Skip to main content Scroll Top
Instagram
0
Basket
  • No products in the basket.

PRIVACY POLICY

Audrey Leather Goods

Effective Date: 1 June 2026

  1. DATA CONTROLLER INFORMATION

This Privacy Policy describes how Audrey Leather Goods collects, uses, stores, shares and protects personal data in connection with the operation of its website and the sale of its products.

The data controller responsible for the processing of personal data is:

Adrienn Tálosi Sole Proprietor
Trading as: Audrey Leather Goods

Registered Address:
39 Petőfi street
8749 Zalakaros
Hungary

Registration Number: 55263207

Tax Number: 56215496-1-40

Email: info@audreyleathergoods.com

Telephone: +36 30 972 6966

Website: https://www.audreyleathergoods.hu

(hereinafter referred to as the “Data Controller”)

  1. PURPOSE AND SCOPE OF THIS PRIVACY POLICY

The purpose of this Privacy Policy is to provide information regarding:

  • the categories of personal data processed;
  • the purposes of processing;
  • the legal bases relied upon;
  • the retention periods applied;
  • the recipients of personal data;
  • the rights available to data subjects;
  • the measures implemented to protect personal data.

This Privacy Policy applies to all visitors, customers and users of the Website operated by Audrey Leather Goods.

The Data Controller processes personal data in accordance with:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR);
  • applicable Hungarian data protection legislation;
  • consumer protection legislation;
  • electronic commerce legislation;
  • and other applicable European Union and national laws.

The Data Controller is committed to ensuring that all personal data is processed lawfully, fairly and transparently.

  1. DATA PROCESSING PRINCIPLES

The Data Controller processes personal data in accordance with the principles set out in Article 5 GDPR.

Personal data shall be:

Lawfully, Fairly and Transparently Processed

Personal data is processed only where a valid legal basis exists and in a manner that is transparent to the data subject.

Collected for Specified Purposes

Personal data is collected only for legitimate, explicit and specified purposes and is not further processed in a manner incompatible with those purposes.

Limited to What Is Necessary

Only personal data that is adequate, relevant and necessary for the intended purpose is processed.

Accurate and Kept Up to Date

Reasonable measures are taken to ensure that inaccurate personal data is corrected or deleted without undue delay.

Stored Only for as Long as Necessary

Personal data is retained only for the period required to fulfil the purposes for which it was collected or to comply with legal obligations.

Protected by Appropriate Security Measures

The Data Controller implements appropriate technical and organisational measures to protect personal data against:

  • unauthorised access;
  • accidental loss;
  • destruction;
  • alteration;
  • disclosure;
  • misuse.
  1. LEGAL BASES FOR PROCESSING

The Data Controller processes personal data only where at least one lawful basis under Article 6 GDPR applies.

4.1 Performance of a Contract

Article 6(1)(b) GDPR

Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject before entering into a contract.

Examples include:

  • processing online orders;
  • arranging delivery of purchased products;
  • customer communication relating to an order;
  • processing payments;
  • handling returns and warranty claims.

4.2 Compliance with Legal Obligations

Article 6(1)(c) GDPR

Processing may be necessary to comply with legal obligations imposed on the Data Controller.

Examples include:

  • issuing invoices;
  • maintaining accounting records;
  • complying with tax regulations;
  • responding to consumer protection requests;
  • fulfilling legal reporting obligations.

4.3 Consent

Article 6(1)(a) GDPR

Where required by law, personal data is processed only with the data subject’s freely given, specific, informed and unambiguous consent.

Examples include:

  • activation of analytics cookies;
  • activation of marketing cookies;
  • operation of Meta Pixel technologies;
  • other optional website functions requiring consent.

Data subjects may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

4.4 Legitimate Interests

Article 6(1)(f) GDPR

The Data Controller may process personal data where necessary for legitimate business interests, provided that such interests do not override the rights and freedoms of data subjects.

Examples include:

  • prevention of fraud and abuse;
  • website security;
  • protection of legal claims;
  • system administration;
  • business continuity and operational security.
  1. CATEGORIES OF PERSONAL DATA PROCESSED

5.1 Contact Requests and Customer Enquiries

Purpose of Processing

  • responding to enquiries;
  • providing information;
  • preparing quotations;
  • maintaining communication with prospective customers.

Categories of Data

  • name;
  • email address;
  • telephone number;
  • contents of the message;
  • any other information voluntarily provided by the individual.

Legal Basis

  • Article 6(1)(b) GDPR (pre-contractual steps requested by the data subject);
  • Article 6(1)(a) GDPR where consent is applicable.

