Privacy Policy

1. DATA CONTROLLER
The Data Controller responsible for processing your personal data is:
Bazil Benedek Káplár

2. 1085 Budapest Horánszky street 18, Pest, Hungary
Email: bazilbenedekkaplar@gmail.com

3. WHAT DATA WE COLLECT
When you subscribe to our newsletter, we collect:

· Email address (required)

· First name (optional)

· IP address, device, and browser information (automatically collected)

· Interaction data such as email opens and link clicks

· Tracking data such as cookies and analytics information

3. HOW WE COLLECT YOUR DATA
We collect your data when you sign up for the newsletter, interact with our website, or engage with our emails. Some data is collected automatically through cookies and analytics tools.

4. WHY WE PROCESS YOUR DATA AND LEGAL BASIS UNDER GDPR
We only process your personal data when we have a valid legal basis under the General Data Protection Regulation (GDPR):

Purpose: Newsletter delivery
Legal Basis: Consent (Article 6(1)(a) GDPR)

Purpose: Email engagement tracking
Legal Basis: Consent (Article 6(1)(a) GDPR)

Purpose: Security and abuse prevention
Legal Basis: Legitimate Interest (Article 6(1)(f) GDPR)

Purpose: Analytics and service improvement
Legal Basis: Legitimate Interest (Article 6(1)(f) GDPR)

Purpose: Compliance with recordkeeping and legal obligations
Legal Basis: Legal Obligation (Article 6(1)(c) GDPR)

You may withdraw your consent at any time by clicking “Unsubscribe” in any newsletter or by contacting us.

5. THIRD-PARTY DATA PROCESSORS
We use trusted service providers to manage and send our newsletters, including:

· ConvertKit (USA) – Email marketing

· Mailgun (EU/USA) – Email delivery

· Cloudflare (USA) – Content delivery and website security

· Google Analytics (Ireland) – Website analytics

· Sentry (USA) – Performance monitoring

Each provider operates under a Data Processing Agreement (DPA) to ensure GDPR compliance.

6. INTERNATIONAL DATA TRANSFERS
Some service providers are located outside the European Economic Area (EEA), mainly in the United States.
Where data transfers occur, we use appropriate safeguards such as:

· Standard Contractual Clauses (SCCs) approved by the European Commission

· Adequacy decisions for countries recognized as safe

· Additional protections such as encryption and limited access

7. DATA RETENTION
We retain your personal data for as long as you are subscribed to the newsletter and for up to 2 years after unsubscribing to maintain compliance and record opt-out requests.
Data required by law may be kept longer. After this period, data is securely deleted or anonymized.

8. YOUR GDPR RIGHTS
You have the following rights under the GDPR:

· Access your personal data

· Correct inaccurate or incomplete data

· Erase your data (“right to be forgotten”)

· Restrict or object to processing

· Withdraw consent at any time

· Receive your data in a portable format

· Lodge a complaint with a data protection authority

To exercise these rights, contact us at [Your Email]. We will respond within 30 days.

9. COOKIES AND TRACKING TECHNOLOGIES
We use cookies and similar tracking technologies in our emails and on our website to measure engagement and improve our service.
We seek your consent before setting non-essential cookies. You can manage your preferences through your browser settings.

10. DATA SECURITY
We implement technical and organizational measures to protect your personal data, including encryption, secure transmission (TLS), access controls, and regular security reviews.

11. CHANGES TO THIS POLICY
We may update this policy periodically. Updates will be posted on this page, and significant changes will be communicated directly.
Last updated: [Insert Date]

12. CONTACT
If you have questions or wish to exercise your rights, please contact:
[Your Full Name or Company Name]
Email: [Your Email Address]
Address: [Your Address]

CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

· The right to know what personal information we collect and how we use it

· The right to request a copy of your data

· The right to request deletion of your data

· The right to opt out of the sale of personal information

We do not sell your data for money, but analytics or advertising services may be considered a “sale” under CCPA.

To exercise your rights, email us with the subject “CCPA Request.”
We will confirm receipt within 10 days and respond within 45 days.
You can submit up to two verified requests within a 12-month period.

BRAZILIAN USERS’ PRIVACY RIGHTS (LGPD)

If you reside in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including:

· Confirmation of processing and access to your data

· Correction or deletion of inaccurate data

· Withdrawal of consent

· Information about data sharing

· Data portability to another provider

· Lodging complaints with the ANPD

· Objection to certain processing

· Review of automated decision-making

We process your personal data based on:

· Your consent

· Compliance with legal obligations

· Performance of a contract

· Legitimate interests, provided your fundamental rights do not override these interests

To exercise your LGPD rights, contact us.

DEFINITIONS
Personal Data: Information that can identify a person directly or indirectly.
Processing: Any operation performed on personal data.
Data Controller: The person or organization determining how and why personal data is processed.
Data Processor: A third party processing data on behalf of the controller.
EEA: European Economic Area.

END OF POLICY