Privacy & Cookie Policy – The Art Paddock

1. Data Controller

Current: Bereczki Olivér Miklós (private individual)
Future business: The Art Paddock (upon business registration)
Address: 6725 Szeged, Ballagi-tó sor 46., Hungary
Email: [email protected]
Phone: +36 70 669 6880
Website: theartpaddock.com
Future VAT number: [To be added upon business registration]

 

2. What Personal Data We Collect

• Contact form submissions: name, email address, phone number (optional), and your message content.
• Webshop orders (future): name, email, phone, shipping address, billing address, purchased artworks/prints, order history, payment information (processed by payment providers).
• Email communications: any information you provide via email correspondence.
• Social media interactions: information from Facebook, Instagram when you contact us or engage with our posts.
• Technical data automatically collected:
  • IP address (anonymized after collection)
  • Browser type, version, and settings
  • Device information (type, operating system)
  • Pages visited, time spent on site, click patterns
  • Referrer information (how you found our site)
  • Geographic location (country/city level)
  • Search queries leading to our site
• Analytics data: website usage statistics, user behavior patterns, demographic information via Google Analytics.
• Security data: login attempts, potential threats, security logs via Wordfence.

 

3. Purpose and Legal Basis for Processing

• Responding to inquiries – consent (GDPR Art. 6(1)(a))
• Processing and fulfilling orders – contract performance (GDPR Art. 6(1)(b))
• Payment processing – contract performance (GDPR Art. 6(1)(b))
• Shipping and delivery – contract performance (GDPR Art. 6(1)(b))
• Legal compliance (accounting, tax obligations) – legal obligation (GDPR Art. 6(1)(c))
• Website security and fraud prevention – legitimate interest (GDPR Art. 6(1)(f))
• Website analytics and improvement – consent (GDPR Art. 6(1)(a))
• Marketing communications – consent (GDPR Art. 6(1)(a))
• Customer service and support – legitimate interest (GDPR Art. 6(1)(f))

 

4. Data Sharing with Third Parties

We do not sell, rent, or trade personal data. Data is only shared with trusted service providers:

Essential Services:

• Web Hosting: Sybell Kft. – server hosting, technical infrastructure
• CDN & Security: Cloudflare – content delivery, DDoS protection, DNS
• Website Platform: WordPress/Automattic – content management system

Analytics & SEO:

• Google Analytics: Google LLC – website usage statistics
• Google Search Console: Google LLC – search performance data
• Site Kit by Google: Google LLC – integrated analytics and search data
• Yoast SEO: Yoast BV – SEO optimization data

Security & Compliance:

• Wordfence Security: Defiant Inc. – security monitoring, threat detection
• Complianz GDPR: Complianz B.V. – cookie consent management
• Limit Login Attempts: Security plugin for login protection

Communication:

• Email Services: Google (Gmail) – email communications
• Social Media: Meta (Facebook, Instagram) – social media interactions

Future E-commerce Services:

• Payment Processors: Stripe, PayPal, Barion, or bank transfer – payment processing
• Shipping Companies: Magyar Posta, GLS, DPD, international courier services
• Print Services: Local or international printing partners for artwork reproduction
• Accounting Software: For invoice generation and financial record keeping

International Data Transfers: Some processors are based outside the EU (primarily in the US). Transfers are protected by:

• EU Adequacy Decisions (where applicable)
• Standard Contractual Clauses (SCCs)
• Data Processing Addendums with appropriate safeguards

 

5. Data Retention Periods

• Contact inquiries: 12 months after resolution or until deletion request
• Customer orders: 8 years (Hungarian accounting law requirement)
• Payment records: 8 years (tax compliance)
• Analytics data: 26 months (Google Analytics default) or until consent withdrawal
• Server logs: 12 months for security purposes
• Security logs: 12 months (Wordfence data)
• Marketing data: Until consent withdrawal or 3 years of inactivity
• Cookies: Varies by type (see detailed cookie table below)

 

6. Your GDPR Rights

Under GDPR, you have the following rights:

• Right of access: Request copies of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion (where legally permitted)
• Right to restrict processing: Request limitation of data use
• Right to data portability: Receive your data in machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for consent-based processing
• Right to file a complaint: Lodge complaints with supervisory authorities

How to exercise rights: Email us at [email protected] with your request. We respond within 30 days.

