Privacy policy
DATA PROCESSING INFORMATION
Data controller details
|
Online Store Name |
Sylvera Candles |
|
Company name |
Szabados Tünde E.V. |
|
Registered office |
6762 Sándorfalva, Temesvári utca 26. |
|
Tax number |
91473738-1-26 |
|
Court of registration |
Szegedi Törvényszék Cégbírósága |
- hereinafter referred to as Data Controller.
Please read our data processing information (hereinafter referred to as Information) carefully, in which we describe our practices regarding the processing of your personal data in accordance with the General Data Protection Regulation (GDPR, i.e. Regulation 2016/679 of the European Parliament and of the Council).
This Notice applies to persons who use the Data Controller's services as consumers (hereinafter: User, Customer).
It explains how the Data Controller collects, uses, and in certain cases shares your personal data with third parties, and provides information about your rights in relation to data processing.
The Data Controller is committed to protecting the personal data and privacy of individuals visiting the website. This information and statement primarily concerns the confidential handling and protection of the personal data of customers and newsletter subscribers via the Internet, but it also applies to visitors to the site. We summarize how the owner may collect and use data relating to you and how it may be used. The data will not be disclosed to unauthorized persons and will be used in the manner specified in this notice.
This notice provides you with important information about the protection of your personal data and your rights in this regard. If you do not accept these terms and conditions, you have the right to suspend your use of the website and to finish browsing without providing any personal data.
This Notice is valid from October 16, 2025 until revoked. The Data Controller reserves the right to unilaterally modify the Notice at any time.
Responsibility and contact details of the Data Controller
Information related to data processing
With regard to the data processing described in this Notice, Tünde Szabados is the data controller (hereinafter: Data Controller).
If you have any comments, questions, or complaints regarding our data protection procedures, please contact us at the following addresses:
|
Name |
Szabados Tünde |
|
Mailing address |
6762 Sándorfalva, Temesvári utca 26. |
|
Phone number |
+36 30 994 5657 |
Depending on your choice, you are entitled to access the website without providing your personal data, but in order to browse the website, you must accept the cookie policy, and if you subscribe to the newsletter, you must approve the privacy policy and statement.
Personal data is any information that directly or indirectly relates to a natural person who can be identified by an identification number or other data associated with that person.
When processing data covered by this Policy, the Data Controller pays special attention to taking appropriate data security measures and, accordingly, takes all technical and organizational measures necessary to ensure the security of the personal data processed.
Your personal data is information that can be used to identify you, such as:
- Last name,
- First name,
- Phone number,
- Mailing address,
- Email address.
Your personal data is collected voluntarily by the owner when you browse the website, indicating in each case the data that must be provided in order to achieve the purpose. If you do not wish to provide this data, you will not be able to access certain functions and services of the website.
The collection of optional data serves to identify user needs and improve the website and services.
The following personal data is processed
- Name,
- Company name and contact person (in case of a company)
- Registered office address (in case of a company),
- Tax number (in case of a company),
- Delivery address,
- Email address,
- Phone number.
Data processed when processing orders
In addition to personal data, the following
- Characteristics of the purchased product (product name, quantity, value),
- Order ID,
- Date and time of purchase,
- Coupon code if a discount coupon is redeemed.
Duration of data processing
- With regard to direct marketing consents, until the user withdraws their consent,
- With regard to profile data, 5 years from the last login, pursuant to Section 6:22 (1) of Act V of 2013 on the Civil Code,
- For purchase data, 8 years, pursuant to Section 169 (2) of the Accounting Act.
