Privacy Policy

Last Updated: [Date]

  1. Data Controller and Contact Information

The Data Controller: GS Design Gombos Szilvia, Sole Proprietor

  • Registration Number: 05190310
  • Address: 3711 Szirmabesenyő, Kölcsey Ferenc utca 84, Hungary
  • Tax Number: 63181342-1-25
  • Email: hello@gsdesign.hu
  • Website: https://gsdesign.eu

The Data Controller handles personal data in compliance with applicable U.S. federal and state data protection regulations, including the California Consumer Privacy Act (CCPA), Federal Trade Commission (FTC) Act, Children’s Online Privacy Protection Act (COPPA), and any other relevant laws.

  1. Purpose of Data Processing

GS Design collects and processes personal data for the following purposes:

  • To provide, operate, and improve services.
  • To communicate with customers and respond to inquiries.
  • To comply with legal obligations.
  • For marketing and promotional purposes (with consent).
  • To protect the security and integrity of our website.
  1. Types of Personal Data Collected

GS Design may collect the following categories of personal information:

  • Identifiers: Name, email address, IP address.
  • Commercial Information: Transaction records, purchase history.
  • Internet Activity: Browsing history, interaction data with our website.
  • Geolocation Data: Location data for service customization.
  • Professional Information: Employment-related data (if applicable).
  • Sensitive Information: Only collected with explicit consent.

GS Design does not knowingly collect data from individuals under 13 years of age. If it is discovered that such data has been inadvertently collected, it will be promptly deleted.

  1. Legal Basis for Processing

Data processing is based on the following legal grounds:

  • Consent: Voluntary agreement to data processing (e.g., marketing communications).
  • Contractual Obligation: Processing necessary for the performance of a contract.
  • Legal Obligation: Compliance with relevant laws and regulations.
  • Legitimate Interests: To improve services and ensure security.
  • Public Interest: When required by law (e.g., law enforcement requests).
  1. Data Sharing and Disclosure

GS Design does not sell personal data. We may share information with:

  • Service Providers: For processing and operational purposes.
  • Law Enforcement: If required by law.
  • Business Transfers: In the event of a merger or acquisition.
  1. Data Retention and Security

Personal data is stored only as long as necessary for the purposes outlined above. We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction.

  1. Your Data Rights

Depending on your state of residence, you may have the following rights:

  • Right to Access: Obtain a copy of your data.
  • Right to Deletion: Request data erasure.
  • Right to Correction: Update or correct your information.
  • Right to Data Portability: Receive data in a structured, machine-readable format.
  • Right to Opt-Out: Prevent the sale of your personal information.
  • Right to Non-Discrimination: Equal service regardless of exercising data rights.

To exercise your rights, contact us at hello@gsdesign.hu. We may need to verify your identity before processing your request.

  1. Data Transfers

Personal data may be transferred to and processed in countries other than the one in which you reside. When this occurs, GS Design ensures that adequate protection measures are in place.

  1. Policy Updates

We may update this Privacy Policy from time to time. The updated version will be posted on our website with the “Last Updated” date. Continued use of our services indicates acceptance of the changes.

  1. Contact Us

For any questions regarding this Privacy Policy or to exercise your data rights, please contact us at:

  • Email: hello@gsdesign.hu
  • Address: 3711 Szirmabesenyő, Kölcsey Ferenc utca 84, Hungary

DATA PROCESSING – MESSAGES AND CONTACT FORM

  1. Scope of Data Collection

When you contact us via our website contact form or other communication channels, we may collect the following personal data:

Personal Data

Purpose of Data Processing

Name, email address, phone number

Identification and communication.

Date and time of message sent

Technical data for system operation.

IP address at the time of message

Technical data for security purposes.
  1. Categories of Individuals Affected

This section applies to all individuals who send messages through the GS Design website contact form or other communication channels.

