1. Introduction
Szintia Szabó-Ormándlaky hereby informs you about the practices regarding the processing of personal data related to the use of the website styleandbyte.com (hereinafter: Website) and the services provided on the website, the organizational and technical measures taken to protect the data, as well as your rights related to data processing and the possibilities for enforcing those rights.
This notice and the data processing will be conducted in accordance with the applicable laws, particularly with regard to the following:
– Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter: Regulation)
– Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Ektv.)
– Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services
– Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities.
2. Basic Concepts Related to Personal Data and Their Interpretations
– **Personal data**: Any information relating to an identified or identifiable natural person („data subject”); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
– **Data processing**: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
– **Data controller**: A natural or legal person, public authority, agency, or any other body which determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the data controller or the specific criteria for its designation may be provided for by Union law or the law of a Member State.
– **Data processor**: A natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the data controller.
– **Data breach**: A security breach that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
3. The Data Controller
The data controller is Szintia Szabó-Ormándlaky ev. (hereinafter: Data Controller, tax number: 59981039- 1-26, VAT:HU59981039, Headquarters: Hungary, 6775 Kiszombor, Rozmaring utca 2., email: info@styleandbyte.com).
4. Principles of Data Processing
Personal data must be processed lawfully and fairly, and in a transparent manner in relation to the data subject.
The collection of personal data must be for specified, legitimate purposes and must not be further processed in a manner that is incompatible with those purposes. The data processed must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. The data processed must be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
5. Scope of Data Subjects
Data subjects include individuals visiting the Website operated by the Data Controller, newsletter subscribers, and those who like the Website on Facebook.
6. Processed Data
6.1. In the case of newsletter subscription on the Website, the Data Controller processes the following data of the subscribing data subject: name, email address, IP address.
6.2. The data of visitors to the Website: Various types of cookies may be installed on the device of the visiting data subject during the use of the website (for detailed information about cookies, see point 11). Each cookie may store the visitor’s IP address or part of it, the type of browser, and data related to the use of the website (time of visit, pages visited, session duration, number of clicks). If a visitor to the Website marks the page as „liked” using the Facebook plugin placed on the site or subscribes to the Website’s Facebook page, the Data Controller processes data related to the data subject’s Facebook profile (name, profile picture).
7. Purpose of Data Processing
7.1. In the case of newsletter subscription, the purpose of data processing is to provide the newsletter sending service, including information about discounts, products, and services of the Data Controller. 7.2. In the case of inquiries sent through the Website, the purpose of data processing is to inform the data subject about the service they are interested in.
7.3. The purpose of cookies used during the operation of the Website is detailed in point 11. The purpose of data processing when using the Facebook plugin placed on the Website is to enable the data subject to mark the page as liked and to subscribe.
8. Legal Basis for Data Processing
8.1. In the case of newsletter services, the legal basis for data processing is the voluntary consent of the data subject (Regulation Article 6(1)(a)). The Data Controller is also entitled to process the email address and IP address based on Ektv. § 13/A, as these are technically necessary data for providing the service.
8.2. In the case of data provided in inquiries sent through the Website, the legal basis for data processing is the voluntary consent of the data subject (Regulation Article 6(1)(a)).
8.3. For cookies installed on the data subject’s device through the Website, the legal basis for data processing is:
- For cookies that are technically necessary for the operation of the Website and for the use of services and functions provided on the Website: Ektv. § 13/A, Regulation Article 6(1)(b).
- For cookies that serve comfort or marketing functions, or analyze the use of the website to improve performance: the voluntary consent of the data subject (Regulation Article 6(1)(a)).
Regarding the use of the Facebook plugin, the legal basis for data processing is Ektv. § 13/A and Regulation Article 6(1)(a).
8.4. The Data Controller may also process the data subject’s data if this is necessary for the enforcement of its legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (Regulation Article 6(1) (f)). An example of this may be if the Data Controller has a claim against the data subject (e.g., an unpaid invoice).
9. Duration of Data Processing
9.1. The Data Controller processes the data handled during the newsletter service until the data subject unsubscribes from the newsletter service or requests the deletion of their data.
9.2. In the case of inquiries sent through the Website, the Data Controller processes the handled data until the requested information is provided to the data subject. The Data Controller will automatically delete the data no later than 1 year after this, unless the data subject has contacted the Data Controller again. In the case of repeated inquiries, the Data Controller will process the personal data for no longer than 1 year from the fulfillment of the information.
9.3. Information about the lifespan of cookies can be found in point 11. In the case of marking the Website as „liked” on Facebook or subscribing, the data processing lasts until the data subject requests deletion (unsubscription, withdrawal of the like).
10.Access to Data (Recipients)
Personal data may be accessed by employees of the Data Controller authorized for this purpose, as well as by contracted agents who need access to personal data to perform their tasks, and by the Data Controller’s executive officers and their deputies.
