Policy at any time.

Table of contents

1. Summary
2.Data controller's data
4. Concepts of data protection
5. Rules on data processing
6. Enforcement of the rights of the data subject
7. Scope of personal data processed
Cookies and similar technologies
Use of automated decision-making, profiling
10. Data Protection Officer:
11. Controlling authority
In particular, our processing is governed by the provisions of the following legislation:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46.

Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.),

Act V of 2013 on the Civil Code
Act C of 2003 on Electronic Communications (hereinafter: Eht.)

Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (hereinafter: Eker. tv.)

Act C of 2000 on Accounting,

Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions on Commercial Advertising Activities (hereinafter referred to as "Act XLVIII.")

Act CXIX of 1995 on the processing of name and address data for the purposes of research and direct marketing (hereinafter referred to as "DM Act")

Title of the controller
Name: Harmati Dániel E.V.

Registered office: 1051 József Nádor u. 11.

Tax number: 56175194-1-41

EV registration number: 54805981

Phone number +36306833892

Data protection concepts
Data subject: any natural person identified or identifiable, directly or indirectly, on the basis of personal data

Personal Data: data that can be associated with a Data Subject, in particular the name, the identifier of the Data Subject, and knowledge of one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity, and the inference that can be drawn from the data concerning the Data Subject

Consent: a voluntary and explicit indication of the data subject's wishes, based on adequate information, by which he or she gives his or her unambiguous consent to the processing of personal data relating to him or her, whether in full or in relation to specific operations

Objection: a declaration by the Data Subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the processed data

Data Controller: the natural or legal person or unincorporated body which determines the purposes for which the data are processed, takes and executes decisions concerning the processing (including the means used) or has them executed by a processor on its behalf

'processing' shall mean any operation or set of operations which is performed upon data, whatever the procedure used, such as collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure and destruction, as well as prevention of further use, photographing, audio or video recording

Transmission: where the data are made available to a specified third party

Disclosure: where the data are made available to any person

Deletion: rendering data unrecognisable in such a way that it is no longer possible to recover it

Data destruction: the total physical destruction of a storage medium containing data; data processing: the performance of technical tasks related to data management operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data

Data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data

'processor' means a natural or legal person or an unincorporated body which, under a contract with a controller, including a contract concluded pursuant to a legal provision, processes data

third party: a natural or legal person or unincorporated body other than the data subject, the controller or the processor

Third country: any State which is not an EEA State

Data breach: unlawful processing or processing of personal data, in particular unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or accidental damage

Rules on data processing
This Privacy Policy is valid from 25 May 2018 until its withdrawal.

The definitions in this policy correspond to the interpretative definitions set out in Section 3 of the Infotv.

Personal data may only be processed in order to exercise a right or fulfil an obligation. The use of personal data processed by the Service Provider for private purposes is prohibited. The processing must always comply with the purpose limitation principle.

The legal basis for processing is, as a general rule, the consent of the data subject and, in the case of certain processing operations (e.g. personal data contained in an account), the law.

The Data Controller shall inform the Data Subject at the time of collection that the processing of his/her data is governed by the Data Processing Notice.

Acceptance of the Privacy Notice constitutes acknowledgement of the Privacy Notice and constitutes consent to the processing.

The Service Provider shall process personal data only for specified purposes, for the exercise of rights and the performance of obligations, with the prior consent of the data subject or on the basis of a law or a legal authorisation, to the minimum extent and for the minimum period necessary to achieve the purpose.

At all stages of the processing, the purpose must be fulfilled - and if the purpose of the processing ceases to exist or the processing is otherwise unlawful, the data will be deleted.

In any case, the Service Provider shall inform the data subject of the purpose of the processing and the legal basis for the processing before including the data.

If a person subject to the Policy becomes aware that personal data processed by the Service Provider is inaccurate, incomplete or untimely, he or she shall correct it or request its correction from the person responsible for the data recording.

In the course of their work, the Service Provider's employees shall ensure that no unauthorised persons have access to personal data, and that the storage and placement of personal data is designed in such a way that it cannot be accessed, accessed, altered or destroyed by unauthorised persons.

The data protection system of the Service Provider shall be supervised by the Managing Director.

Please note that our website contains some links to other organisations' websites. The data and information protection practices of these organisations are the responsibility of the respective organisation!

Enforcement of data subjects' rights
Data subjects may request information about the processing of their personal data and request the rectification or erasure of their personal data, except for processing required by law, by sending an e-mail to daniel@true-surfers.com.

