Privacy Policy

The business of Varga Laura (hereinafter referred to as the Service Provider, Data Controller), as the data controller, acknowledges this privacy policy as binding for itself regarding the protection of personal data of natural persons and the free flow of data. It undertakes to ensure that all data processing related to its activities complies with the provisions of this policy, the applicable national legislation—considering the content of Act CXII of 2011 (Info Act)—as well as the expectations set out in Regulation (EU) 2016/679 of the European Parliament and the Council.

The data protection principles related to data processing are continuously available at https://tressart.com/page/privacy-policy.

The Data Controller reserves the right to modify this policy at any time. Naturally, any changes will be communicated to consumers in due time.

If you have any questions regarding this notice, please write to us, and our colleagues will respond to your inquiry: contact@tressart.com.

The owner of the website, the business of Varga Laura (hereinafter: Data Controller), is committed to the adequate protection of personal data. Therefore, it establishes and maintains a privacy policy that complies with the applicable legal regulations at all times, guarantees the proper protection of the individuals concerned, and facilitates the exercise of their rights.

The Data Controller presents its data processing practices below.

1. Data Controller Information:

  • Company name: Varga Laura
  • Company headquarters: Alasia 1. Chloraka Hills B3/1, 8220 Chloraka, Cyprus
  • Email address: contact@tressart.com
  • Website: https://tressart.com
  • Privacy policy availability: https://tressart.com/page/privacy-policy

2. Definitions

2.1. GDPR

General Data Protection Regulation, the new Data Protection Regulation of the European Union;

2.2. "Data Processing"

Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;

2.3. "Data Processor"

A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Data Controller;

2.4. "Personal Data"

Any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

2.5. "Data Controller"

A natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria for its nomination may be provided for by Union or Member State law;

2.6. "Consent of the Data Subject"

A freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

2.7. "Data Protection Incident"

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;

2.8. "Recipient"

A natural or legal person, public authority, agency, or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

2.9. "Third Party"

A natural or legal person, public authority, agency, or body other than the data subject, the Data Controller, the Data Processor, and persons who, under the direct authority of the Data Controller or the Data Processor, are authorized to process personal data.

2.10. "Restriction of Data Processing"

Marking stored personal data for the purpose of restricting their future processing.

2.11. "Business"

A natural or legal person engaged in economic activities, regardless of its legal form, including partnerships and associations that regularly conduct economic activities.

2.12. "Profiling"

Any form of automated processing of personal data that involves using personal data to evaluate certain personal characteristics related to a natural person, particularly those associated with work performance, economic situation, health status, personal preferences, interests, reliability, behavior, location, or movement.

2.13. "Pseudonymization"

Processing personal data in such a manner that they can no longer be attributed to a specific natural person without the use of additional information, provided that such additional information is stored separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

3. Principles of Data Processing

The Data Controller declares that it processes personal data in accordance with this data processing notice and complies with applicable legal requirements, with particular attention to the following:

  • Personal data must be processed lawfully, fairly, and transparently for the data subject.
  • Personal data may only be collected for specified, explicit, and legitimate purposes.
  • The purpose of processing personal data must be appropriate and relevant and should only extend to the necessary extent.
  • Personal data must be accurate and kept up to date. Inaccurate personal data must be promptly deleted.
  • Personal data must be stored in a manner that allows identification of the data subjects only for as long as necessary. Longer storage is permitted only for public interest archiving, scientific or historical research, or statistical purposes.
  • Personal data must be processed in a manner that ensures their security using appropriate technical or organizational measures to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage.
  • The principles of data protection apply to all information related to an identified or identifiable natural person.
  • 4. Important Information on Data Processing

The purpose of data processing is for the Service Provider / Data Controller to provide additional services to visitors and registered users of the website.

The legal basis for data processing is the consent of the data subject.

The scope of affected individuals includes visitors and registered users of the website.

Duration of data processing and data deletion: The duration of data processing always depends on the specific purpose and legal basis. However, data must be promptly deleted if the original purpose has been fulfilled. The data subject can withdraw their consent at any time by sending an email to the designated contact email address. If no legal impediment exists, the data will be deleted.

The Data Controller is authorized to access the data.

The data subject may request access to, rectification, deletion, or restriction of processing of their personal data from the Data Controller. They may also object to the processing of such personal data and exercise their right to data portability. The data subject may withdraw their consent at any time, but this does not affect the lawfulness of processing based on consent before withdrawal. The data subject may also lodge a complaint with the supervisory authority.