  1. Purpose of Data Processing

The collected data is processed to:

  • Respond to inquiries and provide customer support.
  • Maintain communication with customers.
  • Ensure the security and functionality of our website.
  1. Legal Basis for Data Processing
  • Consent: Your voluntary submission of personal data through the contact form or email constitutes consent.
  • Legitimate Interest: To ensure secure communication and maintain service quality.
  1. Duration of Data Retention

We retain your personal data until your inquiry is resolved. After resolution, data may be stored for a reasonable period for record-keeping, security, and legal compliance purposes, unless otherwise requested by you.

  1. Data Access and Sharing

The following parties may have access to your personal data:

  • GS Design (Data Controller): For communication and customer support purposes.
  • Service Providers: For secure email and website management (e.g., SalesAutopilot Kft.).
  • Law Enforcement or Regulatory Bodies: If legally required.

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

  1. Your Data Rights

Depending on your state of residence, you may have the following rights under U.S. data protection laws:

  • Right to Access: Obtain a copy of your personal data.
  • Right to Correction: Request correction of inaccurate data.
  • Right to Deletion: Request deletion of your data.
  • Right to Restriction: Limit the processing of your data.
  • Right to Data Portability: Receive a copy of your data in a structured format.
  • Right to Opt-Out of Sale: If applicable, prevent the sale of your data (CCPA).
  • Right to Non-Discrimination: Equal service regardless of exercising data rights.

To exercise these rights, please contact us via:

  • Email: hello@gsdesign.hu
  • Postal Address: 3711 Szirmabesenyő, Kölcsey Ferenc utca 84, Hungary
  1. Data Processing by Third Parties (Data Processors)

We use the following third-party service provider to process your data:

  • SalesAutopilot Kft.
    • Address: 1016 Budapest, Zsolt utca 6/A. V. em. 1.
    • Phone: (+36) 1 490 0172

This service provider has access to your data only for the purpose of providing their services to us and is contractually obligated to protect your data.

  1. Security Measures

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include secure communication protocols, data encryption, and access controls.

  1. Changes to This Policy

We may update this Data Processing Policy from time to time. The latest version will always be available on our website, and significant changes will be communicated to you.

DATA PROCESSING – CALCULATOR AND NEWSLETTER SUBSCRIPTION

  1. Scope of Data Collection

When you subscribe to our newsletter or use our online calculator, we may collect and process the following personal data:

Personal Data

Purpose of Data Processing

Name, email address, occupation

Sending news, updates, informational materials, and special offers.

Date and time of registration

Technical data for record-keeping.

IP address at the time of registration

Technical data for security purposes.
  1. Categories of Individuals Affected

This section applies to all individuals who register on the GS Design website to receive newsletters or use the online calculator.

  1. Purpose of Data Processing

The collected data is processed to:

  • Send you newsletters, promotional offers, and other relevant information.
  • Maintain communication with you.
  • Ensure the secure operation of our website and services.
  1. Legal Basis for Data Processing
  • Consent: Your voluntary subscription to our newsletter constitutes your consent to receive marketing and promotional communications.
  • Legitimate Interest: To keep you informed of our latest updates and offers.
  1. Duration of Data Retention

Your personal data will be processed until you withdraw your consent by unsubscribing from the newsletter. After unsubscribing, we will delete your data related to newsletter communications.

  1. Data Access and Sharing

The following parties may have access to your personal data:

  • GS Design (Data Controller): For communication and marketing purposes.
  • Service Providers: For secure email and newsletter management (e.g., SalesAutopilot Kft.).
  • Law Enforcement or Regulatory Bodies: If legally required.

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

  1. Your Data Rights

Depending on your state of residence, you may have the following rights under U.S. data protection laws:

  • Right to Access: Obtain a copy of your personal data.
  • Right to Correction: Request correction of inaccurate data.
  • Right to Deletion: Request deletion of your data.
  • Right to Restriction: Limit the processing of your data.
  • Right to Data Portability: Receive a copy of your data in a structured format.
  • Right to Opt-Out of Sale: If applicable, prevent the sale of your data (CCPA – California Consumer Privacy Act).
  • Right to Non-Discrimination: Equal service regardless of exercising data rights.