 

7. Data Security Measures

We implement comprehensive security measures:

• Encryption: SSL/TLS certificates for all data transmission
• Access Control: Restricted access to personal data, strong authentication
• Security Monitoring: Real-time threat detection via Wordfence
• Login Protection: Brute force attack prevention, failed login limits
• Hidden Login URLs: WPS Hide Login plugin for additional security
• Regular Updates: WordPress core, themes, and plugins kept current
• Secure Hosting: Professional hosting with security features
• Data Backups: Regular encrypted backups stored securely
• File Upload Security: Big File Uploads plugin with security scanning

 

8. Detailed Cookie Information

What are cookies? Small text files stored on your device that help websites function and analyze usage.

Cookie Categories & Management:

Our Complianz GDPR plugin provides a cookie banner where you can manage your preferences for non-essential cookies.

Cookie Type	Purpose	Duration	Consent Required
Strictly Necessary	WordPress sessions, security functions, cookie preferences	Session / 1 year	No
Analytics	Google Analytics (_ga, _ga_*, _gid, _gat), Site Kit data	1 day – 2 years	Yes
Performance	Cloudflare optimization, caching	Session – 1 year	No
Security	Wordfence threat detection, login protection	24 hours – 1 year	No
Marketing (Future)	Facebook Pixel, Google Ads, retargeting	90 days – 2 years	Yes

Cookie Control Options:

• Our Cookie Banner: Accept/reject categories when first visiting
• Browser Settings: Block or delete cookies in your browser preferences
• Google Analytics Opt-out: Install browser add-on
• More Information: allaboutcookies.org

 

9. Server Logs & Technical Data

Sybell hosting automatically collects server access logs including:

• IP addresses (anonymized after 30 days)
• Requested URLs and response codes
• Browser user agent strings
• Referrer information
• Timestamps of requests
• Data transfer volumes

This data is used for website performance monitoring, security analysis, and troubleshooting technical issues.

 

10. E-commerce Data Processing (Future Webshop)

When our webshop launches, additional data processing will include:

Order Processing:

• Customer Information: Billing/shipping addresses, phone numbers
• Order Details: Selected artworks/prints, quantities, customization requests
• Payment Data: Processed securely by certified payment providers (PCI DSS compliant)
• Shipping: Tracking information, delivery confirmations

International Sales:

• Customs Declarations: Product descriptions, values for international shipping
• Tax Compliance: VAT handling for EU customers, documentation for tax authorities
• Currency Processing: Exchange rate calculations, multi-currency support

 

11. Marketing & Communications

We may use your contact information for:

• Order Updates: Status notifications, shipping confirmations
• Customer Service: Support inquiries, problem resolution
• Marketing (with consent): New artwork announcements, special offers
• Social Media: Responses to comments/messages on Facebook/Instagram

Unsubscribe: All marketing emails include unsubscribe links, or email [email protected]

 

12. International Data Transfers & Global Customers

We welcome customers worldwide. For non-EU visitors:

• GDPR standards apply to all data processing
• Same privacy rights regardless of location
• Data transfers protected by appropriate safeguards
• Local privacy laws also respected where applicable

 

13. Children’s Privacy

Our website and services are not directed at children under 16. We do not knowingly collect personal data from minors. Parents/guardians discovering we’ve collected their child’s data should contact us immediately for deletion.

 

14. Data Breach Notification

In the unlikely event of a data breach affecting your personal information:

• We will notify the Hungarian Data Protection Authority within 72 hours
• Affected individuals will be informed if the breach poses high risk
• We will take immediate steps to secure the breach and prevent further unauthorized access

 

15. Business Transitions

If The Art Paddock is sold, merged, or undergoes business reorganization, your personal data may be transferred to the new entity. You will be notified of any such change and your rights will remain protected under this privacy policy.

 

16. Policy Updates

This policy may be updated to reflect:

• Changes in our data processing practices
• New features or services
• Legal or regulatory requirements
• Industry best practices

Notification: Material changes will be posted prominently on our website. Continued use indicates acceptance of updates.

 

17. Contact Information & Complaints

For privacy questions or to exercise your rights:

The Art Paddock – Data Protection Contact:
Email: [email protected]
Phone: +36 70 669 6880
Address: 6725 Szeged, Ballagi-tó sor 46., Hungary
Response Time: Within 30 days of receiving your request

Hungarian Data Protection Authority (NAIH):

Official Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary
Website: www.naih.hu
Email: [email protected]
Phone: +36 1 391 1400

---

The Art Paddock – Automotive Art Reimagined
This privacy policy was last updated on August 27, 2025
www.theartpaddock.com