Monday – Wednesday: 11:00–19:00 Thursday – Saturday: 11:00–20:00 Sunday: 11:00–17:00

Privacy Policy

This Privacy Policy describes how Poppy & Partners Kft. (“we”, “us”, or “Data Controller”) processes personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

This policy applies when you contact us via contact forms, telephone, or email, or when you otherwise interact with us in relation to our services. The purpose of our processing is to enable us to respond to enquiries, provide customer service, and manage potential or existing customer relationships.

This Privacy Policy provides information about:

  • Key definitions under data protection law
  • The identity and contact details of the Data Controller
  • Legal bases for processing personal data
  • Purposes of processing
  • Categories of personal data processed
  • Data collection and limitation principles
  • Retention periods
  • Data subject rights

Definitions

Data Controller
The Data Controller is the natural or legal person which determines the purposes and means of processing personal data, alone or jointly with others.

Personal Data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

Processing
Processing means any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.

Data Controller

Poppy & Partners Kft. (VAT no. HU32819230) is the Data Controller responsible for the processing of personal data described in this policy.

Contact details:
Poppy & Partners Kft.
Contact person: Sofia Andreasson
Address: Akácfa utca 25. 1. em 5. ajtó
1072 Budapest, Hungary
Phone: +36 70 721 66 27
Email: info@poppyandpartners.com

Contact regarding data protection

If you have any questions regarding this Privacy Policy or the processing of your personal data, or if you wish to exercise your rights, you may contact the person listed above.

Legal basis and purpose for processing

We process personal data on the following legal bases under Article 6 of the GDPR:

  • Legitimate Interests (Article 6(1)(f))
    When you contact us via form, email, or telephone, we process your personal data to respond to your enquiry and provide customer support.
  • Contractual Necessity / Pre-Contractual Measures (Article 6(1)(b))
    When you apply to become a customer, we process your personal data as necessary to evaluate your request, communicate with you, and potentially enter into and manage a customer agreement.

We process personal data for the following purposes:

  • To manage customer relationships and related administration, including customer accounts or service cards where applicable
  • To receive and respond to enquiries
  • To provide information about our services
  • To support customers in selecting appropriate services
  • To handle customer applications

Categories of personal data

We only collect and process personal data that is necessary and relevant for the purposes described above. This may include:

  • Name
  • Email address
  • Telephone number
  • Information provided in contact forms (e.g. messages and enquiries)
  • Information required for customer administration (e.g. customer ID or similar identifiers)
  • Correspondence between you and us, including email communication and call notes

Retention of personal data

Personal data submitted via contact forms is retained for up to 90 days, after which it is deleted or anonymised unless further retention is required due to an ongoing matter or legal obligation.

Personal data related to customer relationships is retained for as long as the customer relationship is active. Upon termination of the relationship, data is deleted or anonymised within a reasonable period, unless longer retention is required by applicable law, such as accounting legislation.

Data subject rights

Under the GDPR, you have the following rights:

Right of access
You have the right to obtain confirmation as to whether we process your personal data and, where applicable, access to that data.

Right to rectification
You have the right to request correction of inaccurate or incomplete personal data.

Right to erasure (“right to be forgotten”)
You may request deletion of your personal data under certain conditions, for example where the data is no longer necessary or where processing is unlawful.

Right to restriction of processing
You may request that processing of your personal data be restricted in certain circumstances.

Right to object
You may object to processing based on legitimate interests. You always have the right to object to the use of your personal data for direct marketing purposes.

Right to data portability
Where applicable, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to lodge a complaint
You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten) if you believe that our processing of your personal data violates applicable data protection laws.