PRIVACY POLICY

business.mihalyiszilvia.hu

Szilvia Mihályi E.V. /sole proprietor/ (hereinafter: Data Controller) is committed to protecting the personal data of clients and inquirers. This policy describes the data processing activities based on the GDPR (Regulation EU 2016/679).

1. DATA CONTROLLER INFORMATION

Name: Szilvia Mihályi E.V. (Sole Proprietor)
Registered office: 2100 Gödöllő, Garó Emília utca 1. 1a.
Tax number: 59718651-1-33
E-mail: mihalyiszilviafoto@gmail.com

2. PROCESSED DATA, PURPOSES, AND LEGAL BASES

2.1. Contact and requesting a quote
  • Data: name, e-mail address, phone number (optional), message
  • Purpose: contact, providing a quote, preparation of a contract
  • Legal basis: Article 6(1)(b) GDPR – preparation of a contract
2.2. Fulfillment of a contract
  • Data: name, contact details, billing information
  • Purpose: fulfillment of photography services
  • Legal basis: Article 6(1)(b) GDPR – fulfillment of a contract
2.3. Invoicing and legal obligation
  • Data: name/company name, billing address, tax number
  • Purpose: issuing invoices
  • Legal basis: Article 6(1)(c) GDPR – legal obligation
  • Retention: 8 years
2.4. Taking photographs
  • Data: photographs taken of the Customer
  • Purpose: creating business portrait and image photos
  • Legal basis: Article 6(1)(b) GDPR – fulfillment of a contract, as well as the data subject’s participation necessary for creating the image
2.5. Portfolio and marketing use
  • Data: selected and post-processed images
  • Purpose: professional portfolio and marketing appearance
  • Legal basis: Article 6(1)(a) GDPR – voluntary consent

The Customer gives their consent separately in writing (via e-mail or in a contractual statement).
The consent can be withdrawn at any time, which does not affect the lawfulness of processing based on consent before its withdrawal.

3. DATA PROCESSORS

The Data Controller uses the following service providers:

  • Hosting and e-mail: Forpsi / Vitarex Stúdió Kft.
  • Google services: Google Ireland Limited (Gmail, Drive)
  • Online gallery: Pixieset Media Inc.
  • Invoicing: KBOSS.hu Kft. (Számlázz.hu)

Some of these service providers may also process data outside the EU with appropriate GDPR guarantees (standard contractual clauses).

4. DATA RETENTION

  • Quote requests: max. 12 months of inactivity
  • Contractual data: duration of fulfillment + legal obligation
  • Invoice data: 8 years
  • Photos: for the time necessary for the fulfillment of the contract and delivery

5. RIGHTS OF THE DATA SUBJECT

The data subject has the right to:

  • request information
  • request rectification
  • request erasure (except for legal obligations)
  • request restriction of processing
  • request data portability
  • object to data processing based on legitimate interests

Legal remedy:
National Authority for Data Protection and Freedom of Information (NAIH) – www.naih.hu

6. DATA SECURITY

The Data Controller implements appropriate technical and organizational measures:

  • password-protected systems
  • restricted access
  • secure cloud-based storage

7. AUTOMATED DECISION-MAKING

The Data Controller does not use automated decision-making or profiling.

8. DATA TRANSFER TO THIRD COUNTRIES

In the case of certain services (e.g., Google, Pixieset), data may also be processed outside the European Union, with appropriate GDPR guarantees (standard contractual clauses).

9. FINAL PROVISIONS

For matters not regulated in this policy, the GDPR and the relevant Hungarian laws shall apply.