If the data subject wishes to take advantage of registration benefits or other services on the website, they must provide the necessary personal data. The provision of personal data is not mandatory, and failure to provide data will not result in any adverse consequences. However, certain functions of the website may not be available without providing personal data.

The data subject has the right to request the Data Controller to correct or supplement inaccurate personal data without undue delay. They may also request deletion, and the Data Controller must delete the data without undue delay if there is no legal basis for further processing.

Personal data modification or deletion can be requested via email at the contact address provided in section 1.

5. Data Protection Officer

The Data Controller does not engage in activities that would require the appointment of a Data Protection Officer.

6. Data Processing Purposes

The scope of affected individuals includes all those who fill out an application or registration form on the website. The legal basis for processing is the user's consent.

7. Detailed Data Processing Purposes and Processed Data

7.1. Data Related to Services Provided on the Website and Contract Fulfillment

Through the website, users can order services. The personal data requested during the order process include:

  • Name (required field)
  • Email address (required field)
  • Phone number (required field, for callback or SMS communication)
  • Purchase date (technical data operation)
  • IP address (technical data operation)
  • Billing details
  • Additional personal data may be provided for specific services (e.g., website maintenance) with user consent.

Purpose and use of data: The data are used to fulfill the order.

Legal basis for data processing: Acceptance of the Data Processing Notice and ordering services, in accordance with the General Terms and Conditions (GTC).

Retention period: 5 years after contract termination.

7.2. Data Related to Website Registration

Users can register through the website, and the personal data requested during registration include:

  • Name (required field)
  • Email address (required field)
  • IP address (technical data operation)

Legal basis for data processing: User consent. Additional personal data may be provided for specific services (e.g., website maintenance) with user consent.

Purpose and use of data: The data are used to complete website registration.

Legal basis: Contract.

Retention period: Until the user unsubscribes.

7.3. Data Related to Contact Requests

Personal data requested during contact inquiries:

  • Name (required field)
  • Email address (required field)
  • IP address (technical data operation)

Purpose and use of data: The data are used for communication and order fulfillment.

Legal basis for data processing: User consent.

Retention period: Until a deletion request or unsubscription.

8. Cookies

8.1. Purpose of Cookies

Cookies collect information about visitors and their devices; they store individual settings used for online transactions to prevent repeated data entry; they facilitate website usage; and they provide a high-quality user experience.

To deliver personalized services, a small data package known as a cookie is placed on the user’s device and read during subsequent visits. If a browser returns a previously stored cookie, the service provider may link the current visit to previous ones, but only regarding its content.

8.2. Essential Session Cookies

These cookies ensure that visitors can fully and seamlessly browse the Data Controller’s website, use its functions, and access available services. These cookies remain valid only for the duration of the browsing session and are automatically deleted when the browser is closed.

8.3. Third-Party Cookies (Analytics)

The tressart.com website also uses Google Analytics cookies as third-party cookies. By using the statistical service of Google Analytics, the Data Controller collects information about how visitors use the website. This data is used to improve the website and enhance the user experience. These cookies remain on the visitor's computer or other browsing device in their browser until they expire or are deleted by the visitor.

According to Section 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (Elkertv.), the service provider may process personal data necessary for the provision of the service. The service provider must choose and operate the tools used in the provision of information society-related services in such a way that personal data is processed only if it is essential for the provision of the service and for the fulfillment of the purposes specified in this law, and even then, only to the necessary extent and duration.

8.4. Authorized Persons to Access the Data: The Data Controller does not process personal data through the use of cookies.

8.5. Method of Data Storage: Electronic.

8.6. Further Information on Cookies and Their Settings

For more detailed information on modifying cookie settings and deleting cookies in different browsers, visit the following links:

8.7.1. Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu

8.7.2. Firefox: https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak-szami?redirectlocale=hu&redirectslug=S%C3%BCtik+kezel%C3%A9se

8.7.3. Internet Explorer: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies

8.7.4. Opera (English): https://www.opera.com/help/tutorials/security/privacy/

9. Social Media Platforms

A social media platform is a communication tool that spreads messages through social users. Social media utilizes the internet and online presence opportunities to enable users to become content creators instead of just content consumers.

Social media is an online application platform where user-generated content is shared, such as Facebook, Google+, Twitter, etc.

Social media appearances may include public speeches, presentations, product or service descriptions.

The types of information shared on social media may include forums, blog posts, images, videos, audio files, message boards, messages, emails, etc.

Accordingly, beyond personal data, the processed data may include the user's public profile picture.