Retention Period

Personal data related to enquiries is generally retained for a maximum period of one (1) year from the last communication unless a contractual relationship is established.

5.2 Online Orders and Purchases

Purpose of Processing

  • processing orders;
  • concluding and performing contracts;
  • customer communication;
  • delivery of products;
  • invoicing;
  • handling returns, complaints and warranty claims.

Categories of Data

  • full name;
  • billing address;
  • shipping address;
  • email address;
  • telephone number;
  • order details;
  • transaction information.

Legal Basis

  • Article 6(1)(b) GDPR (performance of a contract);
  • applicable Hungarian civil and electronic commerce legislation.

Retention Period

Personal data related to orders is retained for as long as necessary to fulfil contractual obligations and to comply with applicable accounting, tax and consumer protection requirements.

Where accounting documents are involved, retention periods may extend up to eight (8) years as required by Hungarian law.

5.3 Invoicing and Accounting Records

Purpose of Processing

  • issuing invoices;
  • complying with accounting obligations;
  • complying with tax legislation.

Categories of Data

  • name;
  • billing address;
  • tax identification number (where applicable);
  • purchase information;
  • invoice data.

Legal Basis

  • Article 6(1)(c) GDPR (legal obligation);
  • applicable accounting and tax legislation.

Retention Period

Accounting documents and related personal data are retained for eight (8) years or for such longer period as may be required by applicable law.

5.4 Customer Account Registration

Purpose of Processing

The purpose of processing personal data in connection with customer account registration is:

  • creating and maintaining customer accounts;
  • facilitating future purchases;
  • storing order history;
  • providing account-related services;
  • improving customer experience.

Categories of Data

The following personal data may be processed:

  • name;
  • email address;
  • billing and shipping information;
  • account credentials;
  • order history;
  • account preferences.

Legal Basis

Article 6(1)(b) GDPR – processing necessary for the performance of a contract and the provision of customer account services.

Retention Period

Personal data associated with a customer account shall be retained for as long as the account remains active.

Upon deletion of the account, personal data shall be deleted or anonymised unless retention is required by applicable law, including accounting, tax or consumer protection obligations.

 

  1. COMPLAINT HANDLING

Purpose of Processing

The Data Controller processes personal data in connection with customer complaints in order to:

  • investigate and respond to complaints;
  • comply with consumer protection legislation;
  • maintain records required by law;
  • protect legal rights and interests.

Categories of Personal Data

The following personal data may be processed:

  • name;
  • email address;
  • telephone number;
  • order information;
  • details of the complaint;
  • correspondence relating to the complaint.

Legal Basis

Article 6(1)(c) GDPR – compliance with a legal obligation.

Article 6(1)(f) GDPR – legitimate interest in establishing, exercising or defending legal claims.

Retention Period

Complaint records and related documentation are retained for five (5) years or for any longer period required by applicable law.

  1. DATA PROCESSORS AND THIRD-PARTY RECIPIENTS

The Data Controller may engage trusted third-party service providers (“Data Processors”) who process personal data on behalf of the Data Controller and only in accordance with documented instructions.

The Data Controller ensures that all Data Processors provide appropriate guarantees regarding data security and GDPR compliance.

7.1 Website Hosting Provider

Evolutionet Kft.

Registered Office:

Széchenyi utca 75.
7342 Mágocs
Hungary

Services Provided:

  • website hosting;
  • server infrastructure;
  • technical maintenance.

The hosting provider may process personal data to the extent necessary for operating and securing the Website.

7.2 Payment Service Provider – Barion

Barion Payment Zrt.

Registered Office:

1117 Budapest
Irinyi József utca 4–20
Hungary

Services Provided:

  • online card payment processing;
  • payment authorization;
  • fraud prevention measures.

The Data Controller does not receive or store full payment card information.

Payment data is processed directly by Barion in accordance with its own Privacy Policy.

Additional information:

https://www.barion.com

7.3 Bank Transfer Payments (Wise)

Customers may choose to pay via bank transfer.

Where a payment is made through Wise or via a banking institution connected to Wise services, the relevant financial institution acts as an independent data controller regarding payment processing activities.

The Data Controller processes only those payment details necessary to identify and reconcile incoming payments.

7.4 Shipping Provider

Packeta Hungary Kft.

Services Provided:

  • parcel delivery;
  • parcel point services;
  • parcel locker services;
  • international logistics services.

For delivery purposes, the following information may be shared:

  • recipient name;
  • delivery address;
  • email address;
  • telephone number;
  • shipment information.

