Privacy Policy - Visual Symphony Art

Effective Date: From October 1, 2025

1. Introduction

It is highly important for us to comply with all currently applicable data protection regulations and laws. Therefore, below we detail and present our steps toward data protection and the processes related to data collection.

Data Controller’s Information

Name: Ágnes Zászkaliczky
Registered Office: Penzinger str.80/2. 1140-Wien Austria
Mailing Address: Penzinger str.80/2. 1140-Wien Austria
Phone Number: +43 67 634 58141
E-mail: agneszaszkaliczky@visualsymphonyart.com

Web Hosting Provider’s Information

Name: STOREO Magyarország Kft.
Address: 2724 Újlengyel, Petőfi Sándor utca 48.
Contact Information: info@storeo.hu

2. Types and Legal Basis for Personal Data

Personal Data refers to information that clearly allows for the precise identification of an individual. On this website, we process the following types of personal data, with the specific legal basis indicated:

COMMUNICATION DATA

This includes any message you send to us through the website, via email, social media message, or any other form of communication. We process and retain this data to fulfill orders and to serve as a basis for decision-making in the event of potential legal claims.

Our legal basis for this processing is the user’s demonstrable interest in our activities, which is manifested in the messages addressed to us.

USER DATA

This includes data generated during the use of the website, which allows for the technical operation of the site, maintenance of site security, storage of backups of user activity, and ensuring you always access the most relevant content.

The legal basis for processing this data is the user’s clear interest in our activities, for the provision and technical operation of which the storage of this data is necessary.

TECHNICAL DATA

This includes data generated during the use of the site, such as IP address, login information, browser data, time spent on individual pages, page views and navigation paths, number and timing of page visits, time zones, and device data used to view the site. The source of the data is our analytical software. We process this data to analyze user habits on the site, maintain the secure operation of our site, and understand the effectiveness of our marketing decisions.

MARKETING DATA

This includes the visitor’s preferences regarding the marketing content they are willing to receive from us. We process this data to allow participation in sweepstakes and to send advertisements related to our products/services in which the user has expressed interest.

The legal basis for processing this data is the user’s clear interest in our activities, which allows us to process this data in compliance with security requirements and to use it for business growth for more efficient operation. The collected data may occasionally be used for purposes such as providing targeted, relevant advertisements on the Facebook™ platform and various dynamic advertising spaces, and measuring the effectiveness of those advertisements.

In the course of our activities, we DO NOT collect sensitive data such as ethnicity, religious beliefs, sexual life and orientation, political opinions, trade union membership, or health background, and genetic or biometric information.

3. Methods of Data Collection

We may collect personal data directly provided by the user (for example, by sending a message). Furthermore, certain data is automatically collected during the use of the site, for example, through “cookies” and similar technologies. These only become active after the user provides consent. For more information, please see our Cookie Policy.

We receive certain data from external partners, such as analytical service providers like Google (a non-EU partner), and advertising networks like Facebook™ (a non-EU partner).

4. Our Practical Steps Related to Data Protection

The Seller and/or Data Controller considers the protection of user data and compliance with current regulations to be extremely important. Therefore:

After conducting a data protection impact assessment on the site, we have compiled a list of the collected data, their necessity, legal basis, and legal compliance. The Data Controller and the Seller consider the protection of user data and compliance with current regulations to be extremely important, thus we treat data protection as a priority on the site and have made significant efforts to securely collect the information gathered by the site.
We use an SSL certificate (Let’s Encrypt Authority X3 certification) across the entire website to protect data provided in forms and generated on the site.
To protect the site against attacks, we use premium security software (Wordfence Security) to protect stored data against “brute force” and viral attacks.
Purchasing and user data in the site’s databases are stored in an encrypted form (pseudonymised), making them unreadable to external parties.
In this Privacy Policy, we provide users with forms to request information regarding the processing of their personal data, and to request the modification or deletion of their personal data.
From time to time, it is necessary to provide data to our service partners for the purpose of our business activities (e.g., web hosting provider, courier company, newsletter software). In such cases, we always choose partners who comply with GDPR requirements, and in the case of US-based partners, participate in the EU-US Privacy Shield data protection initiative, and we sign a data processing agreement with them, ensuring the responsible handling of data.

5. Marketing Communication

Conducting marketing communication is essential for the company’s activities. The legal basis for data processing related to this is the demonstration of interest in our services or the explicit consent of the users. According to the European Union’s Privacy and Electronic Communications Regulations (PECR), we send marketing messages to our users if they have purchased from us or have explicitly consented to receiving marketing messages.