Scope of data subjects: All registered users. Purpose of data collection: To promote the website or related web pages. Legal basis for data processing: The voluntary consent of the data subject. Duration of data processing: As specified by the regulations of the given social media platform. Data deletion deadline: As specified by the regulations of the given social media platform. Persons authorized to access the data: As specified by the regulations of the given social media platform.

Rights related to data processing: As specified by the regulations of the given social media platform.

Method of data storage: Electronic.

It is important to consider that when a user uploads or submits any personal data, they grant a worldwide license to the social media platform operator to store and use such content. Therefore, it is crucial to ensure that the user has full authorization to share the published information.

9.1. Facebook

Fact of data collection and scope of processed data: Registered name on Facebook.com and the user's public profile picture.

Scope of data subjects: Any individual who has registered on Facebook.com and liked the website.

Purpose of data processing: Sharing, liking, and promoting certain content elements, products, promotions, or the website itself on Facebook.com (https://tressart.com).

Duration of data processing, persons authorized to access the data, and information on the rights of the data subjects concerning data processing: The data subject can obtain information about the source of the data, its processing, transfer, and legal basis at http://www.facebook.com/about/privacy/.

Since data processing takes place on Facebook.com, the regulations of the Facebook.com community site apply to the duration, method, and possibilities for deleting or modifying data: http://www.facebook.com/legal/terms?ref=pf http://www.facebook.com/about/privacy/

Legal basis for data processing: The voluntary consent of the data subject to the processing of their personal data on Facebook.com.

10. Google Analytics

Our website uses Google Analytics. When using Google Analytics:

Google Analytics compiles reports for its clients about users' habits based on internal cookies.

On behalf of the website operator, Google uses this information to evaluate how users interact with the website. Additionally, Google prepares reports related to website activity for the website operator so that it can provide further services.

The data is stored on Google's servers in an encrypted format to make it difficult and prevent misuse of the data.

Google Analytics can be disabled as follows. Quoting from the site:

"Website users who do not wish Google Analytics JavaScript to generate reports on their data can install the Google Analytics opt-out browser add-on. This add-on prevents Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser add-on is available for most modern browsers. The Google Analytics opt-out browser add-on does not prevent data transmission to the website itself or other web analytics services."

https://support.google.com/analytics/answer/6004245?hl=en

Google’s Privacy Policy: https://policies.google.com/privacy?hl=en

Detailed information on data usage and protection can be found in the links above.

Privacy details:

https://static.googleusercontent.com/media/www.google.com/en//intl/en/policies/privacy/google_privacy_policy_en.pdf

11. Remarketing – Google Ads

The website uses Google Ads remarketing tracking codes. Remarketing is a feature that allows the website to display relevant advertisements to users who have previously visited the website while browsing other websites within the Google Display Network. The remarketing code uses cookies to tag visitors. Users who visit the website can disable these cookies and find additional information about Google’s data management at the following addresses:

http://www.google.com/policies/technologies/ads/

https://support.google.com/analytics/answer/2700409

If a user disables remarketing cookies, they will not receive personalized offers from the website.

12. Remarketing – Facebook

The website uses Facebook remarketing tracking codes (Facebook Pixel). Remarketing is a feature that allows the website to display relevant advertisements to users who have previously visited the website while browsing Facebook pages. The remarketing code uses cookies to tag visitors. Users visiting the website can read Facebook's data management policies at the following addresses:

http://www.facebook.com/legal/terms?ref=pf

http://www.facebook.com/about/privacy/update

13. Data Processing, Data Transfer, and Data Access

Your personal data may be processed by the Data Controller, who is authorized to access it while adhering to applicable laws and principles.

13.1. Hosting Service Provider:

  • Name: Rackforest Informatikai Kereskedelmi és Tanácsadó Zrt.
  • Address: 1132 Budapest, Victor Hugo utca 18-22. 3rd floor
  • Tax ID: 32056842-2-41
  • Email: info@rackforest.hu
  • Accessible Data: Personal data provided by the data subject.

13.2. Google Analytics:

  • Google Inc., Mountain View, California, USA
  • Accessible Data: Anonymous, non-personally identifiable IP addresses of website visitors.
  • Google's Privacy Policy: https://policies.google.com/privacy?hl=en

13.3. Facebook:

  • Facebook Inc.
  • Menlo Park, California, USA
  • Data Processing Information: https://www.facebook.com/about/privacy/update
  • Accessible Data: Username, comments, profile picture.

13.4. Hotjar:

  • Hotjar Ltd.
  • Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta
  • Data Processing Information: https://www.hotjar.com/legal/policies/privacy
  • Accessible Data: Anonymized website usage activities (time spent on site, clicks, scrolling behavior).

