Privacy Policy
Privacy policy of the Eco-Office.hu website and services, compliant with EU Regulation 2016/679 (GDPR) and Hungarian data protection laws.
Effective: January 30, 2025Data Controller Information
1Scope of this Policy
This policy covers all data processing activities on the Eco-Office.hu website and related services, including:
- Coworking space usageDesk booking, office rental, common area usage
- Digital access24/7 self-service access provision
- Online booking and paymentTransactions through web interface
- Newsletter and contactMarketing communication and customer service
2Definitions
| Personal data | Any information relating to the data subject (e.g., name, email, phone number) |
|---|---|
| Data processing | Any operation performed on personal data (collection, storage, use, deletion) |
| Data processor | Entity that processes personal data on behalf of the data controller |
| Data subject | The natural person whose data is being processed |
| Consent | Freely given, specific, informed, and unambiguous indication of the data subject's wishes |
3Registration and Account Management
| Data processed | Full name, email address, phone number, password (encrypted), billing information |
|---|---|
| Purpose | User account creation, service provision, digital access |
| Legal basis | GDPR Art. 6(1)(b) – contract performance |
| Retention period | Until account deletion; billing data: 8 years |
4Booking and Rental
| Data processed | Name, email, phone number, booking time, payment details, access ID |
|---|---|
| Purpose | Desk/office booking, digital access, invoicing, shareable pass management |
| Legal basis | GDPR Art. 6(1)(b) – contract performance |
| Retention period | 5 years from contract termination; billing data: 8 years |
5Contact and Newsletter
Contact Form
| Data processed | Name, email address, message content |
|---|---|
| Purpose | Responding to inquiries, customer service |
| Legal basis | GDPR Art. 6(1)(a) – consent |
| Retention period | 2 years from case closure |
Newsletter
| Data processed | Name, email address |
|---|---|
| Purpose | Sending newsletters, promotions, updates |
| Legal basis | GDPR Art. 6(1)(a) – voluntary consent |
| Retention period | Until consent withdrawal (unsubscription) |
You can unsubscribe from the newsletter at any time by clicking the link at the bottom of the email or by sending a request to ecoofficebudapest@gmail.com.
6Invoicing
| Data processed | Name, address, tax number (if applicable), purchase details |
|---|---|
| Purpose | Issuing invoices in compliance with legal requirements |
| Legal basis | GDPR Art. 6(1)(c) – legal obligation (Hungarian Act CXXVII of 2007) |
| Retention period | 8 years |
7Cookies
The website uses cookies to improve user experience and for statistical purposes.
| Strictly necessary | Website operation, session – Legitimate interest – Until session end |
|---|---|
| Analytical | Visitor statistics – Consent – 2 years |
| Marketing | Personalized advertising – Consent – 1 year |
You can delete or disable cookies in your browser settings at any time. On your first visit, the cookie banner allows you to select which categories to allow.
8Data Transfer and Processors
The Data Controller uses the following data processors:
| Firebase (Google) | Hosting, database, authentication – USA (EU-U.S. Data Privacy Framework) |
|---|---|
| Stripe / SimplePay | Online payment processing – USA / Hungary |
| Számlázz.hu / Billingo | Invoicing – Hungary |
| Mailchimp / Brevo | Newsletter delivery – USA / EU (with appropriate safeguards) |
Data is transferred to third countries (outside EEA) only with appropriate safeguards (Standard Contractual Clauses, Privacy Framework).
9Data Security
We implement appropriate technical and organizational measures to protect personal data:
- Encrypted data transferHTTPS/TLS protocol for all connections
- Password hashingUsing bcrypt or similar strong algorithms
- Access restrictionRole-based access control (RBAC)
- Regular backupsProtection against data loss
10Your Rights
Under GDPR, you have the following rights:
- Right of access (GDPR Art. 15)You have the right to obtain information about whether your personal data is being processed and to access that data.
- Right to rectification (GDPR Art. 16)You can request correction of inaccurate data or completion of incomplete data.
- Right to erasure – "right to be forgotten" (GDPR Art. 17)You can request deletion of your personal data if processing purpose has ended, you withdraw consent, or processing is unlawful.
- Right to restriction of processing (GDPR Art. 18)You can request restriction of processing if you contest data accuracy or request restriction instead of deletion.
- Right to data portability (GDPR Art. 20)You have the right to receive your data in a machine-readable format and transfer it to another controller.
- Right to object (GDPR Art. 21)You can object to processing based on legitimate interest. You can always object to direct marketing without justification.
- Withdrawal of consentYou can withdraw your consent at any time. Withdrawal does not affect the lawfulness of prior processing.
11Legal Remedies
Direct Contact
You can exercise your rights via email (ecoofficebudapest@gmail.com) or postal mail. We will respond to your request within 30 days.
National Authority for Data Protection and Freedom of Information (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9-11.
Phone: +36 1 391 1400
Email: ugyfelszolgalat@naih.hu
Website: https://naih.hu
Judicial Remedy
In case of violation of your personal rights, you may seek judicial remedy. The case may be brought before the court of your place of residence.
12Automated Decision-Making
The Data Controller does not use automated decision-making or profiling that would have legal effects on the data subject.
13Policy Amendments
The Data Controller reserves the right to unilaterally amend this policy. Users will be notified of changes on the website. The amended policy takes effect upon publication.
Last updated: January 30, 2025