**VALID: 2023.12.15.**

1. **INTRODUCTION**

It is essential for us to comply with the currently applicable data protection regulations and laws. Therefore, we will discuss and present in detail the steps and processes related to data protection on pottymoments.com, and the data collection procedures.

The data is managed by Sipos Anna, a sole proprietorship responsible for the processing of personal data.

Contact information:

Full legal name: Sipos Anna sole proprietorship

Individual enterprise registered in Bulgaria.

Email: pottymoments@gmail.com

2. **WHAT PERSONAL DATA DO WE PROCESS, AND FOR WHAT PURPOSE?**

Personal data refers to information that allows the clear identification of an individual.

On pottymoments.com, we process the following personal data with the exact legal basis:

**COMMUNICATION DATA**

This includes any message sent to us through the website, email, social media, or any other form of communication. We process and retain this data to fulfill orders and provide a basis for decision-making in case of legal claims. The legal basis for processing is the user’s demonstrable interest in our activities, as expressed in messages addressed to us.

**CUSTOMER DATA**

This includes all data related to the purchase of products and services, such as the buyer’s name, shipping and billing address, email address, phone number, and details of purchased products. We process this data to fulfill orders successfully, and for legally compliant records of purchases. The legal basis for data storage is the fulfillment of the contract formed by the purchase between the buyer and Sipos Anna.

**USER DATA**

This encompasses data generated during the use of the website, allowing technical operation, preserving site security, storing backups of user activities, and providing access to the most relevant content. The legal basis for processing is the user’s clear interest in our activities, ensuring the necessary storage for technical operation.

**TECHNICAL DATA**

This includes data generated during the use of the site, such as IP addresses, login information, browser data, time of page visits, page views and navigation paths, number and timing of visits, time zones, and device information. The source of this data is our analytical software. We process this data to analyze user behavior, maintain site security, and understand the effectiveness of our marketing decisions. The legal basis for processing is the user’s clear interest in our activities, allowing us to process these data in compliance with security requirements and use them for business growth.

**MARKETING DATA**

This includes visitor preferences regarding the type of marketing content they welcome. We process this data to enable participation in contests and send advertisements related to our products/services based on expressed user interest. The legal basis for processing is the user’s clear interest in our activities, allowing us to process these data in compliance with security requirements and utilize them for more effective operations. The collected data may be used for targeted, relevant advertisements on the Facebook™ platform and various dynamic advertising platforms, measuring the effectiveness of advertisements. The legal basis for processing is the user’s clear interest in our activities, allowing us to process these data in compliance with security requirements and utilize them for more effective operations.

During our activities, we do NOT collect sensitive data such as ethnicity, religious beliefs, sexual life and orientation, political opinions and union membership, or health background, genetic, or biometric information.

3. **HOW DO WE COLLECT DATA?**

We may collect personal data directly from users (e.g., placing an order or sending a message). Additionally, certain data are automatically collected through the use of technologies such as “cookies” only after user consent.

For more information, please refer to our Cookie Statement.

We may also receive certain data from external partners, such as analytics providers like Google (non-EU partner), advertising networks like Facebook™ (non-EU partner), and payment service providers like PayPal (non-EU partner) and Barion.

4. **OUR PRACTICAL STEPS FOR DATA PROTECTION**

Sipos Anna places great importance on protecting user data and complying with current regulations. We have conducted a privacy impact assessment on the site, listing the collected data, their necessity and legal basis, and compliance with the law.

The protection of data provided on forms and generated on the site is ensured by SSL certification throughout the website (Let’s Encrypt Authority X3 certification).

To protect against attacks, we use premium security software (iThemes Security Pro) to guard against “brute force” and viral attacks on stored data.

Purchasing and user data in the site’s databases are stored in encrypted form (pseudonymized), making them unreadable to external parties.

In this privacy statement, we provide users with the means to request information about the handling of their personal data, modify or delete their personal data through forms. We ensure responsible data handling by selecting service providers that comply with GDPR regulations, participate in the EU-US Privacy Shield initiative for U.S.-based partners, and sign data processing agreements.

5. **MARKETING COMMUNICATION**

The continuation of marketing communication is essential for business activities. The legal basis for data processing related to marketing communication is the user’s interest in our services or explicit consent to receive marketing messages.

In accordance with the European Union Privacy and Electronic Communications Regulations (PECR), we send marketing messages to users who have purchased from us or explicitly consented to receiving marketing messages.

Opting

out of marketing communication and unsubscribing from messages is clearly provided for. Each email contains a visible link for unsubscribing, or removal from the database can be requested by emailing pottymoments@gmail.com. Even after unsubscribing from marketing communication, messages related to order fulfillment may still be sent.

6. **NOTE ON PERSONAL DATA SHARING**

It may be necessary to share certain personal data with partners to maintain normal business operations. These partners include IT service providers, troubleshooting and maintenance service providers for computer systems, expert partners such as lawyers, accountants, bankers, insurers, and government agencies requesting reports on our activities. Payment service providers handling bank card data and courier services fulfilling incoming orders to the specified delivery address are also included.

