Last Updated: April 6th, 2025
The Website (dpso.eu) is operated by Tamás Vecsei (referred to as the Controller or We), based in Budapest, Hungary.
If you need to get in touch, you can reach out by:
We process personal data in line with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC), or GDPR for short. This law protects your personal data and gives you rights over how it’s used.
This notice explains how we handle personal data when you use our Website, which you can access through the domain listed above.
When we mention “User” in this notice, we’re referring to anyone who browses the Website and gets in touch with us.
To help the Website run smoothly and understand how visitors use it, we use cookies and collect some basic technical data.
For more details on what cookies we use and why, please check out the section called “About the Use of Cookies”.
If you contact us via the email address provided on the Website, we’ll need to process some of your personal data to handle your message.
Who this applies to: Anyone who sends an email to the Controller using the contact email(s) listed on the Website.
Legal basis for processing: We process your data based on your consent, as outlined in Article 6(1)(a) of the GDPR. You can withdraw your consent at any time—just let us know. Please note that withdrawing consent won’t affect the lawfulness of any processing we carried out before the withdrawal.
What data we collect: When you email us, we typically handle the following information:
Why we collect this data: Simply to communicate with you and respond to your inquiries or requests.
How long we keep your data: We keep your data until we’ve answered your question or fulfilled your request. If the conversation continues, we retain the data for 90 days after the final message or once your request has been fully handled—whichever comes later. After that, your data will be deleted.
How your data is stored: Your information is stored securely in our IT system, in separate lists created specifically for managing communications, and is kept only for the duration of our exchange.
We don’t share, sell, rent, or trade your personal data with third parties.
The only time we might share your data is if we’re legally required to do so—for example, if an authority or court requests it as part of a legal obligation. Even then, we only share the minimum necessary information, and only with the appropriate authorities.
To help us run the Website and provide our services, we work with a few trusted service providers (also known as data processors). These partners may process personal data on our behalf, but only based on our instructions and in full compliance with the GDPR.
We only choose processors who meet strict data protection and security standards, and we make sure appropriate agreements are in place to safeguard your data.
Storage Service Provider
Who’s affected: All users who visit the Website, whether or not they use any specific services.
Who we work with: We use Rackhost Zrt. as our website hosting (storage space) provider. This means they act as a Data Processor on our behalf.
Details of the provider:
Name: Rackhost Informatikai Zártkörűen Működő Részvénytársaság
Business Registration Number: 06-10-000489
Tax Number: 25333572-2-06
Head Office: Tisza Lajos körút 41., 6722 Szeged, Hungary
Postal Address: Tisza Lajos körút 41., 6722 Szeged, Hungary
Phone: +36 1 445 1200
Email: info@rackhost.hu
Website: https://www.rackhost.hu/
What data is involved: Potentially, any data covered in this privacy notice. The specific data depends on how you use the Website and which features or services you interact with.
Why we use this provider: To keep the Website running smoothly and securely. Rackhost Zrt. provides the electronic hosting infrastructure necessary for the site to function.
How the data is processed: All processing is electronic. Rackhost Zrt. only provides the storage infrastructure—we remain in control of the data and what happens to it.
Website Developer
Who’s affected: All users who visit the Website, whether or not they use specific services.
Who we work with: We use WordPress, developed and maintained by Automattic Inc., as the software platform for our Website. Automattic acts as a Data Processor on our behalf.
Details of the provider:
Name: Automattic Inc. (WordPress)
Address: 60 29th Street #343, San Francisco, CA 94110, USA
Phone: +1 877 273 3049
Website: www.wordpress.com
What data is involved: Potentially any personal data covered in this privacy notice. The exact data depends on how you interact with the Website and which features you use.
Why we use this provider: To ensure the Website works properly by using software that supports its functionality and structure.
How the data is processed: All processing is done electronically. WordPress provides the software infrastructure, while we remain responsible for how your data is used.
Email Hosting and Software Providers
Who’s affected: This applies to anyone mentioned in this privacy notice, as well as anyone the Controller communicates with via email.
Who we work with: We use the following providers to host our email services and provide the necessary software:
Name: Rackhost Informatikai Zártkörűen Működő Részvénytársaság
Business Registration Number: 06-10-000489
Tax Number: 25333572-2-06
Head Office: Tisza Lajos körút 41., 6722 Szeged, Hungary
Postal Address: Tisza Lajos körút 41., 6722 Szeged, Hungary
Phone: +36 1 445 1200
Email: info@rackhost.hu
Website: https://www.rackhost.hu/
and
Name: Mailchimp (operated by The Rocket Science Group LLC)
Head Office: 675 Ponce de Leon Avenue NE, Suite 5000, Atlanta, GA 30308, United States
Postal Address: Intuit Mailchimp 405 N Angier Ave. NE Atlanta, GA 30308 USA
Tax Number: EU372008134
Website: https://mailchimp.com/
Contact Page: https://mailchimp.com/contact/
Both providers act as Data Processors by offering infrastructure and tools that support the sending, receiving, and storage of emails.
