Zoltán Sebestyén, sole proprietor (registered office : _____________, ev. registration number: _________; tax number: _________, hereinafter referred to as the “Data Controller”) intends to ensure compliance with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (hereinafter referred to as the “GDPR”) and the Hungarian Data Protection Act of 2011 on the right to information self-determination and freedom of information (hereinafter referred to as the “Freedom of Information Act”) by creating and making available this privacy notice (hereinafter referred to as the “Notice”). CXII of 2011 (hereinafter referred to as the “Infotv.”).

For marketing purposes, the Data Controller operates a so-called “landing page”, which is located on the shebidesserts.com portal, which it is the sole owner of. The portal contains marketing content for the retail and wholesale of fruit dessert products, but does not operate a webshop. Potential customers can contact Zoltán Sebestyén, the creator and distributor of the product, through the website. The controller is the data controller of the data generated in the course of operating the website and providing the services.

The scope of this Notice covers all processes in which personal data are processed by all the Data Controller’s departments. Accordingly, it applies in particular to the collection and processing of data on the above-mentioned portal. The temporal scope of this Notice shall last until its withdrawal. The Data Controller reserves the right to amend this Notice, and will notify you thereof by publishing the amended Notice on its website.

Zoltán Sebestyén, as both data controller and data processor, has taken a number of technical and organisational measures to ensure the fullest possible protection of the personal data to be processed. Nevertheless, especially data transfers via the Internet may have fundamental security flaws, so absolute protection cannot be guaranteed, but we will do our utmost to ensure that your data does not fall into the hands of unauthorised persons or is not used for unlawful purposes. In order to facilitate this, we strive to request as little personal data as possible from our customers, in line with the principle of data minimisation. 

Definitions

The Data Protection Notice of the Data Controller is based on the concepts used in the General Data Protection Regulation (GDPR). Our Privacy Notice should be easy to read and understand for the public as well as for our customers and business partners.  To ensure this, we would like to clarify the terms used in the following: 

1. Personal data: personal data is defined in the GDPR as “any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”)”. An identifiable person is a natural person who can be identified, directly or indirectly, primarily by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data subject: a data subject is any identified or identifiable natural person whose personal data is processed by the controller.
3. Processing: processing is any operation, whether or not by automatic means, or any set of operations which is performed upon personal data, such as collection, recording, organisation, arrangement, storage, retrieval, setting, alteration, reading, retrieval, use, disclosure, transmission, processing or otherwise making available, alignment, combination, restriction, erasure or destruction.
4. Restriction of processing:Restriction of processing is the designation of personal data saved in order to restrict future processing.
5. Pseudonymisation: pseudonymisation means the processing of personal data in which personal data can no longer be associated with a specific data subject without the inclusion of other information, unless that information is kept separately by technical and organisational measures that prevent the personal data from being associated with an identified or identifiable natural person.
6. Controller: The controller is the natural or legal person, public authority, institution or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of the processing are provided for by Union or Member State law, the controller or certain criteria specified by the controller may be designed in accordance with Union or Member State law.
7. Data Processor: a processor of an order is a natural or legal person, public authority, institution or other place that processes personal data on behalf of the controller.
8. Recipient: a recipient is a natural or legal person, public authority, institution or other place which receives personal data, whether or not it is a third party.  Authorities that may receive personal data under Union law or the laws of the Member States in the context of a specific investigation mandate are not considered recipients.
9. Third party: a third party is a natural or legal person, public authority, institution or other than the data subject, the controller, processor or persons directly authorised by them to process personal data.
10. Consent: consent is any freely given and unambiguous indication of intent by the data subject, following appropriate information, in the form of a statement or other explicit affirmative action by which the data subject indicates his or her understanding that he or she agrees to the processing of personal data concerning him or her.

Name, address and other contact details of the controller: 

Zoltán Sebestyén sole proprietor

Location: 

E-mail: 

website: shebidesserts.com

Tel: +36 30 709 3902

Any data subject may contact us at any time with any questions or suggestions concerning data protection using the contact details set out above.

Website hosting provider

Our company website is accessible through the servers of LV Services Ltd. The hosting provider complies with the requirements of the GDPR. 

