This document provides information on the data management carried out by DESEF SILVER s.r.o. as a data controller (hereinafter: Data Controller) through the web store it operates www.silvertactical.eu. Please read the following information carefully!

During the operation of the Webstore www.silvertactical.eu, hereinafter: Webstore, Webshop) maintained by the Data Controller, the personal data of those who register in the Webstore and make purchases through it, as well as those who visit the website (hereinafter: Data Subject, Customer, User) is managed by the information CXII of 2011 on the right to self-determination and freedom of information. Act (hereinafter: Infotv.), as well as the European Parliament and Council (EU) 2016/ In accordance with the provisions of Regulation 679 (April 27, 2016) (hereinafter: Regulation, GDPR). The Data Controller hereby informs the Data Subjects about the personal data it manages, the purpose of the data management, the data retention period, the method of storage and transmission , about the principles and practices followed in the management of personal data, as well as about the way and possibilities of exercising the rights of the data subjects. The Data Controller reserves the right to unilaterally modify this document at any time.

The manager of the data published on the Webshop is DESEF SILVER s.r.o. as data manager:

• Name of the service provider: DESEF SILVER sro
• The seat of the service provider is: Slovakia, Komárno, UI.gen. Klapku 3043/68
• The service provider’s contact information, for contact with users,
• regularly used email address: shop@silvertactical.eu ,
• Company registration number: 52465381
• Tax number: SK2121041109
• Bank account number: SK70 8330 0000 0025 0167 5005 FIO Bank / SWIFT: FIOZSKBAXXX
• (In the case of bank transfer, state your order number as the payment ID (not in the notice or comments section)
• Name of registering authority (company court): je zapišana v ORSR v Nitre, Oddiel: Sro, Vložka číslo:49468/N
• License number: 49468/N
• Telephone numbers: 0634-300-289, 0620-770-3191, 0630-416-2827
• Language of the contract: Hungarian
• Data of the storage provider: unas.hu

Supervisory Authority: Slovak Trade Authority (SKH) SKH Nyitra district inspectorate, Staničná 9, 94901 Nyitra Tel: 037/7720001, Fax: 037/7720024

3.1 Registration

The Data Controller draws the attention of the Data Subjects to the fact that shopping in the Online Store is subject to prior registration, but after registration, shopping is not mandatory. If the persons concerned start the purchase without registration, the Web Store directs them to the registration interface, where the persons concerned must complete the registration. Please note that only one registration can be associated with one e-mail address. All responsibility for damages resulting from the provision of incorrect or false data rests with the Data Subject. The Data Controller reserves the right to delete obviously incorrect or false registrations and, in case of doubt, to verify the authenticity of the data provided. We draw your attention to the fact that in order to finalize the registration (in order to prevent incorrect and incorrect registrations), the system sends an automatic letter to the specified e-mail address, in which the person concerned can validate his registration by clicking on the link. The Data Controller specifically draws attention to the fact that all responsibility for the accuracy and up-to-dateness of the data rests with the Data Subjects. In view of this, we ask that if there is a change in your personal data, these changes should be transferred to the data recorded in the account. After the data has been modified, the system sends an automatic confirmation letter to the registered email address, in which the Data Subject can finalize the modification of his data. The purpose of data management: To carry out the registration necessary for shopping on the Webstore, to obtain the data necessary to fulfill the order placed by the affected parties as customers, and to issue the invoice in the case of a purchase. The legal basis for data management is the voluntary, informed and definite consent of the concerned person, which is given by the User by ticking the checkbox that appears during registration, based on the information contained in this document. (Based on Article 5 (1) point a) of the Infotv and Article 6 (1) point a) of the GDPR). Scope of managed data: billing name, billing address (zip code, city, address), phone number, email address, password, contact details. Data retention period: until the consent of the data subject is revoked, until the user’s account is permanently deleted, which the user can request in the request sent to the contact details specified in point 2 of the Data Controller, or until the registration is deleted by the Data Controller in the event of an obviously incorrect or false registration, and in case of 2 years of inactivity. We would like to draw your attention to the fact that if you make a purchase at the Online Store after registration, your account will also be deleted in the above cases, however, in such a case, the invoices issued (and thus the personal data of those included in them) will continue to be stored in accordance with 3.2 according to the provisions of point Place of data processing: IT devices located at the premises of the data controller. Method of data storage: electronic. Data transmission: no data transmission takes place. Data processor:  UNAS Online Kft. – Székhelyszolgáltató Headquarters: H-9400 Sopron, Kőszegi út 14. Tax number: 14114113-2-08 Company registration number: 08-09-015594 Registration authority: Győr Court of Companies Registration date: 29.11.2007 E-mail: unas@unas.hu Data management registration number: Data management information available at: https://unas.hu/adatkezelesi_tajekoztato Possible consequences of failure to provide data: shopping on the Web Store is not possible without registration.