Conditions for data transfer
The Data Controller may transfer the data it processes, to the extent necessary, to persons and companies designated by it and operating in the following areas
- Data processing
- Legal representation
- Bodies authorized by law to handle legal disputes
- Delivery
- Accounting
- Claims management
- Marketing
- Data processors
The following data processors process personal data on behalf of the Data Controller
|
Name of data processor |
Shopify Internationatl Ltd. |
|
Registered office |
2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland |
|
E-mail address |
support@shopify.com |
| Scope of data collection and purpose of use |
Personal data: User data: Technical data: Further information: https://www.shopify.com/legal/privacy
|
|
Name of data processor |
Magyar Posta Zrt. |
|
Registered office |
1138 Budapest, Dunavirág utca 2-6. |
|
Phone number |
+06 1 767 8282 |
|
E-mail address |
ugyfelszolgalat@posta.hu |
|
Scope of data collection and purpose of use |
Personal data: Further information: https://www.posta.hu/adatkezelesi_tajekoztato#2. |
|
Name of data processor |
Billingo Technologies Zrt. |
|
Registered office |
1133 Budapest, Árbóc utca 6. I. emelet |
|
Phone number |
+36 1 500 9491 |
|
E-mail address |
hello@billingo.hu |
|
Scope of data collection and purpose of use |
Data used when issuing invoices: Name, company name in the case of companies In this case, Billingo Technologies Zrt. acts as a data processor and records the data on the issued invoice for archiving purposes only and does not use it for any other purpose. In the case of online payment, it transfers the data to the service provider OTP Mobil Kft. as a data controller for the purpose of verifying that the order has been settled and payment has been made. Further information: https://www.billingo.hu/adatkezelesi-tajekoztato#section8
|
|
Name of data processor |
SimplePay Zrt. |
|
Registered office |
1138 Budapest, Váci út 135-139. B. ép. 5. em. |
|
Phone number |
+36 1 366 6611 |
|
E-mail address |
dpo@otpmobil.com |
|
Scope of data collection and purpose of use |
The scope of data processed during SimplePay online payments: In the case of bank transfer or payment request: Further information: https://simplepay.hu/adatkezelesi-tajekoztatok/ |
|
Name of data processor |
Revolut Pay Ltd. |
|
Registered office |
30 South Colonnade, London, E14 5HX. |
|
E-mail address |
support@revolut.com |
|
Scope of data collection and purpose of use |
The scope of data processed during Revolut Pay online payments: Further information: https://www.revolut.com/hu-HU/legal/privacy/ |
|
Name of data processor |
Judge.me Ltd. |
|
Registered office |
c/o Buckworths, 1-3 Worship Street, London EC2A 2AB |
|
E-mail address |
support@judge.me |
|
Scope of data collection and purpose of use |
Personal data: Email address, User data: Further information: https://judge.me/privacy |
Other data processors
- Google Inc.: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Facebook Ireland Ltd.: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
Data subject rights and enforcement
If you do not want your personal data to be used for commercial offers, you have the right to prohibit this without giving any reason.
You must send your request for deletion in writing to the Data Controller, by e-mail or post, to the contact details indicated in the section "Responsibility and contact details of the Data Controller".
Protection of personal data of minors and persons with limited legal capacity
We do not process or collect personal data of children under the age of 13 without the verifiable consent of their parents or guardians.
Parents or guardians may request the disclosure or deletion of data relating to their child.
If the age of the child becomes apparent to the Data Controller during the course of data processing, the data may be used for the purpose of obtaining parental consent.
The consent of a legal representative is required for the declaration of a minor who is legally incompetent or has limited legal capacity, except for services that are commonly used in everyday life for registration purposes and do not require special consideration.
Cookie management
The website www.sylveracandles.com, operated by the Data Controller, uses cookies to facilitate the operation and use of the website, to track activity on the website, and to display relevant offers.
Please read this document carefully and only use the website's services if you agree with all of its points and accept them as binding on you (hereinafter: User). Please note that this policy only applies to the use of cookies on this website.
A cookie is a small data package that internet services store in your browser. It is an essential technology for the operation of online services that provide an efficient and modern user experience, and is supported by all browsers today.
The website uses cookies for the following purposes
- to improve our website
- to facilitate your navigation on our website and the use of its features, thus ensuring a smooth user experience
- to collect information about how you use our website - by assessing which parts of our website you visit or use most, so that we can learn how to provide you with an even better user experience when you visit our site again,
- to learn how to provide you with an even better user experience when you visit our site again,
- placing targeted advertisements on other websites,
- distinguishing and identifying browser users,
- tracking activities on the website so that we can send you messages about offers that are of particular interest or relevance to you.
Legal background and legal basis of cookies
The legal basis for data processing is your consent in accordance with Article 6(1)(a) of the Regulation in the case of cookies used for statistical and marketing purposes, and the legitimate interest necessary to ensure the functioning of the Website in accordance with Article 6(1)(f) of the Regulation in the case of cookies necessary for operation.
Types of cookies used
- Cookies essential for operation
These cookies ensure the proper functioning of the website, facilitate its use, and collect information about its use without identifying our visitors.
This includes, for example, storing calculator usage values, cookie management acceptance status, login methods and data, website notification message status, and the reduced functionality Google Analytics code.
Please note that without these cookies, we cannot guarantee the convenient use of our website.
- Session cookie
These cookies store the visitor's location, browser language, and payment currency. They expire when the browser is closed or after a maximum of 2 hours.