Website operator: 

LV Services Ltd.

seat: 2030 Érd Fehérvári út 32/B 1.ép.

Email: 

website: https://www.lvservices.hu/

Tel: +36 1 700 1494

We collect the following information when you visit our website: 

In an automated way (cookies):

When you visit our website, we may place information on your computer in the form of cookies. Cookies are small files that are sent to your browser by a web server and stored on your computer’s hard drive. Meanwhile, no personal information about the user other than the Internet Protocol address is stored. This information is used to automatically recognise you the next time you visit our website and to help you find your way around. Cookies allow us, for example, to tailor a website to your interests or to save your password so that you do not have to re-enter it each time.

Our company uses only Google Analytics cookies on our website (in addition to cookies necessary for the basic functioning of the website). Within Google Analytics cookies, we also use Google Ads, which records your activity on our website. In addition, the Data Controller uses the wordpress_test_cookie as an essential cookie on the website, which is necessary for the operation of the website. The shopping cart function of our webshop on the website works by using cookies, which are essential for the functioning of the website. 

For more information and to view Google’s current privacy policy, please visit https://www.google.com/intl/de/policies/privacy/. 

Each time you visit our website, for technical reasons, information that your browser transmits to us is automatically saved in the server log files. These are:

– type/version of browser used 

– the operating system used by the system with access 

– the web page from which an accessing system reaches our website, a so-called redirect URL 

– subpages that are controlled by a system with access to our website 

– Date and time of access to the website 

– an Internet Protocol (IP) address 

– the ISP of the system with access 

– other similar data and information that is used to counter a threat if our information technology system is attacked. 

This data cannot be associated with specific persons. This information is often needed 

– to properly publish the content of our website,  

– to optimise the content of our website and its advertising, 

– to ensure the continued functionality of our IT systems and website technology, and 

– to provide the necessary data to law enforcement authorities in the event of a cyber attack.  

This collected data and information is therefore evaluated by the Data Controller for statistical purposes and to enhance the data protection and data security of our company in order to ensure an optimal level of protection for the personal data we process.  The data in the server log files are stored separately from the personal data provided by the data subject.

External links

If you use external links offered on our website, this privacy statement does not cover those links. Where we offer links, we will ensure that when the link is placed on the linked website, we have not found any content on the linked website that is contrary to applicable law. However, we have no control over whether other providers comply with our privacy and security standards. Therefore, please refer to the other provider’s website for information on the privacy statement provided there.

Non-automated data collection on our website: 

Share the content of our website

Our website allows you to share products that are available in our online store on Facebook, Instagram, X, TikTok, Youtube social media platforms. In addition, you have the option to forward a direct link to a product featured on our webshop via email. 

During these processes, your Facebook profile will be linked to our website and your email address will be recorded. This data is not collected or stored by the Data Controller and is only used for sharing by the social media provider or email service provider. 

Contact us via the website

A data subject visiting our website can send a letter to the Data Controller by clicking on the Contact menu or scrolling down to the bottom of the portal and providing his/her data. 

Data processed: 

• Name of natural person concerned
• Natural person Name of company represented by the person concerned
• Contact email address
• Contact telephone number
• Message freely composed by the user concerned

The purpose of data processing: to provide the possibility of contact for marketing purposes, advertising and selling the product distributed by the Data Controller. 

Legal basis for processing: consent of the user concerned. 

The data provided by the user concerned to the Data Controller will be kept by the Data Controller until the consent is withdrawn, but for a maximum of five (5) years, after which they will be deleted. The Data Controller shall only retain the data provided if the data subject remains in contact with the Data Controller after the contact has been made, or if a legal relationship is established between the Data Controller and the data subject or the business entity represented by the data subject. In the latter case, the duration of the processing shall be adapted to the legal relationship. If the contact is limited to pre-contractual negotiations and no legal relationship is ultimately established between the parties, the personal data of the data subject will be deleted within 5 years of the end of the negotiations. 

