Privacy Policy (GDPR Compliance)

Privacy Policy (GDPR Compliance)

Data Controller

Name: Katalin Engler – sole trader
Address: 5 Csíksomlyó Street, Building 4, Apartment 23, 1048 Budapest, Hungary
Email: home@dotandpaint.com
Website: https://dotandpaint.com/en

Hosting Provider

Websupport Magyarország Kft. – https://www.mhosting.hu/

Data We Collect

  • For orders: name, billing/shipping address, phone number, email address, and payment details (processed via Stripe).
  • For newsletters: email address (stored in Mailchimp, not on WordPress).
  • For abandoned cart reminders: email address (via FunnelKit plugin).

Purpose and Legal Basis

  • Order fulfillment: contract performance
  • Newsletter subscriptions: consent
  • Abandoned cart follow-up: consent or legitimate interest (depending on implementation)
  • Post-purchase review request emails: legitimate interest

POST-PURCHASE REVIEW REQUEST

Following a purchase, we may send a one-time email approximately 7 days after order fulfillment to request a product review.

This email is not marketing in nature and is sent solely for the purpose of collecting customer feedback and improving our services.

Legal basis: legitimate interest
Data processed: name, email address, purchase details
Retention period: for a short period following the purchase, until the email is sent

You have the right to object to such processing at any time by contacting us or replying to the email.

Emails may be sent using Mailchimp, which acts as a data processor.

Data Retention

  • Order data: stored for 8 years (as required by accounting and tax laws).
  • Newsletter data: stored until you unsubscribe or withdraw consent.
  • Abandoned cart data: automatically deleted after 14 days.

Data Sharing

We share personal data only with:

  • Mailchimp (email communication, including newsletters and post-purchase review requests)
  • MPL, Packeta (shipping)
  • Stripe (payment processing)

All third parties comply with GDPR or equivalent data protection standards.

THIRD-PARTY SERVICES

Google Web Fonts: This website uses web fonts to ensure consistent display of text. When fonts are loaded from external servers (e.g. Google), your browser may connect to these servers and transmit your IP address.

Microsoft Clarity: We use Microsoft Clarity to understand how visitors interact with our website through heatmaps and session recordings. This helps us improve user experience.

Clarity collects data such as page interactions, clicks, and navigation behavior. This processing is based on your consent, which can be given via our cookie banner.

Microsoft Clarity may process data outside the European Economic Area with appropriate safeguards in place.

YouTube Videos: We embed videos from YouTube. When you play these videos, YouTube may set cookies and collect information about your interaction with the content.

These cookies are only activated with your consent via the cookie banner.

YouTube may process data outside the European Economic Area with appropriate safeguards in place.

These services are only activated based on your consent provided via the cookie banner.

Your Rights

Under the GDPR, you have the right to:

  • Withdraw consent at any time
  • Access, rectify, or erase your personal data
  • Restrict or object to processing
  • Data portability (receive and transfer your data)
  • Lodge a complaint with a supervisory authority

In Hungary, the relevant authority is:
National Authority for Data Protection and Freedom of Information (NAIH)
Website: https://www.naih.hu

To exercise your rights, contact us at home@dotandpaint.com. We respond within 30 days.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or significant effects concerning you.

Cookies & Tracking

Our website uses cookies for essential functions, analytics, and marketing. You can manage cookies in your browser or through our cookie banner. For more information, see our Cookie Policy.

International Data Transfers

Where data is transferred outside the EU/EEA (e.g. to Mailchimp or Stripe), such transfers are based on adequacy decisions or standard contractual clauses in line with GDPR requirements.

Updates to This Notice

We may update this Privacy Notice from time to time. Continued use of our website after updates constitutes acceptance of the new version