Only data strictly necessary for delivery is disclosed.

7.5 Accounting Service Provider

The Data Controller uses external accounting services to comply with accounting and taxation obligations.

The accounting service provider receives only such personal data as is necessary for:

  • bookkeeping;
  • tax compliance;
  • financial record keeping;
  • statutory reporting.

7.6 WooCommerce

The Website uses WooCommerce, an e-commerce platform that enables the operation of the online store.

WooCommerce may process personal data necessary for:

  • order management;
  • customer account administration;
  • checkout processes;
  • product purchases;
  • order history management.

Service Provider:

Automattic Inc.

60 29th Street #343
San Francisco, CA 94110
United States

Additional information:

https://automattic.com/privacy

7.7 Elementor

The Website is built and maintained using Elementor website builder technology.

Elementor may process technical information necessary for:

  • website functionality;
  • page rendering;
  • form operation;
  • website administration.

Service Provider:

Elementor Ltd.

Tuval St 40
Ramat Gan 5252247
Israel

Additional information:

https://elementor.com/about/privacy

7.8 WordPress

The Website operates on the WordPress content management system.

WordPress may process technical data required for:

  • website administration;
  • security functions;
  • user authentication;
  • website operation.

Additional information:

https://wordpress.org/about/privacy

.6 Invoicing System

The Data Controller issues invoices using the invoicing system provided by the Hungarian National Tax and Customs Administration (NAV).

Service Provider

National Tax and Customs Administration of Hungary (NAV)

Head Office:

1054 Budapest
Széchenyi utca 2.
Hungary

Website:

https://nav.gov.hu

Purpose of Processing

  • issuing invoices;
  • compliance with accounting and tax obligations;
  • fulfilment of statutory reporting requirements.

Categories of Data Processed

  • customer name;
  • billing address;
  • tax number (where applicable);
  • invoice details;
  • purchase information.

Legal Basis

Article 6(1)(c) GDPR – compliance with a legal obligation.

Retention Period

Invoice data is retained for the period required by applicable accounting and tax legislation, currently eight (8) years.

  1. COOKIES AND TRACKING TECHNOLOGIES

The Website uses cookies and similar technologies to ensure proper operation, improve user experience, analyse website traffic and measure marketing effectiveness.

Cookies are small text files stored on a user’s device by the web browser.

8.1 Strictly Necessary Cookies

These cookies are essential for the operation and security of the Website.

Examples include:

  • shopping cart functionality;
  • security functions;
  • user session management;
  • website performance functions.

Legal Basis

Article 6(1)(f) GDPR

Legitimate interest in providing a secure and functional website.

Because these cookies are essential, they do not require prior consent.

8.2 Analytics Cookies (Google Analytics)

The Website uses Google Analytics to understand how visitors interact with the Website.

Service Provider

Google Ireland Limited

Gordon House
Barrow Street
Dublin 4
Ireland

Google Analytics may collect information including:

  • number of visitors;
  • pages visited;
  • duration of visits;
  • device information;
  • browser information;
  • approximate geographic location;
  • user interactions.

Legal Basis

Article 6(1)(a) GDPR – consent.

Google Analytics cookies are activated only after the visitor has provided consent through the cookie consent mechanism.

Additional information:

https://policies.google.com/privacy

8.3 Marketing Cookies (Meta Pixel)

The Website uses Meta Pixel technology.

Service Provider

Meta Platforms Ireland Limited

4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland

Meta Pixel may be used to:

  • measure advertising effectiveness;
  • analyse user actions on the Website;
  • create remarketing audiences;
  • improve advertising campaigns.

Legal Basis

Article 6(1)(a) GDPR – consent.

Meta Pixel is activated only after the visitor has granted consent through the cookie banner.

Additional information:

https://www.facebook.com/privacy/policy

8.4 Cookie Consent Management

Visitors may accept, reject or customize cookie preferences through the Website’s cookie management interface.

Consent may be withdrawn or modified at any time.

Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

  1. INTERNATIONAL DATA TRANSFERS

Certain service providers used by the Data Controller may process personal data outside the European Economic Area (“EEA”).

Where personal data is transferred internationally, the Data Controller ensures that appropriate safeguards are implemented in accordance with Chapter V GDPR.

Such safeguards may include:

  • adequacy decisions issued by the European Commission;
  • Standard Contractual Clauses (SCCs);
  • other legally recognised transfer mechanisms.