6.1 Right to information

At the request of the data subject, the Service Provider shall provide information about the data processed by the Service Provider or by a data processor appointed by the Service Provider or under its instructions, the source of the data, the purpose, legal basis and duration of the processing, the name and address of the data processor and its activities related to the processing, the circumstances and effects of the data breach and the measures taken to remedy the data breach, as well as the legal basis and the recipient of the data transfer.

The Service Provider shall respond in writing and in an intelligible form to the data subject's request regarding the processing of his or her personal data within 25 days of the date of the request at the latest.

The information shall include the information specified in Article 15(1) of the Information Act, unless the data subject may be denied information by law.

The data controller shall rectify the inaccurate data, provided that the necessary data and the supporting documents are available, and, if the reasons specified in Article 17(2) of the Infotv. exist, shall take measures to delete the personal data processed.

6.2. Right to object

The data subject may object to the processing of his/her personal data,

if the processing or transfer of the personal data is necessary solely for compliance with a legal obligation to which the controller is subject or for the purposes of the legitimate interests pursued by the controller, the data importer or a third party, except in the case of mandatory processing;
where the personal data are used or transmitted for direct marketing, public opinion polling or scientific research purposes; and
in other cases specified by law.
The Service Provider shall examine the objection within the shortest possible time from the date of the request, but not later than 25 days, and shall decide whether the objection is justified and inform the applicant in writing of its decision.

If the objection is justified, the Service Provider shall terminate the processing and block the data, and shall notify the objection and the action taken on the basis of the objection to all those to whom the personal data concerned by the objection were previously disclosed and who are obliged to take measures to enforce the right to object.

If the data subject does not agree with the decision on the objection or if the Service Provider fails to meet the deadline, the data subject may, within 30 days of the notification of the decision or the last day of the deadline, take the matter to court in accordance with Article 22 of the Information Act.

If the objection is justified, the data controller shall act in accordance with Article 21(3) of the Information Act.

6.3. Blocking

The Service Provider shall block the personal data if the data subject so requests or if, on the basis of the information available to it, it is assumed that deletion would harm the legitimate interests of the data subject. The blocked personal data may be processed only for as long as the processing purpose which precluded the deletion of the personal data persists.

6.4. Deletion

The Service Provider shall delete personal data if its processing is unlawful, the data subject requests it (unless the processing is based on a mandatory provision of law*), the processed data is incomplete or inaccurate - and this situation cannot be lawfully remedied - provided that deletion is not excluded by law, the purpose of the processing has ceased, or the statutory period for storing the data has expired, or the court or the National Authority for Data Protection and Freedom of Information has ordered it.

The Service Provider has 25 days to delete, block or rectify the personal data. The Service Provider shall notify the data subject of the measures taken and all those to whom the data was previously transmitted for processing purposes.

The Service Provider shall also compensate for any damage caused to others by the unlawful processing of the data subject's data or by the breach of data security requirements, as well as for any damages in the event of a personal injury caused by the Service Provider or by a data processor engaged by the Service Provider. The controller shall be exempted from liability for the damage caused and from the obligation to pay the damage fee if it proves that the damage or the infringement of the data subject's personality rights was caused by an unforeseeable cause outside the scope of the processing. Likewise, it shall not compensate the damage if it was caused by the intentional or grossly negligent conduct of the injured party.

* The Service Provider shall not delete the data of the Data Subjects even after the termination of the legal relationship, with regard to its obligation to retain data as defined by law (Pmt., Accounting Act). Once this obligation ceases, the data will be deleted.

However, in the former periods, the data will not be used for any other purpose without consent.

6.5 Modification of data

The data subject may request the amendment of his/her data by sending an e-mail to daniel@true-surfers.com.

6.6 Storage of data

The data will be stored electronically by data processing companies contracted by the Service Provider, which guarantee the protection of personal data through strong security systems. The responsibility for this is assumed by the Service Provider. The data processor may not take any decision on the substance of the processing, may process the personal data of which it becomes aware only in accordance with the instructions of the Data Controller, may not process the data for its own purposes and shall store and retain the personal data in accordance with the instructions of the Data Controller.
The data shall be transferred abroad to high-security data processors appointed by the Service Provider.

The data will be transferred for hosting purposes to


which may use additional data processors to provide back-office IT services.

Scope of Personal Data Processed
7.1 Newsletter subscription on www.true-surfers.com.

Email address

The data provided will be processed by the Data Controller until the data subject's consent is withdrawn, which can be withdrawn at any time by clicking on the unsubscribe link at the bottom of the newsletter or by using the contact details provided above.
The purpose of the newsletter is to inform those who voluntarily subscribe to it about news, service changes, promotions, news.
The legal basis is voluntary subscription.
The data is stored by the following service provider.

he Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States

7.2 Contact details.

If you contact us by email or telephone, the data will not be stored or will be stored until the end of any contract that may have been concluded.