To exercise these rights, please contact us via:

  • Email: hello@gsdesign.hu
  • Postal Address: 3711 Szirmabesenyő, Kölcsey Ferenc utca 84, Hungary

You can also unsubscribe from our newsletter at any time by clicking the “Unsubscribe” link provided in each email.

  1. Data Processing by Third Parties (Data Processors)

We use the following third-party service provider to process your data:

  • SalesAutopilot Kft.
    • Address: 1016 Budapest, Zsolt utca 6/A. V. em. 1.
    • Phone: (+36) 1 490 0172

This service provider has access to your data only for the purpose of providing their services to us and is contractually obligated to protect your data.

  1. Security Measures

We take appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Secure communication protocols (HTTPS).
  • Data encryption in transit and at rest.
  • Access control policies limiting access to authorized personnel only.
  1. Changes to This Policy

We may update this Data Processing Policy from time to time. The latest version will always be available on our website, and significant changes will be communicated to you.

COOKIE POLICY

  1. Scope of Data Collection

When you visit our website, we use cookies and similar tracking technologies to collect and store information. This section explains how we use cookies, their purpose, and your rights regarding cookie management.

Cookie Type

Data Collected

Purpose

Expiration

Session Cookies

Session ID, Timestamp

Maintain user session and functionality.

Until the session ends.

Persistent Cookies

Unique Identifier

Remember user preferences and settings.

As specified in the cookie.

Analytics Cookies

IP address (anonymized), Device

Analyze website usage and performance.

As specified in the cookie.

Advertising Cookies

Click data, Conversion tracking

Measure ad performance and personalize ads.

As specified in the cookie.
  1. Categories of Individuals Affected

All visitors to the GS Design website.

  1. Purpose of Data Processing
  • Ensure the proper functioning of the website.
  • Improve user experience by remembering preferences.
  • Collect anonymous usage data for website optimization (Google Analytics).
  • Measure the effectiveness of our advertising campaigns (Google Ads).
  1. Legal Basis for Data Processing
  • Necessary Cookies: Processed based on our legitimate interest to maintain the functionality of the website.
  • Analytics and Advertising Cookies: Processed based on your consent, which you can provide or withdraw at any time.
  1. Duration of Data Retention
  • Session Cookies: Deleted automatically when you close your browser.
  • Persistent Cookies: Stored for the period specified in the cookie itself.
  • Analytics Cookies: Retained according to the settings of the analytics service provider (e.g., Google Analytics).
  1. Data Access and Sharing

We may share cookie data with:

  • GS Design (Data Controller): For website functionality and performance monitoring.
  • Google LLC: For analytics and advertising (Google Analytics, Google Ads).
    • Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  • Other third-party service providers: As necessary for technical support or security purposes.

We do not sell your cookie data to third parties.

  1. Your Data Rights

Depending on your state of residence, you may have the following rights under U.S. data protection laws:

  • Right to Access: Obtain information about the cookies we use.
  • Right to Delete: Clear cookies from your device.
  • Right to Manage Preferences: Control cookie settings through your browser.

To manage or delete cookies:

  • Adjust your browser settings (typically under “Privacy” or “Security”).
  • Use the “Manage Cookies” option on our website if available.
  1. Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies to help us analyze how users interact with our site.

  • We use IP anonymization, which means your IP address is shortened within the European Union or the European Economic Area before being transmitted to Google.
  • Google may process data in the United States.
  • You can prevent Google Analytics from collecting data by:
    • Installing the browser add-on for disabling Google Analytics: Download here.
    • Disabling cookies in your browser settings.

For more information on Google’s data practices, please review the Google Privacy Policy.

  1. Google Ads Conversion Tracking

We use Google Ads Conversion Tracking to measure the effectiveness of our advertising campaigns.

  • When you click on a Google ad and visit our website, a cookie is placed on your device.
  • This cookie does not contain personally identifiable information.
  • The cookie helps us determine which ads led to specific actions on our site (e.g., purchases, form submissions).
  • Each Google Ads customer receives a unique cookie, so your data cannot be tracked across multiple websites.