Collecting data by means of e-mails sent to our electronic delivery address: 

Contacting our company by e-mail

Our Company collects, stores and uses the following personal data for contact and accounting purposes in the course of the enquiries received from natural persons or representatives of legal entities at the electronic contact details provided on the website (imprint), for the purpose of soliciting business or performing a contract that may be concluded, on the basis of legitimate interest and as a legal basis for the performance of a contract: 

• Name (first name and surname)
• E-mail address
• Any text message you have written

Emails and personal data provided, which do not result in a legal relationship between the customer and the Service Provider, will be deleted from the Service Provider’s system within a maximum of five (5) years.

Our data controllers: 

Where processing is carried out on behalf of the controller, the controller may only use processors that offer adequate guarantees of compliance with the requirements of the General Data Protection Regulation or implement appropriate technical and organisational measures to ensure the protection of the rights of data subjects.

The Data Controller hereby declares that in the course of its work, it will only deal with data processors that have adequate guarantees of compliance with the GDPR Regulation and that they implement appropriate technical and organisational measures to ensure the protection of the rights of data subjects. The relevant declarations of the data processors are available to you.

• The company providing the hosting of the website of the data controller and its mail system is also considered a data processor:
  • LV Services Ltd.

• In the course of data storage and cookie management in the cloud-based online database, the service provider is considered a data processor:
  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States

Contracted data processing and data management partners process the personal data of their partners only on the basis of instructions given by the data controller (except where required by law) and under an obligation of confidentiality.

General information about the processing of your data

Your data will not be transferred to third party data controllers or processors, except for invoicing purposes (to comply with legal accounting obligations) to an accountant or, in the event of a dispute, to a legal representative, or to a public authority or court. Our Company will only share your personal data with its contracted data processors. This is necessary to enable our Company to fulfil the contract (order) you have entered into with us. 

In addition to the above, we do not sell or transfer the collected data to third parties unless the latter is necessary for the performance of the contract or the provision of the service. Disclosure to authorities or public bodies entitled to receive information will only be made if required by law or by a court order. In such cases, we will only pass on the minimum amount of data required and will inform you in the manner required by law.

We will delete all of your personal data in full after the purpose of the processing ceases (and after any relevant tax and commercial law retention periods), unless you have given us explicit consent to process your data otherwise at that time. 

You may withdraw your consent to the collection, storage and use of your data at any time without giving any reason. For data protection requests, general suggestions or complaints, please contact us at the contact details set out above. The lawful treatment of your data by all our employees and external service providers takes the form of, among other things, active communication, the obligation of data protection confidentiality and compliance with data protection documents. 

All technical, organisational, physical, e.g. logical, equipment and measures in the area of data protection, IT and information security are designed to protect against damage, corruption and unauthorised access to backed-up data and to achieve protection objectives, confidentiality, availability and integrity.

Your data is stored by our Company in a secure environment provided by GDPR-compliant service providers. 

Rights relating to data processing and how to exercise them

Right to request information and right of access

The data subject may request information in writing from the Controller so that the Controller can inform:

• what personal data,
• on what legal basis,
• for what purpose,
• from what source,
• how long it will treat, 
• to whom, when, under what law, to which personal data the Data Controller has given access or to whom the Data Controller has transferred the personal data.

The Data Controller shall comply with the data subject’s request within a maximum of 30 (thirty) days by electronic or postal mail to the contact details provided by the data subject. The Data Controller may request the data subject to clarify the content of the request and to specify the information or processing activities requested before executing the request. Where the data subject’s right of access under this point adversely affects the rights and freedoms of others, in particular the trade secrets or intellectual property of others, the Controller shall be entitled to refuse to comply with the data subject’s request to the extent necessary and proportionate. 

In the event that the data subject requests more than one copy of the above information, the controller is entitled to charge a reasonable fee proportionate to the administrative costs of producing the additional copies. Where the personal data indicated by the data subject are not processed by the Controller, the Controller shall also inform the data subject in writing. 

The right to rectification

The data subject may request in writing that the Controller amend personal data that is inaccurate, incorrect or incomplete. In such a case, the Controller shall, without undue delay, but no later than within 5 (five) days, rectify or correct the personal data or, if compatible with the purposes of the processing, supplement them with additional personal data provided by the data subject or with a declaration by the data subject on the personal data processed. The controller shall notify the data subject thereof by electronic or postal mail to the contact details provided by the data subject.