Use of cookies and similar technologies
We use cookies ("cookies") in certain areas of our website. Cookies are files that store information on your hard drive or web browser. We would like to emphasise that we use cookies in accordance with Act C of 2003 on electronic communications, Act CVIII of 2001 on certain aspects of electronic commerce services and information society services and European Union regulations.

Cookies allow the website to recognise you if you have visited it before. Cookies help us to understand which parts of the website are the most popular because they allow us to see which pages our visitors go to and how long they spend there. By studying this, we can better tailor the website to your needs and provide you with a more varied user experience by, among other things

- remembering your preferences so you don't have to re-enter them when you go to a new page,
- remembering previously entered information (e.g. postcode) so you don't have to re-enter it,
- analyse the use of the website to ensure that improvements are made using this information to ensure that it works as well as possible, that you can easily find the information you are looking for and to monitor the effectiveness of our advertising.

8.1Types, purpose and use of cookies

Our website may use two types of cookies: temporary (session cookies) or persistent cookies. Temporary cookies remain on your device until you leave our website, while persistent cookies may remain on your device for longer periods of time or until they are manually deleted, depending on your web browser settings.

8.2 Essential session-id cookies

These are essential for navigating our website, for the operation of key features of our website and for accessing protected content. These cookies store the information necessary to fill in the forms and do not collect any information that could identify the user. After closing the website, these cookies are automatically deleted and the session is closed.

If you do not accept these cookies, the website or parts of the website may not be displayed or may be displayed incorrectly, making it impossible to use the website.

8.3 Analytical or performance cookies

These allow us to distinguish and count visitors to our website and monitor how users use a particular website, for example, which pages they visit most often or whether they receive error messages from websites. These cookies ensure a consistent look and feel of the website and collect information about the use of the website. This helps us to improve the way our website works. These cookies do not collect any personally identifiable information, the data is aggregated and stored anonymously and is only used to improve the functioning of our website.


We use Google Analytics to collect anonymous information about how visitors to the website use the site. We do this to make sure that the site meets the needs of visitors.

Google Analytics collects information about what pages they visit, how long they stay, how they get there and what they click on. Because we do not collect or store names or addresses as part of this process, this data is not personally identifiable and we do not authorise Google to use it for its own purposes or to share it with anyone else.

8.4. Functional cookies

These cookies are used to improve the user experience by detecting which device was used to access our website, remembering previous user choices so that we can offer better and more personalised features. These cookies may also allow you to watch videos, play games and use social tools such as blogs, chat rooms and forums.

However, these cookies do not track your activity on other websites and we do not use them to send you advertising through other websites.

8.5. Targeting or advertising cookies

In order to provide visitors to our website with marketing information that is most relevant to their interests, we also use personalised, i.e. targeted or advertising, cookies.

These cookies collect fairly detailed information about your browsing habits on our websites (for example, recording which products and services you have clicked on). They also help us to recognise repeat visits to our website and/or to websites belonging to our advertising partner networks

8.6 Management of cookies

Browser settings: you can set your web browser to accept all cookies, reject all cookies, or notify you when a cookie is sent to your computer. The options are usually found in the "Options" or "Preferences" menu of your browser. Each web browser is different, so please use your browser's "Help" menu or the links below to change your cookie settings:

- Manage cookies in Internet Explorer
- Manage cookies in Firefox
- Manage cookies in Chrome

Please note that this website is designed to work using cookies, so disabling them partially or completely may affect the usability of this website, prevent interactive communication and prevent you from taking advantage of all its services.

We would like to emphasise that we do not exchange cookies with third party websites or external data providers.

For more information on this, please see the links below:

- Google Principles and Guidelines

8.7 Community Buttons

Our website also uses so-called "community buttons" that allow our visitors to share or bookmark a particular page. These links point to social media independent of us, which may collect information about your browsing activity on the Internet, including this website. If you would like more information about how these websites use information about you. If you would like to block or delete such information, please read the terms of use and privacy policy of the sites concerned.

Use of automated decision-making, including profiling
We do not use automated decision-making or profiling.

Privacy Officer:
The controller is not obliged to appoint a Data Protection Officer under Article 37 of the GDPR

The data subject may lodge a complaint about the Company's data processing practices with the NAIH:

National Authority for Data Protection and Freedom of Information.
The Authority is the Hungarian Data Protection Authority.
Website: www.naih.hu

The data subject may, at his or her option, pursue his or her claim in court. The court of law has jurisdiction to decide on the case. The action may also be brought, at the option of the person concerned, before the court of the place of residence or stay of the person concerned.