Privacy policy

Toscana Confectionery Ltd.
Office: 9025 Győr, Szent Imre u 99.
Company registration number: 08 09 020873
Tax number: 23033805-2-08
Website: https://royaldesserts.hu/

Date of entry into force: 17.10.2024

This privacy notice is the Toscana Confectionery Ltd. ("Data Controller"), in accordance with the applicable legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation - GDPR).

1. Purpose of data processing

The Controller processes personal data for the following purposes:

  • Website operation and analysis of traffic statistics.
  • Relationships and communication.
  • Providing services (e.g. orders, home delivery, special requests).
  • Billing, meeting legal obligations.
  • Marketing activities, sending newsletters, where the data subject has given his or her prior consent.
  • Complaints handling and customer service.

2. Legal basis for processing

The processing is based on the following legal bases:

  • Contribution: The data subject voluntarily consents to the processing of his/her personal data (Article 6(1)(a) GDPR).
  • Performance of the contract: Processing is necessary for the performance of the contract (Article 6(1)(b) GDPR).
  • Fulfilling a legal obligation: Billing, compliance with legal requirements (Article 6(1)(c) GDPR).
  • Legitimate interest of the Data Controller: For example, handling customer service complaints, website traffic analysis (Article 6(1)(f) GDPR).

3. Scope of data processed

  • Contact details: name, e-mail address, telephone number.
  • Billing data: name, address, tax number.
  • Technical data: IP address, browsing history, cookie management.
  • Ordering information: order history, preferences, delivery address.

4. Duration of data processing

The Data Controller processes the data for the time necessary to fulfil the purpose:

  • In the case of a newsletter, until consent is withdrawn.
  • In the case of invoicing, for the period required by tax legislation (typically 8 years).
  • In the case of contractual relationships, for 5 years after the termination of the contract.

5. Data transfers and data processors

The Data Controller will not transfer the data to third parties, except:

  • to public authorities when fulfilling legal obligations,
  • to data processors (e.g. courier, accounting) who process the data strictly on the basis of the mandate and to the extent necessary.

6. Rights of data subjects

Data subjects have the following rights:

  • Right of access: The data subject may request information from the Data Controller about the personal data processed about him or her.
  • Right of rectification: The data subject may request the modification or correction of his/her data.
  • Right to erasure: In certain cases, you can request the deletion of your personal data.
  • Right to restrict processing: You can request the restriction of the processing of your data.
  • Right to data portability: The data subject may request that his or her personal data be transferred to another controller.
  • Right to object: You can object to processing if it is based on a legitimate interest.
Privacy

7. Handling cookies

The website uses cookies to enhance the user experience and to analyse the functioning of the website. The user can change the cookie settings in his/her browser at any time.

8. Data security

The Data Controller shall ensure the security of personal data, protect them against unauthorized access, modification, destruction by security measures.

9. Complaints handling

Data subjects may lodge a complaint about data processing with the National Authority for Data Protection and Freedom of Information (NAIH):

10. Amendments to the privacy notice

The Data Controller reserves the right to amend the Privacy Notice at any time. Any changes will be published on the website.