3.2. Purchase on the Webstore

Users’ purchases on the Webstore are subject to prior registration. However, after registering on the Webstore, the purchase is not necessary. In view of this, the Data Controller provides separate information on the data management related to the user’s personal data related to the two processes. Purpose of data management: Taking the User’s orders from the Webstore, confirming, fulfilling, and delivering the order, issuing invoices and receipts for the purchase, and fulfilling the obligation of the Data Controller to maintain the order of receipts and receipts. Legal basis for data management: Data management is necessary for the performance of a contract in which the data subject is one of the contracting parties. (GDPR Article 6 (1) point b) If the sales contract concluded between the parties has been fulfilled (the person concerned as the buyer paid the purchase price and the Data Controller as the Seller handed over the ordered product to the buyer, who accepted the product), the The legal basis for data management is Accounting TV. Paragraph (2) of § 169. Scope of processed data: billing name, e-mail address, phone number, billing address (postal code, town, address), delivery address (postal code, town, address) Data retention period: Számvitele tv. According to Section 169 (2), the last day of the 8th year following the last day of the year in which the invoice was issued. Place of data management: IT devices located at the premises of the Data Controller, in the case of paper-based documents and invoices, to the files of the Data Controller. Data transmission: affected by the data management specified in this chapter, the following data will be transmitted to the following data controllers: Data controller: GLS General Logistics Systems Hungary Kft. registered office: 2351 Alsónémedi, GLS Európa utca 2. cg.: 13-09-111755 contact: info@gls -hungary.com The purpose of the data transfer: delivery of the ordered products to the home, Scope of transferred data: the customer data indicated on the invoice (name, delivery and billing address) Legal basis for the data transfer: the data transfer is necessary for the performance of a contract in which the person concerned is one of the contracting parties afraid. 3.3. Sending a newsletter, direct marketing XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. Pursuant to § 6 of the Act (hereinafter: Advertising Law), the User may give prior and express consent to the Data Controller as a service provider contacting him with advertising offers, other mailings, and the contact information provided by the Data Subject. In addition, bearing in mind the provisions of this information, the data subject may consent to the Data Controller handling his personal data necessary for sending advertising offers. The Data Controller does not send unsolicited advertising messages, and the User can unsubscribe from sending newsletters free of charge without limitation or justification. In this case, the Data Controller will delete all personal data necessary for sending advertising messages from its records and will not contact the User with further advertising offers. Users can unsubscribe from newsletters by clicking on the link in the message. In the context of this information, we would like to draw your attention to the fact that the Data Controller, as well as the fulfillment assistant (GLS) of the Data Controller used for the performance of the contract, and used for the purpose of performing the contract, system messages, registration and order e-mail and SMS messages containing confirmation and other information about the delivery, as well as a message containing the electronic invoice, can be sent to the users to the e-mail address provided by them. In connection with these, we draw attention to the fact that these messages are not classified as advertising messages, so they do not belong to Reklámtv. under its scope, so they do not require the consent of the data subject. In view of this, the following points of this information do not apply to these messages. The purpose of data management is to send electronic e-mail messages containing advertising to the data subject, to provide information about current information, products, and promotions. The legal basis for data management is the voluntary, informed and definite consent of the concerned person, which the User gives after subscribing to the newsletter by clicking on the hyperlink in the e-mail message sent to confirm the subscription, based on the information contained in this document. (Based on Article 5 (1) point a) of Infotv and Article 6 (1) point a) of the GDPR). Scope of processed data: surname, first name, e-mail address. Data retention period: until the consent of the data subject is revoked, which can be done by clicking on the unsubscribe button at the bottom of the newsletter. Place of data processing: IT devices located at the premises of the Data Controller or at the data processors used by the Data Controller. Method of data storage: electronic. Data transfer: data related to the data management contained in this chapter will not be forwarded.

