Privacy & Security

1. Introduction

We place great importance on complying with current data protection regulations and laws. Below, we detail the steps taken by the tokaj-portius.hu website and Richárd Hörcsik E.V. to protect data and the processes related to data collection.

The data controller is Richárd Hörcsik E.V., who is responsible for managing personal data.

Contact Information:

  • Full Legal Name: Richárd Hörcsik, sole proprietor
  • Email Address: richard@tokaj-portius.hu
  • Postal Address: 3950 Sárospatak, Kazinczy út 2-4.

2. What Personal Data Do We Process and Why?

Personal data refers to information that clearly identifies an individual.

On the tokaj-portius.hu website, we process the following personal data, specifying the legal basis for each:

Communication Data

This includes any messages sent to us via the website, email, social media, or any form of communication.

These data are processed and retained to fulfill orders and to serve as a basis for legal claims if necessary.

Legal Basis: The user’s legitimate interest in our activities, as expressed in the messages sent to us.

Customer Data

This includes all data related to the purchase of products and services, such as the customer’s name, shipping and billing address, email address, phone number, and product details.

These data are processed to successfully fulfill orders and maintain legal records of purchases.

Legal Basis: The performance of a contract formed between the customer and Richárd Hörcsik E.V.

User Data

This includes data generated during the use of the website, enabling its technical operation, maintaining site security, storing backups of user activities, and ensuring access to the most relevant content.

Legal Basis: The user’s legitimate interest in our activities, necessitating the storage of this data for technical operations.

Technical Data

This includes data generated during website use, such as IP address, login details, browser data, visit duration, page views, navigation paths, visit frequency and timing, time zones, and device details used to access the site.

Source: Our analytics software.

These data are processed to analyze user behavior on the site, maintain site security, and understand the effectiveness of marketing decisions.

Legal Basis: The user’s legitimate interest in our activities, allowing us to process this data to meet security expectations and use it for business growth.

Marketing Data

This includes visitor preferences regarding marketing content. These data are processed to enable participation in sweepstakes and send advertisements related to products/services the user has shown interest in.

Legal Basis: The user’s legitimate interest in our activities, allowing us to process this data for security purposes and business growth.

Collected data may occasionally be used for purposes such as targeted, relevant advertising on the Facebook™ platform and various dynamic advertising surfaces, measuring the effectiveness of advertisements.

Legal Basis: The user’s legitimate interest in our activities, allowing us to process this data for security purposes and business growth.

We do not collect sensitive data such as ethnicity, religious beliefs, sexual orientation, political opinions, union membership, health background, or genetic/biometric information.

3. How Do We Collect Data?

Personal data may be collected directly from users (e.g., placing an order or sending a message).

Additionally, certain data are collected automatically during website use, such as through “cookies” and similar technologies, which operate only with user consent.

For more information, please see our Cookie Statement.

Certain data are received from external partners, such as analytics providers (e.g., Google), advertising networks (e.g., Facebook™), and payment service providers (e.g., PayPal and Barion).

4. Our Practical Steps for Data Protection

Richárd Hörcsik E.V. values user data protection and regulatory compliance. Following a data protection impact assessment, we created a list of collected data, their necessity, legal basis, and compliance.

We apply SSL certification (Let’s Encrypt Authority X3) to protect data submitted via forms and generated on the site. To protect against attacks, we use premium security software (iThemes Security Pro) to defend stored data against “brute force” and viral attacks. In our databases, purchase and user data are stored in an encrypted (pseudonymized) form, making them unreadable to external parties. This privacy statement provides users with forms to request information about their personal data, modify or delete their personal data. Occasionally, for business purposes, it is necessary to share data with service partners (e.g., hosting providers, courier services, newsletter software).

In such cases, we always select partners who comply with GDPR regulations and, in the case of US-based partners, participate in the EU-US Privacy Shield initiative, and we sign data processing agreements to ensure responsible data handling.

5. Marketing Communication

Marketing communication is essential for our business activities. The legal basis for this data processing is user interest in our services or explicit user consent.