If you do not wish to participate in conversion tracking, you can:

  • Disable cookies in your browser settings.
  • Use Google’s Ad Settings page to control ad personalization: Manage your ads settings.
  1. Changes to This Policy

We may update this Cookie Policy from time to time. The latest version will always be available on our website, and significant changes will be communicated to you.

Social Media Platforms Data Processing

  1. Data Collection Facts

In compliance with Section 20 (1) of Act CXII of 2011 on Informational Self-Determination and Freedom of Information, we inform you about the following aspects of data processing related to social media platforms:

Data Collected

Purpose

Duration of Data Retention

Name, Profile Image

Identify users who like or share content

Retained until user withdraws consent or deletes profile data.
  1. Categories of Affected Individuals
  • All individuals who are registered and have liked our website on platforms such as Facebook, Twitter, Pinterest, YouTube, Instagram, etc.
  1. Purpose of Data Collection

The collected data is used to:

  • Share and promote specific content, products, or actions from our website on social media platforms.
  • Increase the visibility and popularity of our website and its offerings.
  1. Duration, Data Access, and Rights
  • The processing of data on social media platforms is governed by the privacy policies of the respective platforms.
  • Data retention, modification, and deletion are determined by the policies of the specific social media platform.
  • For detailed information regarding data access, management, and your rights, we recommend consulting the privacy settings of the respective social media platforms.
  1. Legal Basis for Data Processing
  • Data processing is based on the voluntary consent of the user to the processing of their personal data on social media platforms.
  1. Remarketing Ads and Third-Party Data Collection

Our company runs remarketing advertisements through Facebook’s advertising system. The advertisers may use cookies, web beacons, and similar technologies to collect or receive data about users from our website or other internet sources. This data is used to provide measurement services and targeted advertisements across Facebook’s partner network. These lists do not contain personal identifying information and cannot be used for user identification.

Customer Relations and Other Data Processing

  1. Customer Inquiries and Communication

If a customer has any inquiries or issues related to our services, they can contact us via the provided channels (phone, email, social media, etc.).

  • The company processes the received emails, messages, phone calls, and other contact data, such as names and email addresses, and deletes these data within two years from the initial communication.
  • For any data processing not covered in this document, we will inform you at the time of data collection.

In exceptional cases, in response to official requests or based on legal obligations, we are required to disclose information to authorities or other entities. The disclosed data will be limited to the minimum necessary for the specific purpose.

Data Security

  1. Data Protection Measures

We design and implement data processing operations to protect your privacy.

  • We use SSL encryption and other security measures to protect your personal data from unauthorized access, modification, transmission, disclosure, deletion, accidental destruction, or damage.
  • We ensure data security by taking technical and organizational measures to comply with data protection laws and regulations.
  1. Data Protection Practices

To ensure data integrity and confidentiality:

  • We employ security technologies to prevent unauthorized access and data breaches.
  • Our IT infrastructure is protected against fraud, espionage, viruses, spam, hacking, and other cyberattacks.
  1. Confidentiality and Data Access Control

We ensure that only authorized personnel have access to personal data and take necessary steps to prevent any misuse. All staff involved in data processing are carefully selected, monitored, and trained.

Summary of Security Measures

  • Protection against unauthorized access
  • Protection from data modification and unauthorized disclosure
  • Data is stored securely with proper access controls

The service provider guarantees that the data they handle will be accessible, accurate, and unaltered, ensuring data integrity and authenticity.

Rights of Data Subjects

  1. Request for Information and Data Rectification

The data subject may request information from the Service Provider regarding the processing of their personal data. They may request the correction of their personal data, or request the deletion or restriction of processing, except where mandatory data processing applies.

  1. Right to Access Data

Upon request, the data controller will provide information about the personal data it processes, including:

  • The data subject’s personal data and any data processed by the data processor authorized by the data controller.
  • The data’s source, processing purposes, legal basis, duration, the data processor’s name and contact information, and activities related to data processing.
  • Information about any data protection incidents, including their circumstances, effects, and corrective actions taken.
  • In cases where personal data is transferred, the legal basis and recipient of the data transfer.
  1. Internal Data Protection and Incident Management

The data controller, if it has an internal data protection officer, maintains records related to data protection incidents. These records include:

  • The scope of affected personal data, the individuals affected, the date and details of the incident, its impact, and corrective actions taken.

