Privacy Policy

Last Updated: 03.10.2025

This Privacy Policy explains how we collect, use, and protect personal data when you visit our website, purchase digital products, or participate in our events.

1. Controller

The controller within the meaning of the GDPR is:

Zsófia Altziebler
Hollókő
Sport út 15.
3176
Ungarn

Invoicing Partner

KBOSS.hu Trading and Service Limited Liability Company (KBOSS.hu Kft.)

• Head Office: 1031 Budapest, Záhony Street 7
• Representative: Managing Director Balázs Ángyan
• Company Registration Number: 01-09-303201
• Tax Number: 13421739-2-41
• Email: info@szamlazz.hu
• Data Protection Officer: Dr. Éva Istvánovics, Attorney-at-Law
• Contact: dpo@kboss.hu

2. General Information on Data Processing

We process personal data (e.g., name, address, email, payment data) strictly in accordance with the General Data Protection Regulation (GDPR) and other applicable laws.
Data is collected, processed, and stored solely for the purposes stated in this Privacy Policy.

3. Hosting and Server Log Files

Our website is hosted by:

Raidboxes GmbH
Hafenstr. 32, 48153 Münster, Germany

Raidboxes stores personal data (e.g., IP addresses) in log files to ensure operational stability and security.

• Legal Basis: Art. 6 (1) lit. f GDPR (legitimate interests).
• More Information: Raidboxes Privacy Policy.

When you visit our website, server log files are automatically collected (e.g., IP address, browser type, access time). These are used solely to maintain operation and are deleted after 7 days.

4. Plugins and Tools

4.1 WooCommerce

Used to process online orders. Customer data (name, address, payment data, order history) is processed.

4.2 Payment Processing (Wise, Stripe, YITH Stripe Connect)

For payment transactions, data is transmitted to Wise and Stripe.

• Legal Basis: Art. 6 (1) lit. b GDPR (performance of a contract).

4.3 Avada Builder, The Events Calendar Pro & Event Tickets

For event management and ticket booking, relevant customer data (name, email, booked events) is stored.

4.4 Google Services (Analytics, reCAPTCHA, Fonts, Maps)

Cookies may be set and data (IP address, usage behavior) may be transferred to Google LLC, USA.

• Legal Basis: Consent under Art. 6 (1) lit. a GDPR.
• Safeguards: Data transfers are based on Standard Contractual Clauses (SCC).

4.5 Mailchimp

We use Mailchimp for newsletters. Email addresses and interaction data are transmitted to The Rocket Science Group LLC, USA.

4.6 WP Forms Lite

Contact forms process the data you provide (e.g., name, email, message).

4.7 Ultimate Affiliate Pro

Used to manage our affiliate program. We store affiliate IDs, tracking data, and payout information.

4.8 Members (Membership Management)

Data of registered users (login, profile, permissions) is processed.

4.9 WP Mail Logging

Emails sent via the website are logged (sender, recipient, timestamp).

4.10 WP Data Manager

Used for database management, storage, and security of personal data. Access is restricted to administrators.

4.11 WPML SEO & YOAST SEO

These tools are used for search engine optimization. No direct processing of personal data occurs.

5. Legal Bases

• Art. 6 (1) lit. a GDPR – Consent
• Art. 6 (1) lit. b GDPR – Performance of a contract
• Art. 6 (1) lit. c GDPR – Legal obligation
• Art. 6 (1) lit. f GDPR – Legitimate interests

6. Cookies & Consent Management

We use cookies and similar technologies. Your consent is obtained through a cookie banner before any storage takes place (Art. 6 (1) lit. a GDPR).

7. Storage Duration

Personal data is stored only for as long as necessary for the intended purpose or as required by legal retention periods.

8. Rights of Data Subjects

You have the following rights at any time:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7 (3) GDPR)

9. Processors & Third-Country Transfers

Where we engage service providers (e.g., Google, Mailchimp, Stripe, Raidboxes), processing is based on Data Processing Agreements (DPAs) and, where applicable, Standard Contractual Clauses (SCCs) for international data transfers.

10. Data Security

We implement appropriate technical and organizational measures (e.g., SSL encryption, access controls, backups) to protect your data.

11. Photo and Video Recordings at Events

During our live events and conferences, photos and videos may be taken that include participants.

Purpose of Processing
Recordings are used for documentation and public relations and may be published on our website, social media channels, newsletters, or print materials.

Legal Basis

• Art. 6 (1) lit. f GDPR – Legitimate interest (public relations, documentation)
• Art. 6 (1) lit. a GDPR – Consent, if used for promotional purposes beyond documentation

Right to Object
Participants may object to the processing of their recordings where overriding interests exist. Please contact the address provided in the Legal Notice/Imprint.

On-Site Notices
Participants will be informed through posted notices or announcements that photos and videos are being recorded.

Storage Duration
Recordings are retained for the duration of our public relations activities and then deleted or archived when no longer necessary.