Privacy Policy

We hereby inform you that

Vincze Gábor e.v.

Registered office: 1052 BUDAPEST 5 RÉGI POSTA UTCA 4 1 em. 11 ajtó

Tax number: 69006690-1-41

Email: [email protected]

is the operator of the website accessible at queenofheartstattobp.com (hereinafter referred to as the “Website”) and establishes the rules, data protection and data management principles, as well as information regarding the processing of personal data of visitors to the Website and users of services available on the Website (collectively referred to as “Data Subjects”).

In connection with data processing, the Data Controller hereby informs Data Subjects about the personal data processed on the Website, the principles and practices applied in handling personal data, and the ways and means through which Data Subjects can exercise their rights.

By using the Website, the Data Subject accepts the terms set out in this Privacy Policy and consents to the processing of personal data as defined below.

Definitions

Data Controller: A natural or legal person, public authority, agency, or any other body that alone or jointly with others determines the purposes and means of processing personal data; if the purposes and means of processing are determined by EU or Member State law, the Data Controller or the specific criteria for its designation may also be defined by EU or Member State law.

Personal Data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing: Any operation or set of operations performed on personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, alignment or combination, restriction, erasure, or destruction.

Restriction of Processing: The marking of stored personal data with the aim of limiting their future processing.

Profiling: Any form of automated processing of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Data Processor: A natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the Data Controller.

Recipient: A natural or legal person, public authority, agency, or any other body to which personal data is disclosed, regardless of whether they are a third party. Public authorities that may access personal data in accordance with EU or Member State law for the performance of a task are not considered recipients.

Consent of the Data Subject: Any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes, whereby they signify agreement to the processing of personal data relating to them.

Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Data Controller Information

Csesznok András e.v.

Registered office: 1025 Budapest, Vöröstorony utca 20.

Tax number: 91202857-1-41

Registration number: 60662767

Email: [email protected]

Legal Basis, Purpose, and Duration of Data Processing

Data Subjects may provide information or data on the Website in two ways:

Personal data explicitly provided or made available during the use of the Website’s services (see section 3.1).

Information made available to the Data Controller in connection with the use or browsing of the Website (see section 3.2).

The legal basis for data processing is, in all cases, the Data Subject’s voluntary consent under Article 6(1)(a) of the EU Regulation 2016/679 (General Data Protection Regulation, “GDPR”).

The Data Subject may partially or fully withdraw their consent in writing at any time, or request the deletion of their data.

3.1 Processed Personal Data

The Data Controller shall not use personal data for purposes other than those specified above. Disclosure of personal data to third parties or authorities is only possible with the Data Subject’s prior, explicit consent, unless required by law.

If the Data Controller intends to use the provided data for purposes other than the original collection purpose, the Data Subject will be informed and given the option to object.

Data is retained for the duration of the purpose for which it was collected, primarily during the term of the relationship with the Data Subject, or until deletion is requested or consent is withdrawn.

3.2 Data Collected During Website Use

3.2.1 Cookies

For personalized service, the Data Controller places small data files (cookies) on the Data Subject’s device, which can be read on subsequent visits. Cookies may link the current visit with previous visits only for content provided by the Data Controller.

Session cookies: Deleted automatically after the visit; necessary for proper website functionality.

Persistent cookies: Used to improve user experience, stored for a longer period depending on browser settings.

Data collected: IP address, visit date, time

Scope: All website visitors

Purpose: Differentiate users, track sessions, store provided data, prevent data loss

Duration: Session cookies last until the end of the visit; other cookies up to 30 days

3.2.2 Managing or Deleting Cookies

Users can delete or block cookies via browser settings. External links may also set cookies; the Data Controller is not responsible for these.

3.2.3 Facebook Cookies

More information: https://hu-hu.facebook.com/policies/cookies/

3.2.4 Google Analytics Cookies

Google Analytics analyzes interactions using cookies. Data is anonymized and aggregated; IP addresses are not combined with other Google data. More info: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage#analyticsjs

3.2.5 Google Ads / Remarketing

Uses cookies to provide targeted ads. Users can opt out via Google Ads settings: https://policies.google.com/technologies/ads?hl=hu

Data Processors

HighLevel Inc., Hosting & Marketing Software, North Saint Paul St., Suite 920, Dallas, Texas 75201, https://www.gohighlevel.com

The Data Controller may engage additional processors in the future.

Data Transfer

Data is transferred to third parties only with the explicit consent of the Data Subject, unless otherwise required by law.

Data Subject Rights

Access & Information: Request and receive information on stored personal data and processing purposes.

Rectification: Correct inaccurate or incomplete data.

Restriction: Limit processing under specific conditions (disputed accuracy, unlawful processing, legal claims, objection to direct marketing).

Deletion (“Right to be forgotten”): Request deletion under specified conditions.

Data Portability: Receive personal data in a structured, widely used format and transmit to another controller.

Objection: Object to processing or direct marketing, including profiling.

Requests are fulfilled within one month, with a possible extension of two months for complex cases.

Legal Remedies

If rights are violated, Data Subjects may contact:

National Authority for Data Protection and Freedom of Information (NAIH), Budapest, Szilágyi Erzsébet fasor 22/c; www.naih.hu

Courts, under applicable Hungarian law.

Data Breach Management

Data breaches are logged, including affected data, Data Subjects, time, circumstances, and mitigation measures. High-risk breaches are reported within 72 hours to both authorities and affected parties.

Links

The Data Controller is not responsible for external websites linked from the Website. If illegal content or infringement is detected, links will be removed immediately.

Data Security

The Data Controller implements technical and organizational measures to ensure data protection, prevent unauthorized access, disclosure, modification, or destruction. Third parties receiving data are also required to maintain security standards.

Despite security measures, absolute protection cannot be guaranteed; the Data Controller is not liable for unauthorized access, breaches, or resulting damages.

Special categories of personal data (e.g., racial, political, religious, health, sexual orientation) are never collected.

Users are advised to log out on public computers and prevent unauthorized access to their accounts.

Other Provisions

The Data Controller reserves the right to modify this Privacy Policy unilaterally with prior notice via the Website. Continued use of the Website constitutes acceptance of the updated Privacy Policy.

Effective date: 21 February 2026