Privacy Notice and Data Protection Policy
XXL Saleshouse Ltd. – xxlsaleshouse.com
Effective date: 2025-12-16
Last updated: 2025-12-16
Controller: XXL Saleshouse Ltd. (Hungarian legal form: “Kft.”)
Registered seat: H-6000 Kecskemét, Máriahegy 173., Hungary
Office: 1118 Budapest, Szüret str. 15.
Company registration number: 03-09-130219
Tax number: 22981231-2-03
EU VAT: HU22981231
Representative: Managing Director Sándorné Takács
E-mail: info@xxlsaleshouse.com
Phone: +36 (70) 588 53 53
This notice explains how we process personal data collected through our website, Partner Program and Partner Portal, and what rights you have under applicable data protection laws, including the GDPR.
We process personal data lawfully, fairly and transparently, for specified purposes, and only to the extent necessary, in line with the GDPR principles (purpose limitation, data minimisation, accuracy, storage limitation and integrity/confidentiality).
The table below lists our typical processing activities. Actual processing depends on how you use the website features (e.g., forms, downloads, partner portal).
Activity | Data | Purpose | Legal basis (GDPR) | Retention |
Contact (web form / e-mail) | name, e-mail, phone, message content, company name (if provided) | responding to inquiries and providing information | consent or legitimate interests (Art. 6(1)(a)/(f)) | up to 12 months after closure |
Partner application / qualification | contact details, company details, country, partner type, business info (if provided) | preparing partner cooperation, qualification, pre-contractual steps | pre-contractual steps (Art. 6(1)(b)) or legitimate interests (f) | 12 months if rejected; term + 5 years if contracted |
Contracting and performance (B2B) | contact details, billing/business data, communications | performance of the contract and administration | contract (b) and legal obligation (c) | 5 years after termination |
Partner Portal account and access | user identifiers, login data, permissions, activity logs | operating partner processes (orders, settlement, materials, support) | contract (b) and legitimate interests (f) – security | until account closure; logs typically 6–12 months |
Commission settlement (agents) | performance and settlement data, invoicing data | monthly settlement and commission payment, accounting | contract (b) and legal obligation (c) | accounting records: 8 years; other records: 5 years |
Support (L1/L2) | contact details, ticket content, configuration details (if needed) | handling incidents and providing support | contract (b) and legitimate interests (f) | 2 years after ticket closure |
B2B marketing (newsletter / offers) | name, e-mail, company, interests | sending business communications | consent (a) or legitimate interests (f) for B2B outreach | until unsubscribe; suppression list 5 years |
Website security and logging | IP address, browser data, logs | security, incident handling, fraud prevention | legitimate interests (f) | typically 30–90 days |
Cookies and analytics (if enabled) | cookie identifiers, technical data; analytics behavioural data | core functionality, statistics, marketing (optional) | essential: legitimate interests; analytics/marketing: consent | depending on cookie type (1 day to 24 months) |
We may use service providers (processors) to operate the website and partner processes. Typical processors/recipients include:
We may disclose data to authorities or courts where required by law.
Some providers may be located outside the EEA. In such cases we ensure appropriate safeguards under the GDPR (e.g., adequacy decision, Standard Contractual Clauses (SCCs) and supplementary measures). Please align this section with the actual providers used.
We implement appropriate technical and organisational measures to protect personal data (access control, logging, permissions, backups and incident handling).
You may exercise the following rights subject to the GDPR conditions:
Requests can be submitted using the contact details above. We will respond without undue delay and within one month (extendable in certain cases).
You may lodge a complaint with the Hungarian Data Protection Authority (NAIH) or seek judicial remedy.
NAIH (for information): Falk Miksa utca 9-11, H-1055 Budapest; e-mail: ugyfelszolgalat@naih.hu; website: naih.hu.
We may use essential cookies for core functionality based on legitimate interests. Analytics or marketing cookies are used only with prior consent (if such features are enabled). You can manage cookies via your browser settings and (if available) our cookie banner.
Our website and Partner Program are intended for business (B2B) purposes. We do not knowingly collect data from persons under 16.
We may update this notice from time to time (e.g., service changes or legal updates). The updated version will be published on the website.