Legal Information

Privacy Notice

Controller: Kelmroy Limited Liability Company

Registered seat: H-8227 Felsőörs, Miske utca 10.

Website: https://www.drnk81.com

Effective date: 2025.11.27.

This Privacy Notice (hereinafter the “Notice”) applies to data processing carried out on the DRNK81 brand website and future webshop operated by Kelmroy Kft. Its purpose is to provide natural person users with transparent and comprehensible information about the processing of their personal data in accordance with the General Data Protection Regulation (GDPR).

1. Legal background

During processing, the Controller pays particular attention to the following legal norms:

Regulation (EU) 2016/679 of the European Parliament and of the Council – GDPR;
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.);
Act XLVIII of 2008 on commercial advertising activities;
Act CVIII of 2001 on electronic commerce and certain issues of information society services.

2. Controller details and contact

The Controller is Kelmroy Limited Liability Company (hereinafter: “Controller” or “Kelmroy Kft.”).

Registered seat: H-8227 Felsőörs, Miske utca 10.
Email: info@drnk81.com
Customer service: info@drnk81.com
Sales: sales@drnk81.com

The Controller has currently not appointed a Data Protection Officer as there is no mandatory obligation under the GDPR to do so. For any data protection question or complaint, please contact us via the above channels.

3. Purposes and legal bases of processing

Main data processing purposes and legal bases on the DRNK81 website and future webshop:

Purpose	Type of data	Legal basis (GDPR)
Contact, customer service communication	Name, email address, phone number, message content	GDPR Art. 6(1)(b) – pre-contractual steps; and (f) – legitimate interest.
Newsletter, marketing communication (future)	Name, email address, marketing consent	GDPR Art. 6(1)(a) – consent.
Operation of the website, logging	IP address, browser type, visit time, pages visited, technical logs	GDPR Art. 6(1)(f) – legitimate interest (system security and operation).
Web analytics, statistics, cookie-based measurement	IP partially anonymised, device data, cookie identifiers	Consent required for non-essential cookies (GDPR Art. 6(1)(a)); legitimate interest for strictly necessary cookies.
Future webshop operation, order management	Name, billing and delivery details, contact details, order data, limited payment data	GDPR Art. 6(1)(b) – contract performance; and (c) – legal obligations (invoicing, bookkeeping).

4. Scope of processed personal data

The Controller processes only those personal data that are necessary and proportionate to achieve the above purposes. Most common data:

basic identification data: name, email address, phone number (contact, customer service);
communication data: message content, reply emails, timestamps;
in future webshop: billing and shipping data, order and payment data;
technical data: IP address, browser type, operating system, visit time, browsing events;
cookie and identifier data: unique identifiers for usage analytics if consent is granted.

5. Cookies and similar technologies

The DRNK81 website uses cookies and similar technologies for the operation of the site, improving user experience and – in case of consent – analytical or marketing purposes.

Detailed information is provided in the Cookie Policy, which is an integral part of this Notice.

6. Data processors, recipients and data transfers

The Controller may use data processors for certain services (e.g., hosting, newsletter services, courier, accounting).

Processors act based on the instructions of the Controller, according to the contract and GDPR requirements, and may not take independent decisions on personal data.

Personal data may only be transferred to third countries (outside the EEA) if appropriate safeguards exist (adequacy decisions, standard contractual clauses).

7. Retention period

Personal data are only retained as long as necessary for the purposes defined in this Notice, or as required by applicable law.

contact: up to 3 years after closing the case (limitation periods);
future contract/order: invoice data at least 8 years (Accounting Act);
newsletter: until unsubscribe or withdrawal of consent;
technical log data: typically no longer than 1 year for security and operation.

8. Data subject rights

Under the GDPR, the User has the following rights in relation to data processing:

Right of access – request information on whether personal data are processed and if so, what data and for what purpose and period;
Right to rectification – request correction of inaccurate data;
Right to erasure (“right to be forgotten”) – in specific cases, request deletion;
Right to restriction of processing – in certain cases, request restriction;
Right to data portability – in case of contract-based or consent-based processing, request machine-readable transfer;
Right to object – in case of legitimate interest processing, object to processing;
Right to withdraw consent – in case of consent-based processing, it may be withdrawn at any time without affecting the lawfulness of processing before withdrawal.

To exercise your rights, please contact the Controller using the details above. The Controller will respond without undue delay, but at the latest within one month from receipt.

9. Remedies

If you believe that the Controller has violated applicable laws in connection with the processing of your personal data, you may pursue the following remedies:

contacting the Controller directly (recommended first step);
lodging a complaint to the Hungarian National Authority for Data Protection (NAIH):
- Address: 1055 Budapest, Falk Miksa utca 9–11.
- Mailing address: 1363 Budapest, Pf. 9.
- Telephone: +36 (1) 391-1400
- Website: www.naih.hu
judicial remedy – before the court of your domicile or habitual residence.

10. Data Security

The Controller takes appropriate technical and organisational measures to:

prevent unauthorised access;
protect against damage or destruction;
reduce the risk of data loss or data theft.

The data protection level is regularly reviewed and improved as necessary.

11. Personal data of children

The DRNK81 website and future webshop are not specifically intended for children. The Controller does not target persons under 16 and does not conduct direct marketing activities directed at children.

If we become aware that personal data of a person under 16 have been provided without parental or guardian consent, such data will be deleted as soon as reasonably possible.

12. Modification of this Notice

The Controller reserves the right to modify this Notice depending on the changing legal environment, data processing practice or services provided.

The currently valid version is published on the website. Significant changes will be separately notified if necessary.

13. Scope

This Privacy Notice is effective from 2025.11.27. and remains valid until revoked or modified.