Facebook-f Instagram Tiktok Linkedin-in

PRIVACY NOTICE

Date of acceptance: 2026-03-13

Data Controller

Name: Szász Lóránd (sole proprietor)

Registered office: 32/B Vörösmarty Street, 2760 Nagykáta, Hungary

Mailing address / complaints handling:
32/B Vörösmarty Street, 2760 Nagykáta, Hungary

Email: hello@studiomilio.hu
Phone number: +36 30 613 2421
Website: https://studiomilio.hu/

Hosting Provider

Name: Rackhost Zrt.

Mailing address: 41 Tisza Lajos Boulevard, 6722 Szeged, Hungary

Email: info@rackhost.hu
Phone: +36 1 445 1200

Description of Data Processing During Website Operation

Information on the Use of Cookies

What is a cookie?

During visits to the website, the Data Controller uses so-called cookies. A cookie is a small information package consisting of letters and numbers that our website sends to your browser in order to store certain settings, facilitate the use of our website, and help collect certain relevant statistical information about our visitors.

Some cookies do not contain personal information and are not suitable for identifying individual users; however, some contain a unique identifier – a secret, randomly generated sequence of numbers – which is stored on your device and ensures that you can be identified. The duration of operation of each cookie is specified in the description of the respective cookie.

Legal background and legal basis of cookies

The legal basis for data processing is your consent pursuant to Article 6(1)(a) of the Regulation.

Main characteristics of the cookies used by the website

Google Consent Mode v2

The Data Controller has integrated Google Consent Mode version v2 into the website and ensures the management of consents and refusals through the cookie panel according to the new version.

Under Google Consent Mode v2, Google uses two additional flags in addition to the previous two (analytics_storage, ad_storage), which are used for storing and reading cookies for statistical and advertising purposes:

  • ad_user_data: Any user data that may be sent to Google for advertising purposes.

  • ad_personalization: User data may be used for personalized advertising purposes, such as remarketing.

The purpose of these two switches is to determine whether the storage and reading of cookies used for statistical and advertising purposes are permitted.

Additional Data Processing

If the Data Controller intends to carry out further data processing, it will provide prior information about the essential circumstances of the data processing (legal background and legal basis of the processing, purpose of the processing, scope of the processed data, and duration of the processing).

Recipients of Personal Data

Data processing related to the storage of personal data

Name of the data processor: Rackhost Zrt.

Contact details of the data processor

Phone number: +36 1 445 1200
Email: info@rackhost.hu
Registered office: 41 Tisza Lajos Boulevard, 6722 Szeged, Hungary
Website: https://studiomilio.hu/

Based on a contract concluded with the Data Controller, the Data Processor performs the storage of personal data. The Data Processor is not entitled to access the personal data.

Your Rights During Data Processing

During the period of data processing, you are entitled to the following rights under the provisions of the Regulation:

  • the right to withdraw consent

  • the right to access personal data and information related to data processing

  • the right to rectification

  • the right to restriction of processing

  • the right to erasure

  • the right to object

  • the right to data portability

If you wish to exercise your rights, it will involve your identification, and the Data Controller will necessarily need to communicate with you. Therefore, personal data will be required for identification (however, identification can only be based on data already processed about you), and your complaint related to data processing will be available in the Data Controller’s email account within the period specified in this notice.

The Data Controller will respond to complaints related to data processing within 30 days at the latest.

Right to Withdraw Consent

You are entitled to withdraw your consent to data processing at any time. In such cases, the provided data will be deleted from our systems.

Right of Access to Personal Data

You have the right to obtain confirmation from the Data Controller as to whether your personal data is being processed, and if such processing is taking place, you have the right to:

  • access the personal data processed; and

  • receive information about the following:

    • the purposes of data processing

    • the categories of personal data processed about you

    • recipients or categories of recipients with whom the personal data has been or will be shared

    • the planned duration of storage of personal data, or if this is not possible, the criteria used to determine that period

    • your right to request rectification, erasure, or restriction of processing of your personal data and, in the case of processing based on legitimate interest, your right to object

    • the right to lodge a complaint with a supervisory authority

    • if the data was not collected from you, all available information regarding its source

    • the existence of automated decision-making (including profiling) and meaningful information about the logic involved and the expected consequences for you.

The purpose of exercising this right may be to establish and verify the lawfulness of data processing. Therefore, in the event of repeated requests for information, the Data Controller may charge a reasonable fee.

Access to personal data will be provided by the Data Controller by sending the processed personal data and related information to you via email after verifying your identity. If you have a registered account, access will be provided through your user account, where you can view and verify the personal data processed about you.

Please indicate in your request whether you are requesting access to personal data or information about data processing.

Right to Rectification

You have the right to request that the Data Controller correct inaccurate personal data concerning you without undue delay.