International transfers may occur in connection with:

  • website analytics services;
  • advertising services;
  • payment processing;
  • international order fulfilment and shipping.

The Data Controller takes reasonable steps to ensure that personal data remains adequately protected regardless of where it is processed.

  1. RIGHTS OF DATA SUBJECTS

Under the GDPR, individuals have the following rights regarding their personal data.

Right of Access

Data subjects may request confirmation as to whether personal data is being processed and obtain access to such data.

Right to Rectification

Data subjects may request correction of inaccurate or incomplete personal data.

Right to Erasure (“Right to be Forgotten”)

Data subjects may request deletion of personal data where applicable legal requirements are met.

Right to Restriction of Processing

Data subjects may request restriction of processing in circumstances provided for by Article 18 GDPR.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, data subjects may request transfer of their data in a structured, commonly used and machine-readable format.

Right to Object

Data subjects may object to processing based on legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, consent may be withdrawn at any time.

Withdrawal does not affect processing carried out before the withdrawal.

Response Time

The Data Controller shall respond to requests without undue delay and no later than one (1) month after receipt of the request, unless a longer period is permitted by law.

  1. DATA SECURITY

The Data Controller implements appropriate technical and organisational measures to ensure a level of security appropriate to the risks associated with the processing of personal data.

Such measures are designed to protect personal data against:

  • unauthorised access;
  • unlawful processing;
  • accidental loss;
  • destruction;
  • damage;
  • alteration;
  • disclosure.

The security measures implemented may include:

  • secure website hosting infrastructure;
  • access control mechanisms;
  • password protection;
  • software updates and security monitoring;
  • restricted access to personal data;
  • data backup procedures where appropriate.

Despite all reasonable efforts, no method of electronic transmission or storage can be guaranteed to be completely secure.

Accordingly, the Data Controller cannot guarantee absolute security but undertakes to apply industry-standard safeguards and continuously improve data protection measures where necessary.

In the event of a personal data breach likely to result in a risk to the rights and freedoms of individuals, the Data Controller shall comply with all applicable GDPR notification obligations.

  1. SUPERVISORY AUTHORITY AND LEGAL REMEDIES

Individuals who believe that their personal data has been processed unlawfully have the right to lodge a complaint with a supervisory authority.

In Hungary, the competent supervisory authority is:

National Authority for Data Protection and Freedom of Information (NAIH)

Address:

Falk Miksa utca 9–11.
1055 Budapest
Hungary

Postal Address:

1363 Budapest, Pf. 9.
Hungary

Website:

https://www.naih.hu

Email:

ugyfelszolgalat@naih.hu

Telephone:

+36 1 391 1400

Judicial Remedies

Without prejudice to any administrative remedy, data subjects also have the right to seek judicial remedies before a competent court if they believe that their rights under applicable data protection legislation have been infringed.

Proceedings may generally be initiated before:

  • the competent Hungarian courts; or
  • the courts of the data subject’s habitual residence where applicable under European Union law.
  1. CHANGES TO THIS PRIVACY POLICY

The Data Controller reserves the right to amend, update or modify this Privacy Policy at any time in order to:

  • reflect changes in legal requirements;
  • reflect changes in business operations;
  • introduce new services or technologies;
  • improve transparency and compliance.

The most current version of this Privacy Policy shall always be available on the Website.

Material changes may be highlighted on the Website where appropriate.

Any modifications become effective upon publication unless otherwise stated.

  1. CONTACT INFORMATION

Questions, requests or complaints relating to the processing of personal data may be submitted using the following contact details:

Adrienn Tálosi Sole Proprietor
Audrey Leather Goods

Address:

39 Petőfi street
8749 Zalakaros
Hungary

Email: info@audreyleathergoods.com

Telephone: +36 30 972 6966

Website: https://www.audreyleathergoods.hu

Requests concerning personal data should include sufficient information to enable identification of the requester and the processing activity concerned.

The Data Controller may request additional information where necessary to verify the identity of the requesting individual before responding to a request.

  1. EFFECTIVE DATE

This Privacy Policy enters into force on:

1 June 2026

This Privacy Policy applies to all processing activities carried out by Audrey Leather Goods through the Website and in connection with the sale and delivery of products.

By using the Website and providing personal data, individuals acknowledge that they have read and understood this Privacy Policy.

Audrey Leather Goods

Privacy Policy – Version 1.0

Effective Date: 1 June 2026

Website: https://www.audreyleathergoods.hu

Data Controller: Adrienn Tálosi Sole Proprietor

 

 

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Policy
You have read and agreed to our privacy policy
Required