Legal document

Privacy Policy

Effective from: 1 January 2025 · Under GDPR (EU 2016/679) and the Hungarian Information Act (Act CXII of 2011)

This English translation is provided for convenience. In case of any conflict, the original Hungarian version (/adatvedelem) shall prevail.

1

Data controller details

Data controller: Papasvili György Armen
Form: Sole proprietor
Tax ID: 59315784-1-42
Reg. no.: 57334558
Registered office: 1081 Budapest, Alföld utca 18. 2nd floor, door 47, Hungary
Operating site: 1182 Budapest, Hímesháza utca 4., Hungary

The data controller is not required to appoint a Data Protection Officer (DPO). For privacy-related queries, please contact [email protected].

2

Categories of personal data processed

Registration and account

DataPurpose
Full nameIdentification, correspondence, package addressing
Email addressLogin, notifications
Phone numberContact by the courier
Customer IDMapping packages to the Customer

Shipping-related data

  • Shipping address: Name, street, postal code, city, country, phone — for forwarding the package
  • Package data: Arrival date, sender, contents (if disclosed), weight, tracking number
  • Billing data: Billing address, transaction ID (card number is not stored)

Technical data

  • IP address: Secure operation, abuse prevention
  • Session cookie: Maintain the logged-in session
  • Browser type, OS: Technical troubleshooting (anonymised)
3

Purpose and legal basis of processing

GDPR Article 6(1)(b) — Performance of a contract

Account creation, Customer ID assignment, package handling, invoicing, delivery notifications.

GDPR Article 6(1)(f) — Legitimate interest

IP address and security logs (abuse prevention), session cookie (technical necessity), complaint history (in case of disputes).

GDPR Article 6(1)(c) — Legal obligation

Retention of accounting documents and transactions under accounting and tax laws.

No marketing-purpose data processing (e.g. newsletter) currently takes place. Future introduction would require the Customer's prior consent.

4

Data retention periods

Data categoryRetention period
Registration and account data5 years (after deletion)
Contract and package handling data5 years
Invoices, accounting documents8 years (Accounting Act §169)
Security logs (IP, session)90 days
Complaints and communications5 years
5

Data processors and transfers

Supabase Inc.

USA / EU server

Database storage, user authentication · Legal basis: SCCs (Standard Contractual Clauses) · supabase.com

Cloudflare Inc.

USA

Web hosting, CDN, DDoS protection, DNS · Legal basis: SCCs · cloudflare.com

Google LLC

USA

Web analytics (Google Analytics) · Legal basis: SCCs (Standard Contractual Clauses) · policies.google.com/privacy

Couriers (GLS, DHL, Magyar Posta)

They receive the destination details (name, address, phone) required to deliver the package. They act as independent data controllers during delivery; their privacy notices are available on their respective websites.

Personal data is transferred to authorities only where required by law and upon a request from the competent authority.

6

Your rights as a data subject

Right of access

GDPR Art. 15

You may request information about the data processed about you and obtain a copy.

Right to rectification

GDPR Art. 16

You may request correction or completion of inaccurate data.

Right to erasure

GDPR Art. 17

You may request deletion of your data once the legal basis no longer applies.

Right to restriction

GDPR Art. 18

Processing may be restricted in disputed cases.

Right to object

GDPR Art. 21

You may object to processing based on legitimate interest.

Data portability

GDPR Art. 20

You may receive your data in a machine-readable format (JSON/CSV).

Exercising your rights

Email: [email protected] · Post: 1081 Budapest, Alföld utca 18. 2nd floor, door 47, Hungary
Following identification, the Service Provider responds within 30 days (in justified cases +60 days).

7

Remedies – NAIH

If you believe we are processing your data unlawfully, you may lodge a complaint with:

Hungarian National Authority for Data Protection and Freedom of Information (NAIH)

1055 Budapest, Falk Miksa utca 9-11., Hungary
Postal: 1363 Budapest, P.O. Box 9
Phone: +36 (1) 391-1400
naih.hu

In case of a violation of rights you may also bring the matter before a court; proceedings may be initiated at the regional court competent for your place of residence or stay.

8

Cookies

The Shipify.hu website uses the following cookies:

1. Necessary cookies (technical necessity – no consent required)

These cookies are essential for the basic operation of the website and cannot be disabled.

Cookie nameProviderPurposeExpiry
Session cookieshipify.huMaintain logged-in sessionWhen browser closes
silktideCookieChoice_*shipify.hu (Silktide)Remember the user's cookie preferences1 year

Legal basis: GDPR Article 6(1)(f) — legitimate interest (technical necessity).

2. Analytics cookies (consent required)

These cookies help us understand how visitors use our website. Data is collected anonymously, in aggregated form, via Google Analytics.

Cookie nameProviderPurposeExpiry
_gaGoogle LLCDistinguish unique visitors2 years
_ga_PGJNQ61213Google LLCStore session state2 years

Legal basis: GDPR Article 6(1)(a) — consent of the data subject.

Analytics cookies are set only with the user's explicit consent (Google Consent Mode V2). Consent is given via the cookie banner at the bottom of the page and may be withdrawn at any time by clicking the cookie settings icon (bottom-left corner).

Data transfer

Google Analytics data is processed by Google LLC (USA). Legal basis for transfer: Standard Contractual Clauses (SCCs). Further information: Google Privacy Policy.

We do not use

  • Marketing/advertising cookies
  • Social media cookies
  • Third-party tracking cookies
9

Data security

  • HTTPS encryption for all web communication
  • Passwords hashed using bcrypt (plaintext is never stored)
  • Access control: personal data is accessible only to authorised persons
  • Supabase Row-Level Security (RLS) — database-level isolation
  • Regular backups
  • In case of a data breach: notification of data subjects and NAIH within 72 hours (GDPR Art. 33–34)
10

Effective date and amendments

This notice took effect on 1 January 2025. The Service Provider reserves the right to amend it (in case of legislative changes, new data processors, or changes to processing practices). Customers will be notified of material changes by email at least 15 days in advance. The current notice is always available at shipify.hu/en/privacy.

Effective from: 1 January 2025 · Issued by: Papasvili György Armen, sole proprietor · [email protected]