Privacy policy

Privacy Policy

Effective Date: June 1, 2025

Covad Hungary Kft. (hereinafter: Data Controller), as the operator of the
www.frankcalm.com,
webshops, considers the protection of its users' personal data to be of utmost importance.

The purpose of this Privacy Policy is to clearly explain what personal data we collect, manage, and process, for what purpose and on what legal basis the data processing takes place, how long we retain the data, and what rights and legal remedies you have regarding data processing.

1. Details of the Data Controller

Company Name: E-CH CAPITAL CONSULTING Kft.
Registered Office: 1121 Budapest, Zugligeti út 69. Building 1, 1st Floor
Company Registration Number: 01-09-322797
Tax Number: 26298625-2-43
Email Address: info@frankcalm.com

2. Scope of Processed Personal Data, Purpose, and Legal Basis

2.1. Data processed for the performance of a contract

Processed data:

  • name
  • shipping address
  • billing address
  • email address
  • phone number

Purpose of data processing:

  • processing orders,
  • delivery of products,
  • invoicing,
  • communicating with the Customer.

Legal basis for data processing:
Performance of a contract – GDPR Article 6(1)(b).

2.2. Data processed to fulfill legal obligations

Processed data:

  • billing details (name, address, tax number)

Purpose of data processing:

  • compliance with accounting and tax legislation.

Legal basis for data processing:
Compliance with a legal obligation – GDPR Article 6(1)(c).

2.3. Data processed based on consent (e.g., for marketing purposes)

Processed data:

  • name
  • email address (e.g., in case of newsletter subscription)

Purpose of data processing:

  • sending commercial offers,
  • promotions, and newsletters.

Legal basis for data processing:
The explicit consent of the data subject – GDPR Article 6(1)(a).

3. Data Processors

To ensure the proper provision of services, the Data Controller uses the following data processors, to whom personal data may be transferred:

  • Hosting provider: Shopify Inc.
  • Courier services: DHL, FedEx
  • Online payment providers: Shopify payments
  • Invoicing system: Számlázz.hu

The data processors process the data exclusively based on the instructions of the Data Controller and in accordance with the applicable laws.

4. Duration of Data Processing

  • Data related to the performance of the contract is retained in accordance with the civil law statute of limitations (for 5 years).
  • Accounting documents are retained for 8 years based on the relevant legislation.
  • Data based on consent is processed until the consent is withdrawn.

5. Rights of Data Subjects

You have the right to:

  • request information about the processing of your personal data,
  • request access to your processed data,
  • request the rectification, erasure, or restriction of the processing of your data,
  • object to the data processing,
  • withdraw your consent at any time (this does not affect the lawfulness of processing based on consent before its withdrawal).

If you believe that the processing of your personal data violates the law, you can file a complaint with the
Hungarian National Authority for Data Protection and Freedom of Information (NAIH).

6. Cookie Management and Processing of Technical Data

During the operation of the webshop, the Data Controller uses so-called cookies, which are small text files stored in the user's browser. Cookies help tailor the website to user needs and facilitate its use.

6.1. Types of cookies used:

  • Necessary cookies: Essential for website navigation, security, and basic functions (e.g., keeping products in the cart while browsing). Without these cookies, the website cannot function properly.
  • Performance and analytics cookies: Collect device and access data in an anonymous or pseudonymized manner to improve the website and understand user interests.
  • Marketing cookies (e.g., Google Ads): Allow advertising partners to collect data about the user's device and browsing habits. This ensures that personalized, relevant advertisements appear on other websites (retargeting).

6.2. User account and personalization

By creating a user account, the Data Controller centrally stores the provided personal data and data of previous orders. The data is linked to a randomly generated customer identification number (CustomerID), which also acts as a pseudonym (pseudonymization) to enhance security.

The data stored in the account and browsing habits may be used to personalize services, ensuring that the most relevant products and offers are displayed to the user in the webshop.

6.3. Choices and opt-out

  • Cookie settings: Accepting marketing cookies is not a condition for visiting the website. The user can disable cookies or delete existing ones at any time in their browser settings.
  • Disabling advertisements: Google's personalized ads can also be managed or turned off on Google's own platforms.
  • Account deletion: The user account will be deleted upon the user's request, or after 5 years of inactivity.