Right to Restriction of Processing

You have the right to request that the Data Controller restrict the processing of your personal data if one of the following applies:

  • you contest the accuracy of the personal data, in which case the restriction applies for the period enabling the Data Controller to verify the accuracy of the data;

  • the processing is unlawful but you oppose the deletion of the data and request restriction instead;

  • the Data Controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims;

  • you have objected to the processing, but it has not yet been determined whether the legitimate grounds of the Data Controller override your grounds.

If processing is restricted, such personal data may only be processed (except for storage) with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another person, or for important public interest reasons.

The Data Controller will inform you in advance (at least 3 working days before) of the lifting of the restriction.

Right to Erasure (Right to be Forgotten)

You have the right to request the deletion of your personal data without undue delay if one of the following grounds applies:

  • the personal data is no longer necessary for the purposes for which it was collected;

  • you withdraw your consent and there is no other legal basis for the processing;

  • you object to processing based on legitimate interest and there are no overriding legitimate grounds;

  • the personal data has been processed unlawfully;

  • the personal data must be erased to comply with a legal obligation.

If the Data Controller has made the personal data public and must erase it, it will take reasonable steps, including technical measures, to inform other data controllers processing the data that you have requested the deletion of links or copies of the personal data.

Erasure does not apply where processing is necessary:

  • for exercising the right of freedom of expression and information;

  • for compliance with a legal obligation (e.g., invoice retention obligations);

  • for the establishment, exercise, or defense of legal claims.

Right to Object

You have the right to object at any time to the processing of your personal data based on legitimate interest for reasons related to your particular situation.

In such cases, the Data Controller may no longer process the personal data unless it demonstrates compelling legitimate grounds that override your interests, rights, and freedoms or are related to legal claims.

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such purposes, including profiling related to direct marketing. If you object, the personal data will no longer be processed for that purpose.

Right to Data Portability

If data processing is carried out by automated means or based on your voluntary consent, you have the right to request that the Data Controller provide the data you have supplied in XML, JSON, or CSV format.

Where technically feasible, you may request that the Data Controller transmit this data to another data controller.

Automated Decision-Making


You have the right not to be subject to a decision based solely on automated data processing (including profiling) which produces legal effects concerning you or similarly significantly affects you. In such cases, the Data Controller must implement appropriate measures to safeguard the data subject’s rights, freedoms, and legitimate interests, including at least the right to request human intervention on the part of the Data Controller, to express your point of view, and to contest the decision.

The above does not apply if the decision:

  • is necessary for entering into, or the performance of, a contract between you and the Data Controller;

  • is authorized by Union or Member State law applicable to the Data Controller which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

  • is based on your explicit consent.

Registration in the Data Protection Register


In accordance with the provisions of the Hungarian Act on Informational Self-Determination and Freedom of Information (Infotv.), the Data Controller was previously required to register certain data processing activities in the data protection register. This registration obligation ceased on 25 May 2018.

Data Security Measures


The Data Controller declares that it has implemented appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental destruction or damage and inaccessibility resulting from changes in the applied technology.

Within the limits of organizational and technical possibilities, the Data Controller also takes all necessary steps to ensure that its data processors implement appropriate data security measures when processing your personal data.

Legal Remedies


If you believe that the Data Controller has violated any legal provision relating to data processing or has failed to comply with one of your requests, you may initiate an investigation procedure with the National Authority for Data Protection and Freedom of Information (Hungarian: NAIH) in order to terminate the allegedly unlawful data processing.

Contact details:

  • Mailing address: 1363 Budapest, Pf. 9., Hungary

  • Email: ugyfelszolgalat@naih.hu

  • Phone: +36 (30) 683-5969; +36 (30) 549-6838; +36 (1) 391 1400

You are also informed that in the event of a violation of legal provisions governing data processing, or if the Data Controller fails to comply with one of your requests, you may initiate civil proceedings against the Data Controller before a court.

Amendment of the Privacy Notice


The Data Controller reserves the right to amend this privacy notice provided that such amendment does not affect the purpose and legal basis of the data processing. By using the website after the amendment enters into force, you accept the modified privacy notice.

If the Data Controller intends to carry out further data processing for a purpose other than that for which the data were originally collected, you will be informed prior to such further processing about the purpose of the processing and the following information:

  • the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;

  • your right to request access to, rectification or erasure of personal data concerning you, or restriction of processing, and in the case of processing based on legitimate interest, your right to object to such processing; furthermore, in the case of processing based on consent or a contractual relationship, your right to data portability;

  • in the case of processing based on consent, the fact that you may withdraw your consent at any time, and your right to lodge a complaint with a supervisory authority;

  • whether the provision of personal data is a statutory or contractual requirement, or a prerequisite for entering into a contract, and whether you are obliged to provide the personal data, as well as the possible consequences of failing to provide such data;

  • the existence of automated decision-making (if such a procedure is used), including profiling, and at least in such cases meaningful information about the logic involved and the significance and expected consequences of such processing for you.

Data processing may only commence after this information has been provided. If the legal basis for data processing is consent, in addition to receiving the information, you must also give your consent to the processing.

This document contains all relevant information regarding data processing related to the operation of the webshop, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR) and Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Infotv.).