According to the EU Privacy and Electronic Communications Regulations (PECR), we send marketing messages to users who have purchased from us or explicitly consented to receive marketing messages.

Users can unsubscribe from marketing communications at any time, with clear instructions provided in each email or by requesting removal from our database at richard@tokaj-portius.hu.

Even after unsubscribing from marketing communications, we may still send messages related to order fulfillment.

6. Sharing Personal Data

Sometimes, it is necessary to share certain personal data with specific partners to maintain normal business operations:

  • IT service providers and those performing troubleshooting and maintenance on computer systems
  • Professional partners such as lawyers, accountants, bankers, and insurers
  • Government agencies requesting reports on our activities
  • Payment service providers handling bank card data securely
  • Courier services fulfilling incoming orders to the specified delivery address

International Data Transfers

Occasionally, it is necessary to share user data with service partners outside the European Economic Area (EEA) for business continuity.

Non-EEA countries often do not provide the same level of data protection, so European laws prohibit data export without appropriate conditions.

Whenever personal data is transferred outside the EEA, we take the following steps in addition to those mentioned in Section 4 to ensure data security:

  • Only transfer data to countries deemed adequate by the European Commission in terms of data security
  • Only use US-based services participating in the EU-US Privacy Shield initiative

If these conditions are not met, we request explicit user consent for the data transfer, which can be withdrawn at any time.

Links to External Sites

This site may contain links to external sites or embedded code snippets enabling external services.

Clicking these links or using the embedded solutions may allow external partners to collect data about users.

While we strive to thoroughly review partners, we do not control their data protection principles and are not responsible for their data handling practices.

7. Data Retention Period

User data is retained only as long as necessary for legal/accounting/reporting obligations or for operating the service.

When deciding on the retention period, we consider the data’s quantity, nature, and sensitivity, and the potential impact of a data breach.

For tax reasons, we must retain customer billing and purchase data for at least 8 years to comply with legal obligations.

In certain circumstances, we may use anonymized data for statistical purposes, retaining it indefinitely without notification.

8. User Rights

As an EU citizen, the General Data Protection Regulation (GDPR) grants the following rights to users of the site:

a. Access to Personal Data

Users have the right to request a copy of the personal data held by Richárd Hörcsik E.V. Requests are generally fulfilled free of charge within 14 days of the request.

For repeated, abusive, or unwarranted data requests, Richárd Hörcsik E.V. may charge a moderate fee and may require additional time to fulfill the request.

Richárd Hörcsik E.V. may also request proof of identity before releasing data to prevent misuse. To request personal data, please use the following contact form:

Data Request / Data Deletion / Data Restriction

b. Modification of Personal Data

If personal data has changed or was provided incorrectly, users have the right to request data modification. To modify personal data, please contact us at richard@tokaj-portius.hu.

c. Request for Deletion of Personal Data

Users have the right to request the deletion of all their personal data. The request is fulfilled free of charge within 14 days. After data deletion, the user account will no longer be accessible, and any purchased materials will become inaccessible, as personal data linked to the user account are essential for accessing the service.

Richárd Hörcsik E.V. may request proof of identity before deleting personal data to prevent misuse. To request data deletion, please use the above contact form.

d. Request for Restriction of Personal Data Processing

Users have the right to request restrictions on their data being made available to third parties (service partners). The request can specify the service partners to be restricted.

It is important to note that cooperation with certain service providers is essential for the site’s operation (e.g., Barion as a payment service provider), and restricting them may make the site’s services unavailable to the user.

Richárd Hörcsik E.V. may request proof of identity before restricting data processing to prevent misuse. To request data restriction, please use the above contact form:

In Hungary, the official authority for data protection is the National Authority for Data Protection and Freedom of Information (NAIH). Users can find more information about their data protection rights on the NAIH website.

  • National Authority for Data Protection and Freedom of Information
  • Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
  • Postal Address: 1530 Budapest, Pf.: 5.
  • Phone: 06.1.391.1400
  • Fax: 06.1.391.1410
  • Email: ugyfelszolgalat@naih.hu
  • Website: naih.hu
 

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.