3.4. Cookies

The Data Controller hereby informs the User that when certain parts of the website are downloaded, the web server automatically saves small data files, so-called places cookies (“Cookie”, “Süti”) on the User’s Device, and then reads them back during the subsequent visit. In some cases these data files are Infotv. respectively, according to the GDPR, they are considered personal data, since the browser returns a previously saved cookie, the service provider managing the cookie has the opportunity to connect the User’s current visit with the previous ones, but only with regard to its own content. The Web Store places cookies on the user’s device for two different purposes during use. Of these, PHPSESSID is essential for operation, which the webshop places in order to be able to identify the session of the logged-in user until the logout and thus protect the data of the registered user. If you do not allow the acceptance of cookies in your browser, including PHPSESSID, then you will not be able to use the webshop application. This cookie therefore does not require the user’s consent. In addition, the Data Controller uses Google Analytics for statistical data collection, which places cookies in your browser and thus sends data to the Data Controller about what you visited on the site. These cookies do not store personal data, they serve to track what the person concerned did on the website. In addition, the Data Controller uses the online advertising program called Google AdWords, and also uses Google’s conversion tracking service within its framework. By using this, when the User accesses a website through a Google ad, a cookie required for conversion tracking is placed on his computer. These cookies do not contain any personal data, so the User cannot be identified by them. The placement of the latter two cookies is based on the user’s consent, so they are placed only with this consent, which consent is given by the person concerned by clicking the Consent button in the pop-up window. If you do not want to participate in either data collection by Google Analytics or conversion tracking by Google Adwords, you can refuse this by not consenting to the installation of these cookies in your browser. The purpose of the use of some Cookies used by the Data Controller and their retention period:

Type of Cookie	The purpose of using cookies	Duration of cookie retention	Is the consent of the data subject required?
Google Analytics (cookies named _ga, _gat and _gid)	The Webshop website uses the Google Analytics tool to collect information and analyze how the User accesses and uses the Webshop. This information is used for the preparation of reports and provides assistance for the further development of the Web Store. The collection of data – including the number of users of the Webstore, where the User came to the website, and which pages were visited through the Webstore – is done anonymously. The collected data cannot be traced back to the User. You can find out more about Google’s privacy policy here .	Google Analytics so-called first party cookies are created when the User visits the webshop because the Google Analytics tracking code has been installed on our portal. Cookies are stored on the User’s Device for a maximum of 2 years from the date indicated above. More information about this can be found by clicking here .	Yes, by clicking the “I agree” button, the data subject gives his consent to the placement of the cookie.
Google AdWords (Google Remarketing)	Many third-party providers, including Google, store the data of the User’s previous visits to the Web Store and use this information to display the Data Manager’s ads when the User visits the website of one of Google’s partners. During your visit to the Website, one or more Cookies provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) will be sent to the User’s computer, which will uniquely identify the User’s browser. Google remarketing cookies are used via the Google AdWords advertising system. With the help of Cookies provided by Google, the fact and time of the visit to the Webstore are recorded, as well as which subpages of the Webstore the User viewed during the visit. The data recorded in this way is stored anonymously. The User can disable Google’s remarketing cookies on the page for deactivating cookies in Google’s advertising settings, and can also disable cookies from external service providers on the Network Advertising Initiative’s unsubscribe page.	AdWords cookies are stored for 90 days after the User’s visit to the Webshop.	Yes, by clicking the “I agree” button, the data subject gives his consent to the placement of the cookie.
Session ID (cookie named PHPSESSID)	Session cookies allow the Webshop to recognize the User, so the User does not have to enter the already provided data repeatedly.	The information is stored until the end of the current session. The session means the duration of the visit of the Webshop by the User. At the end of the session, the collected data will no longer be accessible.	No, the placement of the cookie does not require the consent of the data subject.
Persistent Cookies	In order to achieve a better user experience, the Data Controller uses a permanent cookie (e.g. optimized navigation on the page, retention of specific language settings).	These cookies are stored for a longer time in the cookie file of the browser. The duration of this depends on what setting the Data Subject uses in his internet browser.	Yes, by clicking the “I agree” button, the data subject gives his consent to the placement of the cookie.

The User can accept or reject the use of Cookies on a case-by-case basis, or reject the use of all Cookies by setting the browser accordingly. More information about how to do this and about Cookies can be found on the following website: https://www.youronlinechoices.eu/. If the User decides to disable Cookies, he will only have limited access to certain pages of the Website, and it is possible that certain functions or services of the Website will not work properly. The purpose of data management is to: identify users, distinguish them from one another, identify the user’s session, store the data provided during that session, prevent data loss, identify users, conduct web analytics measurements, properly operate the Website, enhance the user experience, display advertisements for Users. The legal basis for data management: the consent of the data subject, which the User gives by clicking on the “I consent” button on the pop-up cookie warning, based on the appropriate information contained in this information. (Based on Article 5 (1) point a) of Infotv and Article 6 (1) point a) of the GDPR). Scope of managed data: ID number, date, time, and previously visited page. Method of data storage: electronic. Data transmission: no data transmission takes place.

