Privacy Policy

Effective date: 19 June 2026

Last updated: 19 June 2026

The purpose of this Privacy Policy is to provide information on how Budapest Magazines Kiadó Kft. processes personal data provided during the use of the website https://eredeti-sudoku.hu and in connection with orders placed through the website.

Budapest Magazines Kiadó Kft. is committed to protecting personal data and carries out data processing in accordance with applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council, i.e. the General Data Protection Regulation (GDPR), as well as Hungarian data protection laws.

1. Details of the data controller

  • Name of data controller: Budapest Magazines Kiadó Kft.
  • Registered office: 1088 Budapest, Bródy Sándor u. 9.
  • Company registration number: 01-09-264803
  • Tax number: 10849631-2-42
  • Contact: [email protected]

In this Privacy Policy, the data controller is hereinafter referred to as the Data Controller.

2. Categories of personal data processed

During the ordering process on the website, the Data Controller may process the following personal data:

  • name,
  • e-mail address,
  • delivery address,
  • billing address,
  • in the case of payment as a company, company name and tax number,
  • order identifier,
  • data relating to the ordered publication and subscription,
  • payment-related data, in particular the fact and date of receipt of payment,
  • data required for invoicing,
  • data provided during communication, complaint handling or customer service inquiries,
  • in the case of consent for marketing purposes, the fact and date of consent and the e-mail address concerned by the consent.

The Data Controller does not process bank card data, as the website does not process bank card payments or any other online payments.

3. Purposes and legal bases of data processing

3.1. Receiving and fulfilling orders. The purpose of data processing is to manage orders placed on the website, keep records of the subscription, identify payments, and deliver the ordered publications. Data processed: name, e-mail address, delivery address, billing address, order identifier, data relating to the ordered publication, data relating to the receipt of payment. Legal basis: Article 6(1)(b) GDPR, i.e. the performance of a contract or taking steps prior to entering into a contract.

3.2. Invoicing and compliance with accounting obligations. The purpose of data processing is to issue and send invoices and to retain accounting documents as required by law. Data processed: name, billing address, company name, tax number, order and payment data, invoice data. Legal basis: Article 6(1)(c) GDPR, i.e. compliance with a legal obligation to which the Data Controller is subject.

3.3. Communication related to the order. The purpose of data processing is to inform the Customer about the status of the order, payment, the start of fulfilment, expected delivery, and to handle other customer service matters related to the order. Data processed: name, e-mail address, order identifier, order data, content of the inquiry. Legal basis: Article 6(1)(b) GDPR, i.e. performance of a contract.

3.4. Complaint handling and handling of legal claims. The purpose of data processing is to handle customer complaints, objections, disputes and possible legal claims. Data processed: name, e-mail address, order identifier, order data, content of the complaint or inquiry, and the response given. Legal basis: Article 6(1)(c) GDPR where complaint handling is required by law, and Article 6(1)(f) GDPR, i.e. the legitimate interest of the Data Controller in establishing, exercising or defending legal claims.

3.5. Marketing communications. The Data Controller sends electronic marketing communications — including in particular newsletters, promotional offers, and advertising information about new publications or subscription options — only if the data subject has given separate, prior, clear and express consent. Providing consent for marketing purposes is not a condition for placing an order. Data processed: name, e-mail address, fact and date of consent. Legal basis: Article 6(1)(a) GDPR, i.e. the consent of the data subject. Consent may be withdrawn at any time, free of charge and without giving reasons, through the unsubscribe option included in marketing e-mails. Withdrawal of consent does not affect the lawfulness of data processing carried out before the withdrawal.

4. Data retention periods

The Data Controller processes personal data only for as long as necessary, or until the end of the retention period required by law.

Retention periods related to each data processing purpose:

  • Data related to order fulfilment: until the contract has been fulfilled, and until the end of the limitation period for any potential claims.
  • Invoicing and accounting data: for the retention period prescribed by applicable accounting and tax laws.
  • Communication data: until the relevant matter is closed, or for as long as data processing remains necessary in connection with the order.
  • Data related to complaint handling: for the period prescribed by applicable laws after the complaint has been closed.
  • Data processed for marketing purposes: until consent is withdrawn.

