Last updated: March 2025. This notice is provided in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable Hungarian law.

1. Who we are (data controller)

The operator of this website and the controller of your personal data in connection with this website is Gardentopia.eu, with its principal place of business at Budapest, Hungary. You can contact us about data protection matters at: +381 64 314 3366.

If we appoint a data protection officer (DPO) or representative, their contact details will be published here. Unless stated otherwise, please direct all privacy requests to the contact above.

2. Scope of this notice

This privacy notice explains how we collect and use personal data when you visit or interact with our website. It does not cover processing carried out by third parties solely under their own responsibility (for example, your interactions with a social network on its own platform), except where we jointly determine purposes and means together with another controller.

3. Hosting and infrastructure (processor)

Our website is hosted by Rackhost Zrt., with registered address: 6722 Szeged, Tisza Lajos körút 41., Hungary. Contact details of the hosting provider: customer service +36 1 445 1200; technical support +36 1 445 1204; fax +36 1 445 1201; email info@rackhost.hu. VAT number: 25333572-2-06; company registration number: 06-10-000489.

Hosting necessarily involves processing of technical data (including server logs) for the purpose of providing the hosting service, security monitoring, incident response, and backups. Where Rackhost Zrt. processes personal data on our behalf, it does so as a processor based on our instructions and a data processing agreement where required by law.

4. What personal data we process

Depending on how you use the website, we may process the following categories of personal data:

  • Technical and connection data: IP address, date and time of access, requested URL/path, HTTP status, transferred data volume, referrer URL, user agent string, and similar protocol-level information recorded in server logs.
  • Online identifiers: cookie identifiers and similar identifiers stored on your device where permitted (including strictly necessary cookies, and—only with consent—analytics/functional identifiers).
  • Usage data: aggregated or pseudonymous analytics data generated by analytics tools where you have consented.
  • Communication data: if you contact us (e.g., email), we process your contact details and the content of your message to handle your request.

We do not intend to process special categories of personal data (“sensitive data”) through this website. Please do not submit such information unless strictly necessary and lawful.

5. Purposes and legal bases (GDPR Article 6)

We process personal data only where a legal basis applies. In particular:

  • Website provision, IT security, and abuse prevention (Article 6(1)(f) GDPR — legitimate interests): operating the website, ensuring integrity and availability, detecting and defending against attacks, troubleshooting, and fraud prevention. Where strictly necessary and proportionate, this includes processing log data and deploying strictly necessary cookies/security measures. We consider your interests, rights, and freedoms and limit processing to what is necessary.
  • Non-essential cookies and similar technologies (Article 6(1)(a) GDPR — consent): analytics tools (e.g., Google Analytics), certain functional integrations (e.g., features relying on Google AI Studio API), and measurement via tools such as Google Search Console where such processing is not strictly necessary for delivering the website. These technologies are activated only after you provide consent through our cookie interface, and you may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Compliance with legal obligations (Article 6(1)(c) GDPR): retaining certain records where required by accounting, tax, commercial, or other applicable law.
  • Performance of a contract or pre-contractual steps (Article 6(1)(b) GDPR): where applicable, if you request services or enter into a contractual relationship with us via the website.

6. Recipients and subprocessors

Personal data may be disclosed to:

  • our hosting provider Rackhost Zrt. for hosting and related security operations;
  • providers of tools we use where you have consented or where strictly necessary, including (as applicable) Google LLC and its affiliates for Google Search Console, Google Analytics, and the Google AI Studio API, subject to their terms and privacy documentation;
  • professional advisers (e.g., legal/accounting) where required and subject to confidentiality;
  • competent public authorities where we are legally required to disclose information.

We do not sell your personal data.

7. International transfers

Some providers may process data in countries outside the European Economic Area (EEA). Where such transfers occur, we rely on appropriate safeguards under Chapter V GDPR (such as Standard Contractual Clauses approved by the European Commission) or other permitted mechanisms, supplemented by technical and organisational measures as appropriate.

8. Retention

We retain personal data only as long as necessary for the purposes described, unless a longer period is required or permitted by law. Indicatively:

  • Server logs: kept for a limited period necessary for security and troubleshooting (typically a short rolling retention), unless longer retention is justified by a security incident or legal claim.
  • Consent records: kept to demonstrate compliance with ePrivacy/GDPR requirements for an appropriate period.
  • Analytics/consent-based data: retained according to the relevant tool’s settings and our configuration, minimised where possible.
  • Messages you send us: retained for as long as needed to resolve your request and thereafter in line with statutory limitation periods where applicable.

9. Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including access control, secure transmission where applicable, and vendor diligence. No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security.

10. Automated decision-making and profiling

We do not use automated decision-making producing legal or similarly significant effects solely based on automated processing, unless we expressly inform you and provide the required safeguards. General analytics measurements do not, by themselves, constitute such automated decision-making.

11. Your rights

Subject to conditions and exemptions in the GDPR, you may have the right to:

  • Access (Article 15): obtain confirmation whether we process your data and receive a copy of certain information.
  • Rectification (Article 16): request correction of inaccurate data.
  • Erasure (Article 17): request deletion where grounds apply.
  • Restriction (Article 18): request restriction of processing in certain cases.
  • Data portability (Article 20): receive certain data in a structured, commonly used format where processing is based on consent or contract and carried out by automated means.
  • Object (Article 21): object to processing based on legitimate interests, including profiling to the extent applicable.
  • Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
  • Lodge a complaint with a supervisory authority, in particular in your habitual residence, place of work, or place of the alleged infringement.

For Hungary, the supervisory authority is the National Authority for Data Protection and Freedom of Information (NAIH) (contact details available at www.naih.hu). You may also contact another EU/EEA supervisory authority under applicable rules.

12. Children

Our website is not directed at children. We do not knowingly collect personal data from children without a valid legal basis (including parental consent where required by applicable law).

13. Cookies and similar technologies

For detailed information on cookies, categories, storage duration, and your choices, please see our Cookie Policy on this website.

14. Changes to this notice

We may update this privacy notice to reflect legal, technical, or organisational changes. Material changes will be highlighted on this page or communicated where appropriate. We encourage you to review this page periodically.