13.5. Data Transfer to Third Countries

Data transfer occurs to the United States, which received an adequacy decision on July 12, 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en).

This adequacy decision is valid for the following data controllers: Mailchimp (https://mailchimp.com/legal/privacy/), Google (https://policies.google.com/privacy/frameworks), and Facebook (https://www.facebook.com/about/privacyshield).

14. Legal Basis

Our company processes your personal data based on the following legal grounds:

  • Issuing invoices in compliance with accounting regulations: Legal basis: GDPR Article 6 (1) (c)
  • Contact purposes: Legal basis: GDPR Article 6 (1) (f)
  • Processing partner employees’ data: Legal basis: Legitimate interest assessment
  • Managing contractual partners' data: Legal basis: GDPR Article 6 (1) (b)
  • Marketing activities: Legal basis: GDPR Article 6 (1) (a)
  • Online registration: Legal basis: GDPR Article 6 (1) (a)

15. Data Retention Period

15.1. Invoices must be retained for at least 8 years due to legal obligations (payer data processing). The documents forming the basis of invoicing must also be retained for 8 years.

15.2. Data provided for contact purposes will be retained until the user unsubscribes.

15.3. Data related to contract performance will be retained for 5 years after contract termination.

15.4. Data processed for marketing purposes will be retained until consent is withdrawn.

15.5. Data processed for online registration will be retained until consent is withdrawn.

16. The Data Controller and entities listed in Section 13 have the right to access the data.

17. Data is stored electronically.

18. Rights Related to Data Processing

18.1. Right to Information

You may request information about your data via the provided contact details, including what data we process, the legal basis, purpose, source, and retention period. Upon request, we will send the requested information to the provided email address within 30 days.

18.2. Right to Rectification

You may request modifications to your data via the provided contact details. We will process the request within 30 days and notify you via email.

18.3. Right to Erasure

You may request the deletion of your data, which we will carry out within 30 days, with notification sent to the provided email address.

18.4. Right to Restriction of Processing

You may request restricted processing of your data (except for storage). We will comply within 30 days and notify you via email.

18.5. Right to Object

You may object to data processing, which we will review within 15 days and inform you of our decision via email.

18.6. Right to Legal Remedies

If you experience unlawful data processing, please contact the website operator at the provided details for resolution.

18.7. Right to Court Action

If your rights are violated, you may take legal action against the Data Controller.

For complaints:

  • Name: National Authority for Data Protection and Freedom of Information
  • Address: 1055 Budapest, Falk Miksa utca 9-11
  • Mailing Address: 1363 Budapest, P.O. Box 9
  • Phone: +36-1-391-1400
  • Fax: +36-1-391-1410
  • Email: ugyfelszolgalat@naih.hu
  • Website: http://www.naih.hu

18.8. Automated Decision-Making in Individual Cases, Including Profiling

The data subject has the right not to be subject to a decision based solely on automated data processing—including profiling—that would have legal effects on them or similarly significantly affect them.

18.9. Informing the Data Subject About a Data Protection Incident

If a data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the data controller must inform the data subject about the incident without undue delay. This notification must clearly and intelligibly describe the nature of the data protection incident and include at least the following:

  • The name and contact details of the data protection officer or other relevant contact person providing further information;
  • A description of the likely consequences of the data protection incident;
  • A description of the measures taken or proposed by the data controller to address the data protection incident, including, where applicable, measures to mitigate any potential adverse effects of the incident.

The data subject does not need to be informed if any of the following conditions are met:

  • The data controller has implemented appropriate technical and organizational protection measures, and these measures were applied to the data affected by the data protection incident, especially those that render the data unintelligible to unauthorized persons, such as encryption;
  • The data controller has taken subsequent measures to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialize;
  • Providing notification would require disproportionate effort. In such cases, the data subjects must be informed through publicly available information or similar measures that ensure effective notification.

Additional Provisions

For data processing activities not listed in this notice, information will be provided at the time of data collection. We inform our clients that courts, prosecutors, investigative authorities, administrative authorities, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, and other bodies authorized by law may contact the Data Controller for information, data disclosure, transfer, or document provision. The Data Controller will only disclose personal data to authorities to the extent necessary to achieve the purpose of the request, provided that the authority specifies the exact purpose and scope of the requested data.

20. Laws Governing Data Processing

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons regarding the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).
  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.
  • Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.
  • Act C of 2003 on Electronic Communications.

If you have any complaints or concerns regarding the processing of your personal data, please contact the Data Controller before initiating any of the above procedures.