Personal data will only be transferred to third parties for the purpose of data processing. The data processor may only process personal data that has come to its knowledge according to the instructions of the data controller, may not carry out data processing for its own purposes, and is obliged to store and preserve personal data according to the data controller’s instructions.
10.1. The Data Controller provides the newsletter service through newsletter management software. The operator of the newsletter management software processes the personal data of the data subjects (name, email, IP address) as a data processor during the provision of the service. The Data Controller uses the following data processors for the newsletter service:
HubSpot, Inc, registered office: 25 First Street, Cambridge, MA 02141 USA, phone: +1 888 482 7768, email: hubspot@hubspot.com
10.2. The Data Controller uses Google Analytics, operated by Google, Inc, to analyze the use of the website, which collects information and prepares statistical reports on the use of the website without identifying individual visitors. This service uses cookies, which are installed on the data subject’s computer. The data collected by the cookies regarding the use of the website will be stored on the server of Google LLC, as a data processor (registered office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, phone: 650-253-0000, email: data-protection-office@google.com). Google LLC is listed in the compliance list maintained under the Privacy Shield Framework.
In the case of data processing related to the use of the Facebook plugin, the data processor is Facebook Inc., registered office: 1 Hacker Way, Menlo Park, California 94025, USA, phone: +1 650-543-4800, email: privacyshield@support.facebook.com.
Facebook Inc. is also listed in the compliance list maintained under the Privacy Shield Framework.
11. Cookies Used on the Website
A cookie is a piece of information sent by the Website to a small file on the hard drive of the data subject’s computer or mobile device. A cookie typically contains the name of the domain from which it has come, the cookie’s expiration time, and a randomly generated number (value).
The cookies used by the Website serve various purposes. Some cookies are technically necessary for the operation of the site, as without them the site and its essential functions would not be usable. Some cookies facilitate the use of the Website by remembering the visitor’s actions and personal settings (e.g., language, font size, and other individual settings related to the display of the homepage) for a certain period, so the visitor does not have to re-enter them on each new visit or when navigating from one page to another. There are cookies that serve to enhance the performance of the Website by collecting information and preparing statistical data on the use of the Website. Some cookies serve advertising purposes by facilitating the display of ads that are most relevant to the visitor.
Cookies can be categorized as follows:
– **Session cookies**: Temporary cookies that remain in the visitor’s web browser’s cookie file until they leave the Website, and are automatically deleted at the end of the session or when the browser is closed. These are necessary for browsing the website and using its functions, including remembering actions taken by the visitor on the page, function, or service.
– **Usage-supporting cookies**: These are used to remember how the user has set up and used the Website. The aim is to avoid having to re-enter these settings during the next visit. Without the data stored in preference cookies, our website would function less smoothly.
– **Performance cookies**: These cookies are used to help the Data Controller collect information about how visitors use the Website, such as which pages were viewed, what sessions were initiated, and how long the pages were viewed, and how long the sessions lasted. The Data Controller uses Google Analytics, which collects information using cookies and prepares statistical reports on the use of the website without identifying individual visitors. The purpose of using these cookies is to provide the Data Controller with an overview of the use of the Website and to further develop it to provide a user-friendly experience for visitors.
– **Advertising cookies**: These cookies can be used to display ads that are of interest to the data subject on the Website and to increase the effectiveness of its own marketing appearance. Cookies in this category may remember the visitor’s recent searches, previous interactions with ads or search results from individual advertisers, as well as visits to advertisers’ websites, and help display relevant ads by analyzing this data.
Properties of Used Cookies
| Cookie Type | Cookie Name | Purpose of Cookie | Duration of Cookie |
| __cf_bm | Content saving | 1 hour | Session |
| _cfuvid | Optimizing user experience | In use | Session |
| __hssrc | Page customization | In use | Session |
| __hssc | Page customization | 1 hour | Session |
| wpEmojiSettingsSupports | Page customization | In use | Session |
| ga* | Visitor statistics (anonymous) | 1 year 1 month 4 days | Performance |
| _ga | Visitor statistics (anonymous) | 1 year 1 month 4 days | Session |
| __hstc | Page customization | 6 months | Performance |
| pvc_visits[0] | Visitor statistics (anonymous) | 1 day | Marketing |
| hubspotutk | Sending unique offers to our newsletter subscribers | 6 months |
If the visiting data subject has consented to the use of cookies on the Website, they still have the option to modify the cookie settings or delete cookies from their device. Web browsers allow the modification of cookie settings or the deletion of cookies.
You can read more detailed information about modifying cookie settings and deleting cookies in different types of browsers at the following links:
– Firefox
12. Security of Personal Data
The Data Controller ensures the security of processed and stored data during data processing and storage with measures appropriate to the level of technology (e.g., firewall), protecting against unauthorized access and unauthorized modification or alteration.
The Data Controller provides the expected level of protection during data processing.