International Data Transfers

User data may need to be shared with non-European Economic Area (EEA) partners to maintain business operations. Since non-EEA countries often do not provide the same level of protection for data, European laws prohibit data export without meeting the proper conditions. When personal data is transferred outside the EEA, we take additional steps beyond those discussed in point 4 to ensure the secure handling of data. We only transfer data to countries deemed adequate by the European Commission for data security. We only use U.S.-based services that are part of the EU-US Privacy Shield data security initiative. If these conditions are not met, we request explicit user consent for data transfer. Consent can be withdrawn at any time.

External Links

This page may occasionally contain links to external sites or embedded code that provides the operation of external services. Clicking on these links or using embedded solutions may allow external partners to collect data about users. While we make every effort to review partners properly, we have no control over their privacy principles and are not responsible for their data handling principles.

7. **DATA RETENTION PERIOD**

User data is only stored as long as necessary due to legal/accounting/reporting obligations or for the operation of the service.

When deciding on the storage period, we consider the quantity, nature, and sensitivity of the data, as well as the potential impact of leakage in case of a data privacy incident.

For tax reasons, we are required to retain billing and purchase data of customers for at least 8 years to meet legal obligations.

Under certain circumstances, anonymized data may be used for statistical purposes, in which case the data is stored indefinitely without notice.

8. **VISITOR RIGHTS**

As European Union citizens, the General Data Protection Regulation (GDPR) provides the following rights to users of the site:

a. **Access to Personal Data**

Users have the right to request a copy of the personal data stored by pottymoments.com. The request is generally fulfilled free of charge within 14 days after the request. In cases of repeated, abusive, or unjustified data requests, Sipos Anna may charge a reasonable fee for providing data and may require additional time to fulfill the request. Sipos Anna also requests proof of identity before releasing the data to prevent abuse. To request personal data, please use the contact form below: [Include contact form here]

[Note: Please insert a contact form where users can request personal data. This was mentioned in the Hungarian text but wasn’t provided in the English translation.]

b. **Rectification of Personal Data**

Users have the right to request the correction of inaccurate personal data.

c. **Erasure of Personal Data**

Users have the right to request the deletion of personal data. Deletion requests will be honored unless legal/accounting/reporting obligations or the operation of the service require the data’s retention.

d. **Restriction of Processing**

Users have the right to request the restriction of the processing of personal data under certain circumstances.

e. **Data Portability**

Users have the right to receive personal data in a structured, commonly used, and machine-readable format, and to transmit this data to another data controller.

f. **Object to Processing**

Users have the right to object to the processing of personal data under certain circumstances.

g. **Automated Decision-Making and Profiling**

Users have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or similarly significantly affects them.

Users can exercise their rights by contacting us using the contact form or by sending an email to pottymoments@gmail.com.

[Include a contact form or contact information here for users to exercise their rights.]

If users believe that their rights have been violated, they have the right to file a complaint with the competent data protection authority.

b. **Modification of Personal Data**

If personal data has changed or has been incorrectly provided, users have the right to request the modification of data. To modify personal data, please contact us at pottymoments@gmail.com.

c. **Request for Deletion of Personal Data**

Users have the right to request the deletion of all their personal data. The request will be fulfilled free of charge within 14 days after the request. After the deletion of personal data, the user account will no longer be accessible, and any materials possibly purchased will become inaccessible since the personal data associated with the user account is essential for accessing the service.

The company requests proof of identity before deleting personal data to prevent abuse. To request the deletion of personal data, please use the contact form above.

d. **Request for Restriction of Processing Personal Data**

Users have the right to request the restriction of providing their data to third parties (service partners). When submitting the request, the service partners to be restricted can be specified.

It is important to note that cooperation with certain service providers is essential for the operation of the site (e.g., Barion as a payment service provider), so if their restriction occurs, the services of the site will become inaccessible to the user.

The company requests proof of identity before restricting the transfer of personal data to prevent abuse. To request the restriction of the transfer of personal data, please use the contact form above.

In Hungary, the official authority dealing with data protection is the National Authority for Data Protection and Freedom of Information (NAIH). Users can find more information about their data protection rights on the NAIH website.

National Authority for Data Protection and Freedom of Information,

1125 Budapest, Szilágyi Erzsébet fasor 22/C., Mailing address: 1530 Budapest, Pf.: 5.,

Phone: 06.1.391.1400,

Fax: 06.1.391.1410,

Email: ugyfelszolgalat@naih.hu

Website: [http://www.naih.hu](http://www.naih.hu)

9. **ANONYMIZED DATA AND “COOKIES”**

On pottymoments.com, in email messages, and advertisements, so-called “cookies” and similar technologies, such as tracking codes, remarketing tags, pixels, are used, which operate after the user’s consent.

These technologies help us better understand user behavior and interests, thereby assisting in our higher-level and more efficient operation.

Our goal is to make the use of pottymoments.com as user-friendly and personalized as possible. If the user wishes to prohibit the non-personal data recording of these technologies, it can be done in the following ways:

– By disabling their loading through cookie alerts on the website
– By disabling “cookies” in the browser
– Or with the help of this tool

Additional information about cookies and tracking codes on pottymoments.com can be found in the cookie statement.

[Include information about the competent data protection authority for users to file a complaint.]

This English translation is provided for informational purposes only, and the original Hungarian text is the legally binding document.