If the purpose of data processing ceases to exist, or the legal basis for data processing no longer applies, the Data Controller shall delete the personal data, unless further retention is required by law or justified by the enforcement of legal claims.

5. Persons having access to the data and data processors

Personal data may be accessed by employees or contractors of the Data Controller who need access to the data for the purpose of fulfilling orders, invoicing, delivery, customer service communication or compliance with legal obligations.

In providing the service, the Data Controller may use data processors, in particular in the following areas:

  • hosting services,
  • website operation and technical maintenance,
  • accounting and invoicing,
  • postal delivery,
  • e-mail sending and communication,
  • newsletter sending, if the data subject has consented to it,
  • web analytics, if the website uses analytics services.

Data processors may process personal data only in accordance with the instructions of the Data Controller and in compliance with applicable laws.

6. Data transfers

The Data Controller transfers personal data to third parties only if this is necessary for fulfilling the order, complying with legal obligations, enforcing legal claims, or for data processing based on the data subject's consent.

For delivery purposes, delivery data may be transferred to the service provider carrying out postal delivery.

The Data Controller's accountant or invoicing service provider may have access to invoicing and accounting data.

7. Use of cookies

The website may use cookies to ensure the proper functioning of the website, improve the user experience, and — subject to consent — for statistical or marketing purposes.

Cookies are small text files stored by your browser on your device.

The cookies used on the website may fall into the following categories:

7.1. Essential cookies. These cookies are necessary for the basic operation of the website. They may include, for example, security cookies, session management cookies or cookies remembering user preferences. These cookies may be used without consent, as they are necessary for the operation of the website.

7.2. Analytics cookies. These cookies serve statistical purposes, for example to understand how visitors use the website. Analytics cookies are used only if the data subject has consented to them, unless the technical solution applied does not require consent under applicable law.

7.3. Marketing cookies. These cookies may help display advertisements, advertising content or remarketing content. Marketing cookies are used exclusively on the basis of the data subject's prior consent.

Upon the first visit to the website, the visitor is given the opportunity to manage cookie settings, in particular to accept or reject non-essential cookies.

8. Third-party services

The website may use services provided by third parties, such as web analytics, hosting, e-mail sending, newsletter sending or technical services.

Such a service may in particular include Google Analytics, if the website uses it for analytics purposes.

Services provided by third parties may have their own privacy policies, which are recommended to be reviewed.

9. Data security

The Data Controller applies appropriate technical and organisational measures to protect personal data, in particular against unauthorised access, alteration, transmission, disclosure, deletion, destruction, accidental damage or loss.

The Data Controller restricts access to data to the extent necessary.

10. Rights of data subjects

In relation to data processing, the data subject may exercise the following rights:

  • request information about the processing of their personal data,
  • request access to the personal data processed about them,
  • request rectification of inaccurate personal data,
  • request erasure of their personal data, if the legal conditions are met,
  • request restriction of data processing,
  • object to data processing based on legitimate interest,
  • withdraw consent at any time in the case of consent-based data processing,
  • may have the right to data portability,
  • lodge a complaint with the supervisory authority.

The data subject may exercise their rights by contacting [email protected].

The Data Controller shall respond to data subject requests within the statutory deadline.

11. Remedies

If the data subject believes that the processing of their personal data is unlawful, they may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information.

  • Authority: Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
  • Registered office: 1055 Budapest, Falk Miksa utca 9-11.
  • Postal address: 1363 Budapest, P.O. Box 9.
  • Telephone: +36 (30) 683-5969; +36 (30) 549-6838; +36 (1) 391 1400
  • E-mail: [email protected]
  • Website: https://www.naih.hu

The data subject may also turn to a court in the event of a violation of their rights.

12. Amendments to this Privacy Policy

The Data Controller is entitled to amend this Privacy Policy from time to time.

Any amendments shall be published by the Data Controller on the website. The amendment shall enter into force upon publication on the website, unless the amendment specifies a different effective date.