3.5. Information regarding the use of the Web Store as a website

Although, in our opinion, the data obtained by the Data Controller in the course of the data management contained in this point are not considered personal data, for the sake of complete information, we would like to record that the Data Controller collects statistical information stored in an aggregated form related to user activities by the Data Subject, which is not suitable for identifying the user, and stores it in its own system, through logging. The log contains, among other things, but not exclusively, the IP address of the Data subject’s computer, the time of use, and user activity. The Data Controller does not transfer this data to third parties, and may use the contents of the log exclusively for its own analysis purposes, to improve the user experience, and for the technical development of the IT system.

Please note that the Webshop also contains links that lead to other websites. The use of such external websites is subject to the privacy policy and information of the given website, and after clicking on the external link or the corresponding button, the Data Controller cannot influence the collection, storage or management of personal data.

The Data Controller respects the regulations regarding the security of personal data, so both the Data Controller and the authorized data processor take all the technical and organizational measures and establish the procedural rules that Infotv. and the GDPR for confidentiality and the security of data management are necessary to enforce its applicable rules. The Data Manager protects the data it handles with appropriate measures against unauthorized access, change, transmission, disclosure, deletion or destruction, as well as against accidental destruction or damage. During its data processing, the Data Controller keeps:

• a) confidentiality: protect the information so that only those who are authorized to do so can access it;
• b) integrity: protects the accuracy and completeness of the information and the method of processing;
• c) availability: it ensures that when the authorized user needs it, he can really access the desired information and that the related tools are available.

The Data Controller adequately protects its IT systems and networks against computer fraud, espionage, fire and flood, as well as viruses and computer intrusions. The operator ensures security with server-level and application-level protection procedures. The Data Controller monitors its systems in order to record all security incidents and to provide evidence for each security incident. In addition, system monitoring also makes it possible to check the effectiveness of the precautions used. The Data Controller requires and monitors compliance with the information protection measures, based on the provisions of the contracts concluded with the data processors it uses.