The controller shall be exempted from the obligation to rectify where.

• the accurate, correct or complete personal data are not available to the Data Controller and are not provided by the data subject; or
• the authenticity of the personal data provided by the data subject cannot be established beyond reasonable doubt.

The right to erasure

The data subject may request the erasure of his or her personal data in writing. The data subject shall make his or her request for erasure in writing and shall indicate the reasons for which he or she wishes to erase the personal data. 

The Data Controller shall refuse a request for erasure if a law requires the Data Controller to continue to store the personal data. Where there is no such obligation on the part of the Controller, the Controller shall comply with the data subject’s request within a maximum of 30 (thirty) days and shall notify the data subject thereof by electronic or postal mail to the contact details provided by the data subject.

The right to blocking

The data subject may request in writing that his or her personal data be blocked by the Data Controller. The blocking shall last as long as the storage of the data is necessary for the reason indicated by the data subject. For example, the data subject may request the blocking of data if he or she believes that his or her personal data have been unlawfully processed by the Controller, but the controller is required not to delete the personal data in order to comply with an administrative or judicial procedure initiated by the data subject. In such a case, the Controller shall continue to store the personal data until the authority or court requests it, after which it shall delete the data and notify the data subject thereof by electronic or postal mail to the contact details provided by the data subject.

Right to restriction of processing

The data subject may request in writing that the Controller restrict the processing of his or her personal data. During the period of restriction, the Controller or a processor acting on its behalf or under its instructions may carry out processing operations other than storage of the personal data subject to the restriction solely for the purposes of the legitimate interests of the data subject or as provided for by law. 

The data subject may request the restriction of processing at any time and for any period, 

• where the data subject contests the accuracy, correctness or completeness of personal data processed by the Controller or the processor and the accuracy, correctness or completeness of the personal data processed cannot be established beyond reasonable doubt (for the period of the resolution of the doubt),
• if the data should be erased, but there are reasonable grounds to consider, on the basis of a written statement by the data subject or on the basis of information available to the Data Controller, that the erasure of the data would undermine the legitimate interests of the data subject (for the duration of the legitimate interest not to erase the data),
• if the data should be deleted, but the data must be kept as evidence (until the end of the investigation or proceedings) in proceedings conducted by or with a public authority.

In the case of restriction, personal data may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State of the European Union. The controller shall inform the data subject in advance of the lifting of the restriction on processing. 

The Controller shall, without undue delay after complying with the data subject’s request to exercise his or her right to restriction, inform the persons to whom the personal data of the data subject have been disclosed, provided that this is not impossible or involves a disproportionate effort on the part of the Controller. At the data subject’s request, the Controller shall inform him or her of those recipients.

The right to legal redress

You have the right to exercise your right to redress under the following options: 

• Dispute resolution with the Data Controller: you may submit any objection or request to us, orally or in writing, in person, electronically or by post using the contact details set out above. 
• Right to lodge a complaint: if you are unable to resolve a dispute with the Data Controller or if you consider that there has been (or is imminent risk of) a breach of your rights in relation to your data, you have the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information.

Contact details of the National Authority for Data Protection and Freedom of Information

Head office: 1055 Budapest, Falk Miksa utca 9-11.

Address for correspondence: 1363 Budapest, Pf. 9.

Phone: +36(1)3911400

Fax: +36(1)3911410

E-mail: ugyfelszolgalat@naih.hu

Web: naih.hu

• Right to go to court (right of action): you have the right to go to court – independently of your right to complain – if your rights under the GDPR or the GDPR have been violated in the processing of your personal data. The data controller, as a data controller established in Hungary, may be sued before a Hungarian court. 

Amendments to the Data Protection Directive

We reserve the right to modify our privacy practices and this Policy to conform them to relevant laws or regulations, where applicable, or to better meet your needs. We will post any changes to our privacy practices here. 

Last update of this information: 2025.05. 08.

1. s. Annex

Data management register