13.Rights of Data Subjects Related to Data Processing, Remedies
As a data subject, you may request access to your personal data from the Data Controller, their rectification, deletion, or restriction of processing, and you may object to the processing of such personal data.
You have the right to receive feedback from the Data Controller regarding whether your personal data is being processed. If such data processing is ongoing, you have the right to be informed about the purposes of the data processing, the categories of personal data concerned, the categories of recipients of the data, and the planned duration of storage of personal data (if this is not possible, the criteria for determining this duration).
The Data Controller will provide a copy of the processed personal data to you. For additional copies, the Data Controller may charge a reasonable fee based on administrative costs. If you submitted your request electronically, the information must be provided in a widely used electronic format, unless you request otherwise.
Personal data must be deleted if:
– the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
– the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
– the data subject objects to the processing, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing under Article 21(2) of the Regulation;
– the personal data have been unlawfully processed;
– the personal data must be deleted for compliance with a legal obligation to which the data controller is subject;
– the personal data have been collected in relation to the offer of information society services directly to children.
You may request that the Data Controller restrict the processing of your data if any of the following applies:
– you contest the accuracy of the personal data, in which case the restriction applies for a period enabling the data controller to verify the accuracy of the personal data;
– the processing is unlawful, and you oppose the deletion of the data and request instead the restriction of their use;
– the data controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims; or
– you have objected to the processing; in this case, the restriction applies for a period until it is determined whether the legitimate grounds of the data controller override those of the data subject.
You have the right to receive your personal data provided to the Data Controller in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another data controller.
You have the right to object at any time to the processing of your personal data on grounds relating to your particular situation, if the processing is based on:
– the performance of a task carried out in the public interest or in the exercise of official authority vested in
the data controller;
– the legitimate interests pursued by the data controller or a third party.
In this case, the data controller may no longer process the personal data unless the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or which relate to the establishment, exercise, or defense of legal claims. If the processing of personal data is for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, including profiling to the extent that it is related to such direct marketing.
If a data breach is likely to result in a high risk to your rights and freedoms, the Data Controller will inform you of the data breach without undue delay.
In the above matters, you may submit your request to the Data Controller (Szintia Szabó-Ormándlaky ev., Headquarters: Hungary, 6775 Kiszombor, Rozmaring utca 2. email: info@styleandbyte.com). The Data Controller will inform you of the actions taken in response to your request without undue delay and within one month of receipt of the request.
If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by a further two months. The Data Controller will inform you of the reasons for the delay within one month of receipt of the request. If you submitted your request electronically, the information should be provided electronically where possible, unless you request otherwise.
If the Data Controller does not take action in response to your request, it will inform you without undue delay and at the latest within one month of receipt of the request of the reasons for not taking action. In the event of inaction or regarding the action taken, you may lodge a complaint with the National Authority for Data Protection and Freedom of Information and exercise your right to judicial remedy.
You have the right to initiate proceedings with the National Authority for Data Protection and Freedom of Information if there has been an infringement of your rights regarding the processing of personal data or if there is a direct risk of such an infringement. The Authority’s contact details are: postal address: 1530 Budapest, Pf.: 5., phone: +36 (1) 391-1400, email: ugyfelszolgalat@naih.hu, website: http://naih.hu. In the event of a violation of your rights, you may bring an action against the Data Controller. The court has jurisdiction over the case. The action may be brought before the court of your residence or habitual residence, at your choice.
Data subjects have the right to contact the data protection authority of their country of residence within the European Union. A comprehensive list of national data protection authorities, along with their contact details, is available on the EDPB’s official website: https://edpb.europa.eu.
For data subjects residing outside the European Union, different privacy laws may apply. Below are the primary regulations and supervisory authorities in key jurisdictions:
- United Kingdom: UK GDPR, Information Commissioner’s Office (ICO) – https://ico.org.uk
- United States: Various federal and state laws (e.g., CCPA in California), Federal Trade Commission (FTC) – https://www.ftc.gov
- Canada: PIPEDA, Office of the Privacy Commissioner of Canada (OPC) – https://www.priv.gc.ca
- Australia: Privacy Act 1988, Office of the Australian Information Commissioner (OAIC) – https://www.oaic.gov.au
- China: PIPL, Cyberspace Administration of China (CAC) – http://www.cac.gov.cn
- Brazil: LGPD, Autoridade Nacional de Proteção de Dados (ANPD) – https://www.gov.br/anpd
- South Africa: POPIA, Information Regulator of South Africa – https://www.justice.gov.za/inforeg
For a comprehensive list of data protection authorities worldwide, data subjects are encouraged to consult their respective national privacy regulators.
A party to the proceedings may also be someone who does not otherwise have legal capacity to sue. The Authority may intervene in the proceedings in favor of the data subject.
If you have any complaints or issues regarding the processing of your personal data, please contact the Data Controller before initiating any of the above procedures.