Privacy Policy

The Boxy Logistics Zrt. Privacy Policy provides detailed information about how user data is managed, privacy rights, and the use of cookies. The purpose of the page is to provide comprehensive information about the purposes of data collection, the methods used, and the legal remedies available to the individuals concerned.

Data Management

The personal data you provide is managed by:

Boxy Logistics Zrt.

Headquarters: 1036 Budapest, Lajos utca 48-66. B. building.

Company Registration Number: 01-10-141253

Registering Court: Metropolitan Court of Budapest – Company Tribunal

– hereinafter referred to as Data Controller.

Please carefully read this data management policy (hereinafter referred to as Policy), which describes our practices concerning the management of your personal data in accordance with the General Data Protection Regulation (GDPR, i.e., Regulation 2016/679 of the European Parliament and Council). This Policy applies to individuals using the services of the Data Controller as consumers (You). It explains how the Data Controller collects, uses, and in some cases shares your personal data with third parties, as well as provides information about your rights related to data management.

The Data Controller (Boxy Logistics Zrt.) is committed to protecting the personal data and privacy of individuals visiting this website. This policy and statement primarily concern the confidential handling and protection of personal data of customers and newsletter subscribers through the internet, but also cover site visitors. We summarize how the owner may collect and use data relating to you and how it may be used. The data are not transferred to unauthorized persons and are used in the form specified in this policy.

The purpose of data management may vary in individual cases in contracts, which occurs under the conditions specified in the respective contract.

This information is crucial for protecting your personal data and your related rights. If the user does not accept these terms, they have the right to suspend the use of the website and terminate browsing without providing personal data.

Responsibility and contact of the Data Controller

1.1 Information related to data management

In respect to the data management described in this Policy, 1036 Budapest, Lajos utca 48-66. B. building is the data controller (hereinafter: Data Controller).

If you have any remarks, questions, or complaints about our data protection procedures, you can contact us at Boxy Zrt. or write to

Data Controller
Boxy Logistics Zrt.
1036 Budapest, Lajos utca 48-66. B. building
All activities

You may access our websites without providing personal data, but accepting the cookie policy is essential for browsing, and approving the privacy policy and statement is necessary for newsletter subscription. Personal data includes all information that can directly or indirectly identify a natural person by identifier or related data. If the site owner collects your personal data, it does so transparently and confidentially.

Your personal data are information that can identify you, such as: surname, first name, nationality, phone number, postal address, email address. The owner collects your personal data voluntarily during browsing, always specifying the data necessarily required to achieve the purpose. If you do not wish to provide this data, you will not be able to access certain functions and services of the website. Collecting optional data serves to understand user needs and to develop the website and services.

The Owner takes all measures to ensure that the personal data managed are accurate and up-to-date.

The following personal data are managed:

  • Surname, first name, company name, and contact name (for companies)
  • Registered address (for companies), residential address, mailing address
  • Email address
  • Phone number
  • System information (IP address, system version, resolution, statistics about pages viewed on the website, browsing habits, behavioral patterns)

Duration of data management:

  • For direct marketing consents until the user withdraws consent
  • For profile data for 4 years from the last login
  • For purchase data for 8 years as per Section 169 (2) of the Accounting Act

Conditions of data transfer

The Data Controller may transfer the data managed – to the extent necessary – to the following designated individuals and companies operating in the following areas:

  • Data processing
  • Legal representation
  • Bodies authorized to handle legal disputes by law
  • Delivery
  • Accounting
  • Debt management
  • Marketing
  • Invoicing

Data Processors

When purchasing from the online store, the Data Controller (based on the delivery method specified by the User) transfers the User’s name, delivery address (for courier service, email address and phone number – for coordinating delivery time), and information related to the payable (sometimes prepaid) purchase price to the company performing the delivery, for the purpose of delivering the product to the User.

The User accepts the General Terms and Conditions of the chosen delivery company according to this consent.

Companies or individuals involved in data processing or data management

The owner, Boxy Logistics Zrt., manages the data. Besides the owner, other companies also participate in managing and storing data of contractual clients.

Which companies are involved in data management?

During the Owner’s activities, the following companies are involved in data management:

  • Google Inc.: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, further contacts, mailing system, data and file storage in the cloud, online document management, and related services: Google Drive, Google Docs, Google Search Console, Google Analytics, Google AdSense, Google AdWords, YouTube, Blogger, Chrome browser support – Google’s data protection and privacy principles.
  • Facebook Ireland Ltd.: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, supporting Facebook, Instagram, Messenger, and other products offered by Facebook – data management policy and privacy officer’s contact.
  • Salesforce: One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRELAND, use of products and features offered by Twitter – data management policy and terms of service.
  • In special cases, the contract may include additional data processors or companies.

Data Owner Rights and Enforcement

If you do not want your personal data to be used for the communication of commercial offers, you have the right to prohibit this without justification. Your request for deletion must be sent in writing to the Data Controller, either by email or postal letter, to the specified contacts.

Protection of Personal Data of Minors and Individuals with Limited Legal Capacity

Boxy Logistics Zrt.'s website and its content are generally not intended for minors under the age of 13. We do not manage or collect personal data about children under the age of 13 without verifiable parental or guardian consent. Parents or guardians may request the release or deletion of data about the child. If the Data Controller becomes aware of the age during data management or processing, the data may be used to obtain parental consent.

The consent of the legal representative is required for the statement of an incapacitated or limited capacity minor, except for services commonly occurring in everyday life that do not require special consideration and are aimed at registration.

Cookie Management

You can read more about the management of cookies (cookies) in the Cookie Statement.


  • Data Processor: natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the data controller
  • Data Management: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction
  • Data Transmission: making personal data managed by the Data Controller available to third parties
  • Data Protection Incident: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed
  • Terms and Conditions: General Terms and Conditions published on the website, which record the product and service sales rules of the Data Controller
  • Identifiable Natural Person: a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
  • Recipient: a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not
  • Data Subject’s Consent: the data subject’s voluntary, specific, informed, and unambiguous indication of their agreement to the processing of personal data relating to them, by a statement or by a clear affirmative action
  • Data Subject: any natural person who is identified or can be identified by any information
  • Users: visitors to the websites operated by the Data Controller, accessible at and other addresses specified there
  • Third Party: a natural or legal person, public authority, agency or body other than the data subject, data controller, data processor and persons who, under the direct authority of the data controller or data processor, are authorized to process personal data
  • Authority: National Authority for Data Protection and Freedom of Information (headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c., phone: 06-1 391-1400, fax: 06-1 391-1410, email:, website:
  • Partner/Customer: a natural person who enters into a contract with the Data Controller not via the website for the sale of products or provision of services
  • Registration: the recording of a website user’s personal data, thereby creating a user account
  • Personal Data: any information relating to the data subject
  • Service: the products and other services detailed in the Terms and Conditions provided by the Data Controller to its Customers, Partners, and Users via the website or otherwise
  • Website: websites operated by the Data Controller, accessible at and other addresses specified there

Further data management policies: