Privacy Policy

The purpose of this Privacy Policy (hereinafter: Policy) is to provide comprehensive information about the data processing practices of Tibszabo Visuals (Tibor Szabó sole proprietor) (hereinafter: Data Controller), the rights and obligations of data subjects under Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and related Hungarian legislation.

Data Controller Name:
Tibszabo Visuals (Tibor Szabó sole proprietor)

Registered Address:
2654 Romhány, Május 1 telep 14., Hungary

Registration Number:
60952570

Tax Number:
91353537-1-32

Email Address:
hello@tibszabovisuals.com

Website:
https://tibszabovisuals.com

Data Protection Officer:
The Data Controller is not required to appoint a data protection officer based on the nature and volume of its activities.

Personal Data: any information relating to an identified or identifiable natural person.

Data Subject: any identified or identifiable natural person whose personal data is being processed.

Data Processing: any operation or set of operations performed on personal data.

Consent: any freely given, specific, informed and unambiguous indication of the data subject's wishes.

4.1.1 Purpose of Data Processing

• Enabling contact establishment
• Handling inquiries
• Preparing quotations
• Providing customer service
• Project-related communication
• Maintaining contact for post-production and corrections

4.1.2 Legal Basis for Data Processing
GDPR Article 6(1)(a) - data subject's consent

4.1.3 Scope of Personal Data Processed

• Name (required data)
• Email address (required data)
• Phone number (optional data)
• Message content (voluntarily provided data)

4.1.4 Source of Personal Data
Data voluntarily provided directly by the data subject through the contact form available on the website.

4.1.5 Duration of Data Processing

A) If the data subject does NOT subscribe to the newsletter:

• Data storage lasts for 30 days after project completion
• The 30-day period ensures communication for potential post-production and corrections
• Provides opportunity for the client to order additional photos or additional services for the original project

B) If the data subject subscribes to the newsletter:

• Data storage lasts until consent is withdrawn
• Data is deleted immediately upon withdrawal

4.1.6 Recipients (Data Transfer)
The Data Controller does not transfer personal data to third parties. Data is used exclusively for contact maintenance and project execution.

4.2.1 Purpose of Data Processing

• Sending newsletters
• Information about photography and videography services
• Sending promotional materials
• Email marketing activities

4.2.2 Legal Basis for Data Processing
GDPR Article 6(1)(a) - data subject's consent

4.2.3 Scope of Personal Data Processed

• Name (required data)
• Email address (required data)

4.2.4 Source of Personal Data

• Independent newsletter subscription form
• Optional subscription through contact form

4.2.5 Duration of Data Processing
Data storage lasts until consent is withdrawn. The data subject can unsubscribe from the newsletter at any time.

4.2.6 Method of Consent
Optional checkbox selection on the contact form: "I would like to receive email updates about current offers and news."

4.2.7 Recipients
Email addresses are not shared with third parties. Used exclusively for sending our own newsletters.

4.3.1 Purpose of Data Processing

• Receiving telephone inquiries
• Providing information
• Providing consultation services

4.3.2 Legal Basis for Data Processing
GDPR Article 6(1)(a) - data subject's consent

4.3.3 Scope of Personal Data Processed

• Caller's name
• Phone number (optional data)
• Subject of inquiry

4.3.4 Duration of Data Processing
Data learned during telephone contact is stored for a maximum of 30 days.

4.4.1 Purpose of Data Processing

• Handling email inquiries
• Project-related communication
• Sending quotations

4.4.2 Legal Basis for Data Processing
GDPR Article 6(1)(a) - data subject's consent

4.4.3 Scope of Personal Data Processed

• Email address
• Name
• Other information provided in the email

4.4.4 Duration of Data Processing
The storage period for data processed during email communication matches the contact form data processing: 30 days after project completion.

4.5.1 Purpose of Data Processing

• Measuring website traffic
• Service development
• Analyzing visitor behavior

4.5.2 Legal Basis for Data Processing
GDPR Article 6(1)(f) - Data Controller's legitimate interest (website development)

4.5.3 Scope of Data Processed

• Browser type
• Device type (mobile phone, tablet, desktop computer)
• Visitor's city (based on IP address)
• Visit time
• Pages viewed

4.5.4 Nature of Personal Data
The stored statistical data does not contain personal data and is not suitable for identifying visitors.

4.5.5 Duration of Data Processing
Statistical data is retained for a maximum of 2 years.

4.6.1 Types of Cookies
The website stores only cookies necessary for the operation of the Google reCAPTCHA service on the user's computer.

4.6.2 Google reCAPTCHA

• Purpose: Protection against spam and automated attacks on the contact form
• Data Controller: Google LLC
• Data Processing Terms:
  • Google Privacy Policy
  • Google Terms of Service

4.6.3 Cookie Management
Users can delete or disable cookies in their browser at any time, however, this may affect the proper functioning of the website.

5.1 RIGHT TO INFORMATION
The data subject has the right to receive feedback from the Data Controller as to whether or not their personal data is being processed, and if so, has the right to access the personal data and related information.

5.2 RIGHT OF ACCESS
The data subject has the right to request information from the Data Controller about the following aspects of data processing:

• the purposes of data processing
• the categories of personal data concerned
• the categories of recipients with whom the personal data have been shared
• the envisaged period for which the personal data will be stored
• the data subject's rights
• the right to lodge a complaint

5.3 RIGHT TO RECTIFICATION
The data subject has the right to request the Data Controller to rectify inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed.