The controller also maintains a record of data transfers, including:

  • The date of transfer, the legal basis, and the recipient of the transferred data.
  • Any other data required by law.
  1. Rectification and Deletion of Data
  • If a personal data subject requests rectification, and the correct data is available, the data will be updated accordingly.
  • If the data is incorrect or incomplete and cannot be legally corrected, it will be deleted unless retention is required by law.
  • The data subject may request that their data be blocked instead of deleted if it is likely that deletion would infringe on their legitimate interests. Blocked data will only be processed for the purpose that prevented its deletion.
  1. Data Notification to Third Parties

If the personal data was previously shared with other parties for processing, the data controller will notify them of any rectifications, deletions, or blocks made, unless this would violate the interests of the data subject.

  1. Request Handling Time

The Service Provider will respond to any data access request within 25 days at the latest, providing the information in writing and in an understandable format. This service is free of charge.

  1. Refusal to Fulfill Request

If the data controller refuses to fulfill a request for rectification, blocking, or deletion, they will inform the data subject within 25 days, stating the legal and factual grounds for the refusal. The data subject will be informed of their right to seek judicial remedy or contact the Data Protection Authority.

Right to Object

The data subject may object to the processing of their personal data if:

  • The processing is necessary for the legal obligation of the Service Provider or for legitimate interests pursued by the controller or a third party, except when the processing is required by law.
  • The data is being used for direct marketing, public opinion research, or scientific research purposes.
  • Other situations specified by law.
  1. Investigation of Objection

The Service Provider will examine the objection and make a decision within 30 days. If the objection is upheld, the data processing will cease, and the data will be blocked. The Service Provider will also notify those who received the data previously about the objection and the steps taken.

  1. Judicial Review

If the data subject disagrees with the Service Provider’s decision, they may appeal to the court within 30 days of receiving the notification. The court will treat the case as a matter of priority.

Legal Redress

If the data processing is found to be non-compliant with the law, the data controller is obliged to prove compliance. Similarly, the data recipient must prove the legality of the data transfer. The court is responsible for resolving the dispute, and the data subject may initiate proceedings in the court of their residence or habitual place of stay.

The court may require the data controller to:

  • Provide information about the processing of the data.
  • Correct, block, or delete data, or annul decisions made through automated processing.
  • Ensure compliance with the right to object.

If the court rules that personal data should be deleted, the data controller must do so within 3 days of the decision. If the data recipient fails to initiate legal proceedings within the required time, the data controller is also obligated to delete the data.

Complaints to the National Data Protection and Freedom of Information Authority

If the data subject believes their rights have been infringed, they may file a complaint with the National Data Protection and Freedom of Information Authority:

  • Address: 1125 Budapest, Szilágyi Erzsébet Fasor 22/C.
  • Postal Address: 1530 Budapest, PO Box 5.
  • Phone: +36-1-391-1400
  • Fax: +36-1-391-1410
  • Email: ugyfelszolgalat@naih.hu

Court Action

The data subject has the right to seek judicial redress in the event of a violation. In these cases, the court will handle the matter expeditiously.

Compensation and Moral Damages

If the data controller unlawfully processes the data subject’s personal data or violates data security requirements, resulting in the infringement of the data subject’s personality rights, the data subject may claim moral damages from the data controller.

The data controller is also liable for damages caused by the data processor and is obligated to compensate the data subject for any moral damages resulting from the data processor’s violation of the data subject’s personality rights.

The data controller is relieved of liability for the damages caused and the obligation to pay moral damages if they can prove that the harm or violation of the data subject’s personality rights was caused by an unavoidable external cause beyond the scope of the data processing.

No damages or moral compensation will be required if the harm or violation of personality rights resulted from the data subject’s intentional or grossly negligent behavior.