menu

Deshly.hu Privacy Policy

1. Introduction

This Privacy Policy applies to the processing of personal data of visitors, customers, and newsletter subscribers of the Deshly.hu online store (hereinafter: "Website"). The operator of the Website is:

  • Balázs Péter Móna, Sole Proprietor
  • Address: Sas utca 2, 2011 Budakalász, Hungary
  • Tax number: 59933294-1-33
  • Registration number: 57981851
  • Email: info@deshly.hu
  • Phone: +36 30 128 1689

The Service Provider is committed to protecting the personal data of data subjects and undertakes to comply with the following legal regulations in all phases of data processing:

  • Regulation (EU) 2016/679 of the European Parliament and Council (GDPR)
  • Act CXII of 2011 on Informational Self-determination and Freedom of Information (Infotv.)
  • Act CVIII of 2001 on certain issues of electronic commerce (E-commerce Act)
  • As well as other relevant national and EU data protection laws.

The purpose of this Privacy Policy is to inform data subjects in a clear and transparent way about the methods, purposes, legal bases, duration of data processing, the rights of the data subjects, and how they can exercise their rights.

2. Data Controller’s Information and Contact

The Data Controller responsible for processing personal data provided on this website and related services:

  • Name: Balázs Péter Móna, Sole Proprietor
  • Address: Sas utca 2, 2011 Budakalász, Hungary
  • Tax Number: 59933294-1-33
  • Registration Number: 57981851
  • Email: info@deshly.hu
  • Phone: +36 30 128 1689
  • Website: https://deshly.hu

For inquiries regarding data processing, data protection rights, or complaints, please contact us using the above details. The Data Controller will respond to all inquiries within 30 days.

3. Definitions

The terms used in this Policy are based on the GDPR and Hungarian Infotv. laws. For clarity, the key terms are defined:

  • Personal Data: Any information that identifies a natural person directly or indirectly (e.g., name, email address, IP address, purchase data).
  • Data Subject: A natural person whose personal data is being processed.
  • Data Processing: Any operation on personal data, such as collection, recording, organization, storage, modification, retrieval, use, transfer, deletion.
  • Data Controller: The individual or legal entity that determines the purpose and means of data processing.
  • Data Processor: The individual or legal entity that processes personal data on behalf of the Data Controller.
  • Recipient: A person or organization to whom the personal data is disclosed.
  • Consent: The freely given, specific, informed, and unambiguous indication of the data subject’s agreement to the processing.
  • Data Breach: A security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

4. Principles of Data Processing

As the operator of Deshly.hu, the Data Controller adheres to the following principles, in line with Article 5 of the GDPR:

  • Lawfulness, Fairness, Transparency: Data processing must be lawful and transparent for the data subject.
  • Purpose Limitation: Data is collected for specified, clear, and legitimate purposes and not processed in an incompatible manner.
  • Data Minimization: Only the necessary data is collected and processed.
  • Accuracy: Personal data must be accurate and up to date. Inaccurate data will be corrected or deleted without delay.
  • Storage Limitation: Data is stored only as long as necessary for the stated purpose.
  • Integrity and Confidentiality: Adequate technical and organizational measures are in place to protect personal data.
  • Accountability: The Data Controller is responsible for compliance and able to demonstrate it.

5. Data Processing Related to Website Visits

5.1 Technical Data (Server Logs)

When visiting the website, the server automatically logs technical data to ensure functionality, security, and debugging.

  • Data processed: IP address, browser type/version, operating system, referrer URL, visited pages, visit date/time, device type
  • Purpose: Ensure technical operation, investigate IT issues or misuse, maintain service security
  • Legal basis: Legitimate interest (GDPR Article 6(1)(f))
  • Retention: 30 days unless further needed for security/legal purposes

5.2 Use of Cookies

The website uses cookies to enhance user experience, ensure functionality, and for analytical/marketing purposes.