All personal information provided by the Data Subject to the Data Controller must be true, complete and accurate in all respects. The data subject may request information about the processing of his personal data, and may request the correction of his personal data, or – with the exception of mandatory data processing – deletion or withdrawal, he may exercise his right to data portability and protest in the manner indicated when the data was collected, or at the above contact details of the data controller. Right to information: The Data Controller takes appropriate measures in order to provide the data subjects with all the information mentioned in Articles 13 and 14 of the GDPR and Articles 15-22 regarding the processing of personal data. and provide each piece of information according to Article 34 in a concise, transparent, comprehensible and easily accessible form, clearly and comprehensibly worded. The right to information can be exercised in writing via the contact details indicated in point 2 of this information. Information can also be given orally to the person concerned upon request – after proof of identity. The data subject’s right to access: The data subject has the right to receive information from the controller as to whether his personal data is being processed, and if such data processing is in progress, he is entitled to receive access to the personal data and the following information: purposes of data management; categories of personal data concerned; the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations; the planned period of storage of personal data; the right to rectification, deletion or limitation of data processing and the right to protest; the right to submit a complaint to the supervisory authority; information about data sources; the fact of automated decision-making, including profiling, as well as comprehensible information about the applied logic and the significance of such data management and the expected consequences for the data subject. In case of transfer of personal data to a third country or an international organization, the data subject is entitled to receive information about the appropriate guarantees for the transfer. The Data Controller provides a copy of the personal data that is the subject of data management to the data subject. For additional copies requested by the data subject, the data controller may charge a reasonable fee in line with the administrative costs. At the request of the data subject, the Data Controller provides the information in electronic form. The data controller shall provide the information within a maximum of one month from the date of submission of the request. Right of rectification:The data subject may request the correction of inaccurate personal data concerning him or her managed by the Data Controller and the addition of incomplete data. Right to erasure: If one of the following reasons exists, the data subject has the right to request that the Data Controller delete his/her personal data without undue delay: – personal data are no longer needed for the purpose for which they were collected or otherwise processed; – the data subject withdraws his consent, which is the basis of the data management, and there is no other legal basis for the data management; – the data subject objects to the data processing and there is no overriding legal reason for the data processing; – personal data were handled illegally; – personal data must be deleted in order to fulfill the legal obligation prescribed by EU or Member State law applicable to the data controller; – the collection of personal data was carried out in connection with the offering of services related to the information society Data deletion cannot be initiated if data management is necessary: ​​for the purpose of exercising the right to freedom of expression and information; for the purpose of fulfilling the obligation under the EU or Member State law applicable to the data controller requiring the processing of personal data, or for the execution of a task performed in the public interest or in the context of the exercise of public authority conferred on the data controller; affecting the field of public health, or for archival, scientific and historical research purposes or for statistical purposes, based on public interest; or to submit, assert or defend legal claims. The right to limit data processing: At the request of the data subject, the Data Controller limits data processing if one of the following conditions is met: – the data subject disputes the accuracy of the personal data, in which case the restriction applies to the period that allows the accuracy of the personal data to be checked; – the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use; – the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to submit, enforce or defend legal claims; or – the data subject objected to data processing; in this case, the restriction applies to the period until it is established whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject. If data management is subject to restrictions, personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state. The Data Controller informs the data subject in advance of the lifting of restrictions on data management. Right to data portability: The data subject has the right to receive the personal data relating to him/her provided to the data controller in a segmented, widely used, machine-readable format, and to forward this data to another data controller. Right to object: The data subject has the right to object at any time for reasons related to his/her own situation to the processing of his/her personal data necessary for the performance of a task carried out in the public interest or in the context of the exercise of a public authority vested in the data controller, or the processing necessary to enforce the legitimate interests of the data controller or a third party, including the aforementioned also profiling based on provisions. In the event of a protest, the data controller may no longer process the personal data, unless it is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are related to the submission, enforcement or defense of legal claims. If personal data is processed for direct business acquisition, the data subject has the right to object at any time to the processing of personal data concerning him for this purpose, including profiling, if it is related to direct business acquisition. In case of objection to the processing of personal data for the purpose of direct business acquisition, the data cannot be processed for this purpose. Automated decision-making in individual cases, including profiling: The data subject has the right not to be covered by the scope of a decision based solely on automated data management – including profiling – that would have legal effects on him or similarly significantly affect him. The above right cannot be applied if the data processing is – necessary for the conclusion or fulfillment of the contract between the data subject and the data controller; – its implementation is made possible by EU or Member State law applicable to the data controller, which also establishes appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or – based on the express consent of the data subject. Right of withdrawal: The data subject has the right to withdraw his consent at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal. Procedural rules: The data controller informs the data subject without undue delay, but in any case within one month of the receipt of the request, in accordance with Articles 15-22 of the GDPR. on measures taken following a request pursuant to Art. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two months. The data controller shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request. If the data subject submitted the request electronically, the information will be provided electronically, unless the data subject requests otherwise. If the data controller does not take measures following the data subject’s request, it shall inform the data subject without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as of the fact that the data subject may file a complaint with a supervisory authority and exercise his right to judicial redress. The Data Controller provides the requested information and information free of charge. If the data subject’s request is clearly unfounded or – especially due to its repetitive nature – excessive, the data controller may charge a reasonable fee, taking into account the administrative costs associated with providing the requested information or information or taking the requested measure, or may refuse to take action based on the request. The data manager informs all recipients of all corrections, deletions or data management restrictions carried out by him, to whom or to whom the personal data was communicated, unless this proves to be impossible or requires a disproportionately large effort. At the request of the data subject, the data controller informs about these recipients. The data controller provides a copy of the personal data that is the subject of data management to the data subject. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the data subject submitted the request electronically, the information will be provided in electronic format, unless the data subject requests otherwise. Compensation and damages: All persons who have suffered material or non-material damage as a result of a violation of the Regulation are entitled to compensation from the data controller or data processor for the damage suffered. The data processor is only liable for damages caused by data processing if it has not complied with the obligations set out in the law, specifically burdening the data processors, or if it has ignored or acted contrary to the legal instructions of the data controller. If several data managers or data processors or both data managers and data processors are involved in the same data management and are liable for damages caused by data management, each data manager or data processor is jointly and severally liable for the entire damage. The data controller or the data processor is exempted from liability if it proves that it is not responsible in any way for the event that caused the damage. Official data protection procedure: The data subject can file a complaint with the National Data Protection and Freedom of Information Authority regarding the handling of their personal data.

• Name: National Data Protection and Freedom of Information Authority
• Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
• Mailing address: 1530 Budapest, Pf.: 5.
• Telephone: 06.1.391.1400
• Fax: 06.1.391.1410
• E-mail: ugyfelszolgalat@naih.hu
• Website: http://www.naih.hu

Right to go to court: In the event of a violation of their rights, the data subject may go to court against the data controller, regardless of the filing of the complaint. The court acts out of sequence in the case.

If the User wishes to contact the Data Manager, he can do so via the contact details specified in point 2 of the information sheet containing the data manager’s data.     Data protection information is valid from April 1, 2020.