5.4 RIGHT TO ERASURE ("RIGHT TO BE FORGOTTEN")
The data subject has the right to request the Data Controller to erase personal data concerning them, and the Data Controller is obliged to erase personal data without undue delay if one of the following grounds applies:

• the personal data are no longer necessary for the purposes for which they were collected
• the data subject withdraws consent
• the data subject objects to the processing
• the personal data have been unlawfully processed
• the personal data have to be erased for compliance with a legal obligation

5.5 RIGHT TO RESTRICTION OF PROCESSING
The data subject has the right to request the Data Controller to restrict processing if one of the following applies:

• the data subject contests the accuracy of the personal data
• the processing is unlawful
• the data subject needs the data for the establishment, exercise or defense of legal claims

5.6 RIGHT TO DATA PORTABILITY
The data subject has the right to receive the personal data concerning them in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller.

5.7 RIGHT TO OBJECT
The data subject has the right to object at any time to the processing of personal data concerning them for reasons related to their particular situation.

6.1 Right to Withdraw
The data subject may withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

6.2 Method of Withdrawal
Consent can be withdrawn:

• By email: by sending a message to hello@tibszabovisuals.com
• By mail: by sending a letter to 2654 Romhány, Május 1 telep 14.
• For newsletters: using the unsubscribe link in the newsletter

6.3 Consequences of Withdrawal
After the withdrawal of consent, the Data Controller immediately ceases data processing and deletes the data subject's personal data.

7.1 TECHNICAL MEASURES
The Data Controller ensures the security of personal data through appropriate technical measures:

• Access Control: only authorized persons have access to the data
• Data Encryption: data storage and transmission occurs in encrypted form
• Security Backups: regular security backups are created
• Firewall: network security is protected by firewall

7.2 ORGANIZATIONAL MEASURES

• Access Rights: application of the principle of minimal privileges
• Data Processing Procedures: documented data processing processes
• Incident Response Plan: procedures for handling data protection incidents

8.1 REPORTING OBLIGATION
The Data Controller reports personal data breaches that are likely to result in a high risk to the rights and freedoms of natural persons without undue delay, and if possible, no later than 72 hours after becoming aware of the data protection incident, to the supervisory authority.

8.2 NOTIFICATION OBLIGATION
If the data protection incident is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller notifies the data subject of the data protection incident without undue delay.

9.1 RIGHT TO LODGE A COMPLAINT
The data subject has the right to lodge a complaint with the supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to them infringes the GDPR.

9.2 SUPERVISORY AUTHORITY
National Authority for Data Protection and Freedom of Information (NAIH)

• Mailing Address: 1530 Budapest, Pf.: 5.
• Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
• Phone: +36 (1) 391-1400
• Fax: +36 (1) 391-1410
• Email: ugyfelszolgalat@naih.hu
• Website: www.naih.hu

The Data Controller uses the following data processors in the processing of personal data:

10.1 WEB HOSTING PROVIDER - HOSTINGER

• Provider Name: Hostinger International Ltd.
• Address: 61 Lordou Vironos Street, 6023 Larnaca, Cyprus
• Data Processing Purpose: Website hosting, data storage, server services
• Scope of Data Processed: Contact form data, statistical data, website content
• Legal Basis: Data processing agreement under GDPR Article 28
• Data Centers: EU (Netherlands, Lithuania), compliance with security requirements
• Security Measures: ISO 27001 certification, 24/7 monitoring, DDoS protection
• Additional Information: Hostinger Security Measures

10.2 EMAIL SERVICE PROVIDER

• Provider Name: Apple iCloud
• Address: Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA
• Data Processing Purpose: Email communication and newsletter sending
• Scope of Data Processed: Email addresses, message content
• Legal Basis: Data processing agreement under GDPR Article 28

10.3 GOOGLE LLC (reCAPTCHA)

• Provider Name: Google LLC
• Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
• Data Processing Purpose: Spam protection
• Scope of Data Processed: IP address, browser data
• Legal Basis: Data processing agreement
• Privacy Terms: Google Privacy Policy

11.1 HOSTINGER DATA TRANSFER
Hostinger International Ltd. is headquartered in Cyprus (EU member state), however it operates data centers in other countries as well. The Data Controller ensures that data is primarily stored in EU data centers.

11.2 GOOGLE RECAPTCHA
Due to the use of Google reCAPTCHA service, personal data may be transferred to the United States. Google LLC has an adequacy certificate under the EU-US Data Protection Framework Agreement.

The Data Controller does not engage in automated individual decision-making, including profiling.

The Data Controller's services are primarily intended for adults. Processing of data of children under 16 years of age is only possible with parental or guardian consent.

14.1 RIGHT TO MODIFY
The Data Controller reserves the right to modify this Privacy Policy. Modifications take effect upon publication on the website.

14.2 NOTIFICATION OF CHANGES
In case of significant changes, the Data Controller notifies data subjects by email, provided they have an email address and have subscribed to the newsletter.

This Privacy Policy enters into force on September 28, 2025.

Last Modified: September 28, 2025.

For questions and requests related to data processing, please contact the Data Controller with confidence:

• Email: hello@tibszabovisuals.com
• Mailing Address: 2654 Romhány, Május 1 telep 14.