- Cookie acceptance cookie
When you arrive at the site, you accept the statement on cookie storage in the warning window. Their lifetime is 365 days.
- Cookies that improve the user experience
These cookies collect information about how you use the website, such as which pages you visit most often or what error messages you receive from the website.
These cookies do not collect information that identifies visitors; they work with completely general, anonymous information. We use the data obtained from these cookies to improve the performance of the website. The lifetime of this type of cookie is limited to the duration of the session.
- Google Adwords cookie
When someone visits the website, the visitor's cookie ID is added to the remarketing list.
Google uses cookies (such as NID and SID cookies) in Google products, such as Google Search, to customize the ads you see.
These cookies are used, for example, to remember a user's recent searches, previous interactions with individual advertisers' ads or search results, and visits to advertisers' websites.
The AdWords conversion tracking feature uses cookies. To track sales and other conversions resulting from an ad, cookies are stored on the user's computer when that person clicks on an ad.
Some common uses of cookies include selecting advertisements based on what is relevant to a particular user, improving reports on campaign performance, and avoiding showing advertisements that a user has already seen.
- Google Analytics cookie
Google Analytics is Google's analytics tool that helps website and app owners get a clearer picture of their visitors' activities.
The service may use cookies to collect information and compile reports on website usage statistics without identifying visitors to Google individually.
The main cookie used by Google Analytics is the "__ga" cookie. In addition to generating reports from website usage statistics, Google Analytics (along with some of the advertising cookies described above) can also be used to display more relevant ads in Google products (such as Google Search) and across the web.
- Remarketing cookies
For previous visitors or users, they may appear when browsing other websites on the Google Display Network or when searching for terms related to your products or services.
- Facebook pixel - Facebook cookie
The Facebook pixel is a code that helps the website generate reports on conversions, compile target audiences, and provide the site owner with detailed analytics data on how visitors use the website.
With the Facebook pixel, you can display personalized offers and ads to website visitors on Facebook.
You can read Facebook's data management policy here: https://www.facebook.com/privacy/explanation
- SimplePay cookie
When paying on the SimplePay interface, the Data Controller does not have access to credit card details.
The credit card details related to the payment of the order and the acceptance of the payment are handled by OTP Bank Nyrt. as an independent data controller.
More detailed information on this is available at the following link:
https://simplepay.hu/wp-content/uploads/2025/07/SimplePay_b2c_adatkezelesi_tajekoztato_hun_20250703.pdf
Cookies can be disabled using your browser as follows
- Chrome - https://support.google.com/chrome/answer/95647
- Safari - https://support.apple.com/hu-hu/guide/safari/sfri11471/mac
- Mozilla - https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
- Internet Explorer - http://windows.microsoft.com/en-us/internet-explorer/delete-managecookies#ie=ie-11
- Opera - https://help.opera.com/en/latest/web-preferences/#cookies
Handling warranty and guarantee claims
In the event of faulty performance, the Data Controller shall act in accordance with the rules set out in Decree 19/2014. (IV. 29.) NGM and shall handle claims on this basis.
Data processed
Based on the provisions of the law, the notifier
- Name,
- Address,
- Phone number,
- Email address,
- Purchase details (product name, price, date and time of purchase),
- Date of fault report,
- Description of fault,
- Your rights under the warranty or guarantee,
- Method of settlement under the warranty or guarantee.
The Data Controller is obliged to keep the record of the consumer's claim for 3 years from the date of recording.
Handling consumer complaints
The Data Controller handles consumer quality complaints related to the products it distributes and the services it provides in accordance with Act CLV of 2017 (hereinafter: Consumer Protection Act).
Processed data
- The content of the written complaint report based on Section 17/A 5 of the Consumer Protection Act and the response thereto.
The Data Controller shall retain the consumer complaint report and the response thereto for 3 years.
Rights of data subjects, legal remedies
The data subject shall submit the request to the Data Controller at the contact details provided in Section II. a.
By post to the registered office, or electronically to the e-mail address.
The Data Controller shall fulfill the request free of charge.
Within one month of receiving the request, the Data Controller shall inform the data subject of the measures taken in response to the request.
The following rights shall apply during the period of data processing.
Right of access to personal data
The data subject has the right to obtain confirmation from the Data Controller as to whether personal data concerning him or her are being processed and, where such processing is taking place, the right to access the personal data and the following information
- The purposes of the processing
- The categories of personal data concerning you that are being processed
- Recipients of the data transfer
- Duration of data processing
- The data subject's options for exercising their rights and seeking legal remedies
If the data was not collected from you, any available information about its source - The existence of automated decision-making (if such a procedure is used) and profiling.