What data is involved: Primarily your name and email address. Depending on the content of the messages, additional personal data shared in the emails may also be processed.
Why we use these providers: To ensure the proper functioning and reliability of our email communications.
How the data is processed: Emails are stored in secure software environments provided by the above providers. Your data is processed electronically and only for the duration necessary to manage communication.
Other Data Processors and Data Processing Agreements
We doesn’t work with any other data processors beyond those listed above or the ones mentioned at “About the Use of Cookies”.
For every service provider we do work with, we have proper data processing agreements in place. These contracts include all the legally required terms to make sure your data is handled securely and in line with data protection laws.
The Controller is committed to keeping your personal data safe. We take both technical and organizational measures—and follow internal policies—to make sure we comply with data protection laws and confidentiality rules. We protect your data from unauthorized access, alteration, disclosure, deletion, or any unlawful use. We also safeguard it against accidental loss, damage, or inaccessibility due to technological changes.
Any data we collect about website traffic or user behavior is handled in a way that prevents us from linking it to individuals. From the very beginning, this data is processed anonymously.
We only process personal data for the specific and lawful purposes set out in this notice. We do so to the extent necessary and proportionate, always in line with applicable laws, best practices, and with the appropriate security measures in place.
To help protect your data, our Website uses the secure “https” protocol, which encrypts communications and ensures a unique, secure connection. Your data is stored in encrypted databases, organized into separate lists based on the purpose of processing. Only a limited number of authorized Controller staff—those involved in the tasks described in this policy—have access. These individuals are required to handle your data responsibly and in compliance with this policy and relevant legal requirements.
Right to Access
As a User, you have the right to request information about how your personal data is being processed.
At your request, the Controller will provide details about:
We aim to respond to your access request without undue delay—always within one month of receiving it.
As part of this right, you can also request a copy of the personal data we process about you. Your first copy is free of charge. If you request additional copies, we may charge a reasonable fee to cover administrative costs.
Right to Data Portability
You have the right to receive the personal data we hold about you in a structured, commonly used, and machine-readable format. You can also request that this data be transferred to another controller—without interference from us—if:
If technically possible, you can also ask us to transfer your data directly to another controller on your behalf.
Right to Correction
You have the right to request that we correct any inaccurate personal data we hold about you. If your data is incomplete, you can also ask us to update it—such as by providing a supplementary statement.
We’ll handle your correction request without undue delay and, at the latest, within one month of receiving it.
Right to Restrict Processing
You can ask us to limit how we use your personal data. When data is restricted, we’ll mark it to ensure it’s not used for anything beyond what’s absolutely necessary. You can request this in the following situations:
Right to Erasure (“Right to Be Forgotten”)
You have the right to ask us to delete your personal data, and we’ll do so without delay if any of the following apply:
If we’ve made your personal data public and are required to erase it, we’ll also take reasonable steps—considering available technology and implementation costs—to inform other controllers that you’ve requested deletion of any links to, or copies of, that data.
Obligation to Notify
If we correct, restrict, or delete your personal data, we’ll inform you and any other parties we’ve shared the data with—unless doing so is impossible or would require disproportionate effort. If you ask, we’ll also let you know who we’ve shared your data with.
Right to Object
You have the right to object to the processing of your personal data at any time if it’s being processed based on our legitimate interests, and you have a personal reason for doing so.
If you object, we’ll stop processing your data—unless we can demonstrate that we have compelling legal reasons that override your interests, rights, and freedoms, or if the data is needed to establish, exercise, or defend legal claims.
We provide information and take action on your data-related requests free of charge, as described at the “User’s Rights Regarding Their Personal Data” section of this document. However, if a request is clearly unfounded or excessive—especially if it’s repeated—we may:
We’ll make this decision based on the nature of the request and the effort required to fulfill it.
We’ll respond to your request as soon as possible—no later than one month after we receive it. This includes providing any copies of your personal data, if requested.
If your request is complex or we’ve received multiple requests, we may need up to two additional months to respond. In that case, we’ll let you know within the first month and explain why there’s a delay.
If you submit your request electronically, we’ll respond electronically unless you ask for a different format.
If we decide not to take action on your request, we’ll inform you within one month and explain why. We’ll also let you know how you can file a complaint with the relevant data protection authority or seek legal remedy.
You can submit your request in any format that allows us to verify your identity. For security reasons, we can only act on requests from individuals we can identify. If we have reasonable doubts about your identity, we may ask for additional information to confirm it.
You can send your requests to the Controller’s postal address listed above, or by email to hello@dpso.eu.
Please note: We’ll treat an email request as valid only if it’s sent from an email address already registered in our system. If it comes from a different email, we may not be able to act on it. The official receipt date for emails is the day after it was sent.
If you believe your rights have been violated, you have the right to take legal action by: