Privacy Policy

# Privacy Policy

## 1. Controller
The data controller of the personal data processed in the Service is:
- **Name:** Judit Lajtár (private entrepreneur, KATA)
- **Registered address:** 1039 Budapest, Czuczor utca 5., Hungary
- **Tax number:** 76384215-1-41
- **E-mail:** imeszarosildiko@gmail.com
- **Phone:** available on request via e-mail

(the "Operator" or "Controller"). The Operator has not appointed a Data Protection Officer, as this is not required by law.

## 2. Data We Process
- **Account data**: email address, hashed password, email verification status, last login timestamp.
- **Profile data**: child's display name, optional child name and class/group, institution and session, QR token (only a hashed value is stored; the raw token is shown only once to the photographer).
- **Gallery and order data**: favorites, cart contents, ordered items, selected photos, download records, order status.
- **Billing data** (at checkout): billing name, billing address, email, order total, payment status, Barion transaction reference, issued invoice identifier.
- **Technical data**: IP address and user-agent for rate limiting and security logging, session cookies.
- **Audit log**: administrative actions performed by the Operator on profiles, orders and terms documents.

## 3. Purposes and Legal Bases
- Providing the Service (account, gallery, cart, orders): performance of a contract between you and the Operator (GDPR Art. 6(1)(b)).
- Billing, accounting and tax compliance: legal obligation (Art. 6(1)(c)).
- Fraud prevention, rate limiting, audit logs: legitimate interest of the Operator (Art. 6(1)(f)).
- Sending order confirmations and password-reset / email-verification messages: contract performance.
- Marketing communication: only with your explicit opt-in consent (Art. 6(1)(a)).

## 4. Retention
- **Gallery photos, QR tokens, favorites, cart**: automatically deleted after a purge date set per session (typically 30 days after the ordering deadline). After this date the QR code stops working and the originals are removed.
- **Orders and invoices**: retained for 8 years as required by Hungarian accounting rules.
- **Parent accounts**: retained while you have an active account; you can request deletion (see Rights below). Orders linked to the account will be anonymised rather than deleted where legal retention applies.
- **Audit logs**: retained for up to 2 years.
- **Rate-limit records**: retained only for the sliding window (minutes).

## 5. Recipients and Processors
- **Barion Payment Zrt.** (registered seat: 1117 Budapest, Infopark sétány 1.; licensed e-money institution, licence number H-EN-I-1064/2013): processes online card payments and, through the Barion Pixel (see section 5a), performs fraud-prevention analytics. Barion receives the transaction amount, order identifier, technical payer data, and – for Barion Pixel – device/browser identifiers, pseudonymised user identifiers, viewed products and conversion events.
- **SMTP provider**: sending transactional emails (verification, password reset, order notifications).
- **Hosting**: the Service runs on a dedicated VPS operated for the Operator; data does not leave the EU/EEA.
- **Institution**: the Operator may share aggregated production lists (child name, class, product, pickup code) necessary for pickup.

## 5a. Barion Pixel (fraud prevention)
- The Service embeds the **Base Barion Pixel** provided by Barion Payment Zrt. exclusively for **payment fraud prevention** purposes (in line with Barion’s onboarding requirements).
- The Pixel may read and set cookies and local identifiers in your browser and transmit to Barion: IP address, device and browser fingerprint data, user-agent, clicked and viewed pages, timing information and events related to the ordering flow.
- The Pixel uses **pseudonymised identifiers only** and does not receive card data.
- Legal basis: **legitimate interest** of the Operator and Barion in detecting and preventing payment fraud (GDPR Art. 6(1)(f)). The balancing test weighed the minimal, pseudonymised nature of the data against the clear security benefit for both the User and the Operator.
- Data retention by Barion follows Barion’s own retention policy (see https://www.barion.com/hu/adatvedelmi-tajekoztato/).
- By accepting these Terms of Service and the Privacy Policy at login / registration / QR entry / checkout you confirm that you have been informed about the Barion Pixel. You may object to this processing at any time by e-mail – in that case your access to online card payment may be limited. See also the Barion Pixel supplementary terms: https://www.barion.com/hu/szolgaltatasok/vallalkozasoknak/barion-pixel/.

We do not sell your personal data.

## 6. International Transfers
Data is stored within the European Economic Area. If a processor (e.g. an SMTP provider) transfers data outside the EEA, this is done under GDPR-compliant safeguards (Standard Contractual Clauses).

## 7. Your Rights
Under the GDPR you have the right to:
- access your data;
- request rectification;
- request erasure (subject to legal retention);
- restrict or object to processing;
- data portability;
- withdraw consent at any time (for consent-based processing);
- lodge a complaint with the Hungarian Data Protection Authority (NAIH, https://naih.hu).

Requests can be sent to the Operator via the contact information communicated through the institution.

## 8. Security
- Passwords are stored only as salted bcrypt hashes.
- QR tokens are stored only as hashes; raw tokens are shown once to the Operator.
- Transport is protected by HTTPS/TLS.
- Access to the administrative interface requires an admin account and is logged.
- Uploaded originals and digital deliverables are stored outside the public web root and served only through authenticated routes.

## 9. Cookies
- **Strictly necessary cookies**: required to keep you signed in (parent session, admin session, locale preference, CSRF protection). These cannot be switched off.
- **Barion Pixel / fraud-prevention cookies** (see section 5a): set by Barion Payment Zrt. for fraud prevention during the checkout process. Legal basis is legitimate interest; accepting the Terms of Service and Privacy Policy signals that you have been informed about this processing.
- We do **not** use advertising, remarketing or cross-site behavioural-tracking cookies.
- Cookies set by Barion can be cleared via your browser’s standard cookie-management settings.

## 10. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects concerning you.

## 11. Changes
We may update this Privacy Policy. Material changes will trigger a new acceptance request on your next login, registration or QR entry.

Last updated: 2026-05-22