Right to rectification
The data subject has the right to request that the Data Controller rectify or supplement personal data concerning you.
Right to erasure - right to be forgotten
The data subject has the right to request that the Data Controller erase personal data concerning you if
- The personal data is no longer necessary for the purposes for which it was collected or otherwise processed by the Data Controller,
- The data subject withdraws their consent and there is no other legal basis for the processing,
- The data subject objects to the processing and there are no overriding legitimate grounds (i.e. legitimate interests) for the processing,
- The personal data has been unlawfully processed,
- The personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject.
The right to erasure does not apply if the Data Controller is required by law to continue storing the data or if, pursuant to Section 6(5) of the Information Act, the Data Controller is entitled to continue processing the data.
Right to withdraw consent
The data subject has the right to request that the Data Controller delete the data provided from its systems.
In such cases, however, please note that in the case of unfulfilled orders, withdrawal may result in our inability to fulfill the data subject's order.
If the purchase has already been made, we cannot delete the billing data from our systems in accordance with the provisions of the Accounting Act.
Right to restriction of processing
The data subject has the right to request that the Data Controller restrict the processing of data if
- The accuracy of the personal data is contested, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the personal data,
- The processing is unlawful, but the data subject opposes the erasure of the data and requests the restriction of their use instead.
- The controller no longer needs the personal data for the specified processing purposes, but they are required by the data subject for the establishment, exercise, or defense of legal claims.
- The data subject objects to the processing, in which case the restriction applies for the period until it is determined whether the legitimate grounds of the Data Controller override those of the data subject.
Right to data portability
The data subject shall have the right to request from the Data Controller (in cases where data processing is based on automated means or voluntary consent) to receive the data provided to the Data Controller in a machine-readable format, and shall have the right to transmit those data to another data controller.
Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on legitimate interests.
In this case, the Data Controller may no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. Where the data subject objects to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Right to automated decision-making
The data subject shall have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal effects concerning him or her or similarly significantly affects him or her.
The above right shall not apply if the decision
- is necessary for entering into, or performance of, a contract between the data subject and the Data Controller
- is authorised by Union or Member State law to which the Data Controller is subject, which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests
- is based on the data subject's explicit consent.
Right to legal remedy
If, in the opinion of the data subject, the Data Controller has violated the applicable data protection requirements, the data subject may contact the Data Controller at the contact details provided in this Notice.
The data subject also has the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa u. 9-11, mailing address: 1363 Budapest, Pf. 9.; e-mail address: ugyfelszolgalat@naih.hu).
The data subject also has the right to seek legal redress, in which case the data subject may, at his or her discretion, turn to the court of his or her place of residence, place of stay, or the Data Controller's registered office.
Data management guidelines
The applicable laws governing data management guidelines relating to my data collection are as follows
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR),
- Act CXII of 2011 on the right to self-determination in relation to information and freedom of information (hereinafter: Infotv),
- Section 6:22(1) of Act V of 2013 on the Civil Code,
- Section 169(2) of the Accounting Act,
- Decree 19/2014 (IV. 29.) NGM
- Act CLV of 2017 on Consumer Protection (hereinafter: Consumer Protection Act)
Terms
● Data processor: a natural or legal person, public authority, agency, or any other body that processes personal data on behalf of the data controller
● Data processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction other forms of making available, alignment, combination, restriction, erasure, destruction
● Data transfer: making personal data processed by the Data Controller available to third parties
● Data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed
● GTC: the General Terms and Conditions published on the website, setting out the Data Controller's rules for the sale of products and services
● Identifiable natural person: a natural person who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person
● Recipient: natural or legal person, public authority, agency, or any other body to which the personal data are disclosed, whether a third party or not
● Consent of the data subject: a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
●Data subject: any natural person who is identified or identifiable on the basis of any information
●Users: visitors to the website operated by the Data Controller, http://www.sylveracandles.com, and other websites available at the addresses specified therein
●Third party: a natural or legal person, public authority, agency, or any other body other than the data subject, the data controller, the data processor, or those persons who, under the direct authority of the data controller or data processor, are authorized to process personal data
●Registration: recording the personal data of a website user to create a user account
●Personal data: any information relating to the data subject
●Service: the product sales and other services provided by the Data Controller to its Customers, Partners, and Users on the website or by other means, as detailed in the GTC
●Website: the websites operated by the Data Controller and available at the other addresses specified therein