We always provide a clearly visible way to suspend consent and unsubscribe from messages. An unsubscribe link is available at the bottom of every email, or removal from the database can be requested via the email address found on our contact page. Even if you unsubscribe from marketing communication, we may still send messages, but only those related to the fulfillment of your orders.

6. Notes on Personal Data

It is sometimes necessary to share certain personal data with certain partners to maintain normal business operations:

IT service providers and providers performing troubleshooting and maintenance on computer systems.
Expert partners, such as lawyers, accountants, bankers, insurers.
Government agencies that request reports on our activities.

International Data Transfers

For the purpose of maintaining business operations, it is sometimes necessary to share user data with service partners outside the European Economic Area (EEA). Countries outside the EEA often do not provide the same level of data protection, and therefore European laws prohibit the export of data in the absence of the fulfillment of appropriate conditions. Whenever personal data is transferred outside the EEA, we take the following steps in addition to those discussed in Section 4 to ensure the secure handling of the data:

We only transfer data to countries deemed adequate for data security purposes by the European Commission.
We only use US-based services that are part of the EU-US Privacy Shield data security initiative.

If the above conditions are not met, we will ask for the explicit consent of the users for the data transfer. Consent can be withdrawn at any time.

Links to External Sites

This site occasionally contains links leading to external sites, or code snippets embedded in the site that ensure the operation of external services. Clicking on these links or using the embedded solutions may allow external partners to collect data about users. Although we do everything possible to properly vet our partners, we have no control over their privacy principles and are not responsible for their data processing practices.

7. Duration of Data Processing

We always store user data only for as long as our legal/accounting/reporting obligations require, or as long as it is necessary for the operation of the service. When deciding on the retention period, we take into account the quantity, nature, and sensitivity of the data, and the potential impact of its leakage in the event of a data breach.

For tax reasons, we must retain customers’ invoicing and purchase data for at least 8 years to fulfill our legal obligations. Under certain circumstances, we may use data in an anonymized form for statistical purposes, in which case we store the data indefinitely without further notice.

8. Visitor Rights

As a citizen of the European Union, the General Data Protection Regulation (GDPR) grants the following rights to the users of the site:

a, Access to Personal Data Users of the site have the right to request a copy of the personal data stored by our website. The request is generally fulfilled free of charge within 14 days of the request. In case of repeated, abusive, or unjustified data requests, the Seller may charge a moderate fee for providing the data, and additional time may be required to provide the data. Furthermore, the Seller and/or Data Controller will request proof of identity before releasing the data to prevent abusive use. To request your personal data, please email us at the address found on our contact page.

b, Rectification of Personal Data If your personal data has changed or was provided incorrectly, users have the right to request the modification of the data. To request the modification of your personal data, please contact us at the email address found on our contact page.

c, Request for Deletion of Personal Data Users have the right to request the deletion of all their personal data. We will fulfill the request free of charge within 14 days of the request. After the deletion of personal data, the user account will not be accessible, and thus any purchased materials may become unavailable, as the personal data associated with the user account are essential for accessing the service. The Seller and/or Data Controller will request proof of identity before deleting personal data to prevent abusive use. To request the deletion of your personal data, please contact us at the email address found on our contact page.

d, Request for Restriction of Personal Data Processing Users have the right to request the restriction of the disclosure of their data to third parties (service partners). When submitting the request, the service partners to be restricted can also be named. It is important to note that cooperation with certain service providers is essential for the operation of the site (e.g., Paylike as a payment service provider), so their restriction may result in the site’s services becoming unavailable to the user. The Seller and/or Data Controller will request proof of identity before restricting the transfer of personal data to prevent abusive use. To request the restriction of the transfer of your personal data, please contact us at the email address found on our contact page.

In Hungary, the official body dealing with data protection is the National Authority for Data Protection and Freedom of Information (NAIH). Users can find more information about their data protection rights on the NAIH website.

National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság, NAIH)
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing Address: 1530 Budapest, Pf.: 5.
Phone: +36 1 391 1400 Fax: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu

9. Anonymized Data and “COOKIES”

The website uses so-called “cookies” and similar technologies, such as tracking codes, re-marketing tags, and pixels, in email messages and advertisements, which become active only after the user’s consent. These technologies help us better understand user behavior and interests, thereby assisting us in maintaining a higher standard and more efficient operation. Our goal is to make the use of our website as user-friendly and personalized as possible.

If the user wishes to prohibit these technologies from recording non-personal data, this can be done in the following ways:

by blocking their loading through the cookie warning displayed on the website;
by disabling “cookies” in the browser;
or by using http://www.youronlinechoices.eu/.