  • Essential cookies: Required for basic operation (e.g., login, cart)
  • Functional cookies: Store user preferences (e.g., language)
  • Analytics cookies: Track site usage (e.g., via Google Analytics)
  • Marketing cookies: Show targeted ads (e.g., via Facebook Pixel, Google Ads)

Legal basis:

  • Essential cookies: Legitimate interest (GDPR Article 6(1)(f))
  • Functional, analytics, marketing cookies: Consent (GDPR Article 6(1)(a))

Consent management: Given or withdrawn via cookie banner or browser settings

Settings: Can be changed anytime via “Cookie settings” at the website footer or in your browser.

6. Newsletter Subscription and Marketing Communication

The Data Controller offers newsletter subscription to inform users about products, services, promotions, and other news.

  • Data processed: Email address, name (if provided), subscription time, IP address (for consent proof)
  • Purpose: Send newsletters, offers, marketing content
  • Legal basis: Voluntary, informed, explicit consent (GDPR Article 6(1)(a))
  • Retention: Until consent is withdrawn or user unsubscribes
  • Consent withdrawal: Anytime via unsubscribe link or by emailing info@deshly.hu

Important: Subscription is voluntary. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

7. Data Processing Related to Purchases and Orders

During purchases at Deshly.hu, the following personal data is processed to fulfill the contract and meet legal obligations.

7.1 Customer Registration

  • Data processed: Name, email, encrypted password, registration date, last login
  • Purpose: Create user account, personalize service, enable access
  • Legal basis: Contract performance (GDPR Article 6(1)(b))
  • Retention: Until account deletion or after 5 years of inactivity

7.2 Order Information

  • Data processed: Name, address, phone number, billing & shipping data, order items, payment method
  • Purpose: Process orders, ship products, issue invoices
  • Legal basis: Contract performance and legal obligation (GDPR Article 6(1)(b) and (c))
  • Retention:
    • Order data: 5 years
    • Billing data: 8 years (per accounting law)

7.3 Payment Data

  • Data processed: Payment method, transaction ID, payment status, date

Important: Card data is not stored; handled exclusively by the payment provider

  • Retention: 5 years

8. Data Subject Rights

As a data subject, you have the following rights under data protection laws:

  • Right of Access: Request information about whether your data is processed and receive a copy
  • Right to Rectification: Request correction of inaccurate/incomplete data
  • Right to Erasure (“Right to be Forgotten”): Request deletion in certain cases (e.g., no longer needed or consent withdrawn)
  • Right to Restrict Processing: Request limitation of processing (e.g., if accuracy is disputed)
  • Right to Data Portability: Receive your data in a structured, commonly used format and transmit to another controller
  • Right to Object: Object to processing, especially for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time; previous processing remains lawful
  • Right to File a Complaint: File a complaint with the Hungarian Data Protection Authority (NAIH) or relevant authority

How to exercise your rights:

Write to the Data Controller at:

  • Email: info@deshly.hu
  • Mailing address: Sas utca 2, 2011 Budakalász, Hungary

9. Data Security

The Data Controller takes personal data security seriously and applies both technical and organizational measures to prevent unauthorized access, alteration, disclosure, deletion, destruction, or any other unlawful processing.

Measures include:

  • Encryption: All data transfers use HTTPS protocol with TLS encryption
  • Access Control: Data access is role-based and strictly limited
  • Backups: Regular encrypted backups are performed
  • System Monitoring: 24/7 monitoring detects potential incidents
  • Internal Policies and Training: Staff involved in data handling are regularly trained and follow internal data protection policies

10. Handling Data Breaches

The Data Controller is committed to preventing and properly handling data breaches.

In the event of a breach:

  • Investigation begins immediately after detection
  • If there is a likely risk to rights/freedoms, the Hungarian Data Protection Authority (NAIH) is notified within 72 hours
  • If the breach poses a serious risk, affected users are also informed immediately
  • Internal measures are taken to prevent recurrence
  • The incident is documented, including details, results, and actions taken

11. Contact

If you have any questions, comments, or requests regarding data protection, please contact us:

  • Email: info@deshly.hu
  • Address: Sas utca 2, 2011 Budakalász, Hungary
  • Phone: +36 30 128 1689

The Data Controller strives to respond promptly and confidentially to all inquiries.