Skip to content

Privacy Policy

Table of Contents

  • 1. Purpose of the Privacy Policy
  • 2. Data Controller Information
  • 2.1 Data Protection Officer
  • 3. Scope of Processed Personal Data
  • 3.1 Technical Data
  • 3.2 Cookies
  • 3.2.1 Purpose of Cookies
  • 3.2.2 Essential Session Cookies
  • 3.2.3 Third-party Cookies (Analytics)
  • 3.2.4 List of Cookies on the Controller’s Websites
  • 4. General Data Processing Guidelines, Data Processing Names, Uses, Legal Basis, and Retention Period
  • 4.1 Data Related to Online Orders
  • 4.2 Data Related to Online Services
  • 4.3 Data Related to Telephone Services
  • 4.4 Data Related to Newsletters / eDM
  • 4.5 Customer Contact Data
  • 4.6 Data Related to Invoicing
  • 4.7 Personal Data Provided During Registration
  • 4.8 Personal Data Provided During Purchase
  • 4.9 Warranty Management
  • 4.10 Consumer Protection Complaint Handling
  • 5. Physical Locations of Data Storage
  • 6. Data Transfer, Data Processing, Scope of Data Recipients
  • 6.1 Data Transfer to Third Countries
  • 7. Rights of Data Subjects and Enforcement Options
  • 7.1 Right to Information
  • 7.2 Right to Access
  • 7.3 Right to Rectification
  • 7.4 Right to Erasure
  • 7.5 Right to Restrict Processing
  • 7.6 Right to Data Portability
  • 7.7 Right to Object
  • 7.8 Automated Decision-Making in Individual Cases, Including Profiling
  • 7.9 Right to Withdraw Consent
  • 7.10 Right to Seek Judicial Remedy
  • 8. Other Provisions

1. Purpose of the Privacy Policy

Lost Garden Biotechnological Ltd. (headquarters: 7635 Pécs, Nagyszkókói út 40.), as the data controller, acknowledges the content of this legal notice as binding upon itself. It undertakes to ensure that all data processing related to its activities complies with the requirements set out in this policy, the applicable national laws, and the legal acts of the European Union.

This privacy policy applies to the following domains and their subdomains:

  • www.lostgarden.hu

The data protection principles related to the data controller’s data processing are continuously available at www.lostgarden.hu/adatkezelesi-tajekoztato. The data controller reserves the right to modify this notice at any time. Changes will be communicated to the affected parties in a timely manner. If you have any questions related to this notice, please write to us, and we will respond to your query.

The data controller is committed to protecting the personal data of its customers and partners, and considers it of utmost importance to respect the right to informational self-determination of its customers. The data controller handles personal data confidentially and takes all necessary security, technical, and organizational measures to ensure the security of the data. The data controller details its data processing practices below.

2. Data Controller Information

If you wish to contact the company, you can do so at info@lostgarden.hu.

  • Full name of the company: Lost Garden Biotechnological Ltd.
  • Short name of the company: Lost Garden Ltd.
  • Headquarters: 7635 Pécs, Nagyszkókói út 40.
  • Mailing address: 7635 Pécs, Nagyszkókói út 40.
  • Company registration number: 02 09 088311
  • Tax number: 32544664-2-02
  • EU tax number: HU32544664-2-02
  • Agricultural chamber registration number: C000000851648

2.1 Data Protection Officer

The data controller does not engage in activities that would necessitate the appointment of a data protection officer.

3. Scope of Processed Personal Data

3.1 Technical Data

The data controller selects and operates the IT tools used for the management of personal data during the provision of the service in such a way that the processed data:

  • is accessible to authorized individuals (availability);
  • its authenticity and verification are ensured (authenticity of data processing);
  • its integrity can be verified (data integrity);
  • is protected against unauthorized access (data confidentiality).

The data controller protects the data with appropriate measures against unauthorized access, alteration, transfer, disclosure, deletion, or destruction, as well as accidental destruction.

The data controller ensures the protection of data processing security with technical, organizational, and organizational measures that provide an appropriate level of protection against the risks associated with data processing.

During data processing, the data controller maintains confidentiality: protecting information so that only authorized individuals can access it; integrity: protecting the accuracy and completeness of the information and the method of processing; availability: ensuring that authorized users can access the desired information when needed, and that the necessary tools are available.

3.2 Cookies

3.2.1 Purpose of Cookies

Cookies collect information about visitors and their devices; they remember visitors’ individual settings, which may be used, for example, when utilizing online transactions, so they do not need to be re-entered; they facilitate the use of the website; provide a high-quality user experience, and participate in collecting some visitor statistical information. For a customized service, a small data package, known as a cookie, is placed on the user’s computer and read back during subsequent visits. If the browser returns a previously saved cookie, the service provider managing the cookie can link the user’s current visit with previous ones, but only regarding its own content.

Some cookies do not contain personal information suitable for identifying the individual user, while others contain a secret, randomly generated sequence of numbers stored by the user’s device and ensure the user’s identification.

3.2.2 Essential Session Cookies

The purpose of these cookies is to allow visitors to fully and smoothly browse the www.lostgarden.hu website, use its functions, and access the available services. The validity period of these types of cookies lasts until the end of the session (browsing). These cookies are automatically deleted from the computer or other browsing device when the browser is closed.

3.2.3 Third-Party Cookies (Analytics)

The lostgarden.hu and its subdomains use third-party cookies, specifically those from Google Analytics. By using the statistical services of Google Analytics, the lostgarden.hu and its subdomains collect information about how visitors use the websites. This data is used for the purpose of website development and to improve the user experience. These cookies remain on the visitor’s computer or other browsing device in their browser until they expire or until the visitor deletes them.

3.2.4. Legal Basis for Cookie Management

The legal basis for cookie management is the visitor’s consent, according to Article 6(1)(a) of the applicable Regulation.

If you do not accept the use of cookies, certain functions listed in section 3.2.3 of the websites will not be available during your use of the websites, or certain functions may not work properly.

For more information on how to delete cookies in common browsers, you can refer to the following links:

  • Firefox: [Delete cookies to remove the information websites have stored on your computer](https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored)
  • Chrome: [Clear cache & cookies](https://support.google.com/accounts/answer/32050)
  • Safari: [Manage cookies and website data in Safari on Mac](https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac)

3.2.5 List of Cookies on the Controller’s Websites

Necessary Cookies for Website Operation

  • Detailed Description: These cookies are essential for the use of the website and enable the use of its basic functions. Without these, many features of the site will not be available.
  • Expiration: End of session
  • Nature: Does not collect personal information

User Experience Enhancement Cookies

  • Detailed Description: These cookies collect information about the use of the website and serve to improve the user experience.
  • Expiration: End of session
  • Nature: Does not collect personal information

Session Cookies

  • Detailed Description: These cookies store the visitor’s location, browser language, and currency for payment.
  • Expiration: Maximum 2 hours or when the browser is closed

Last Viewed Product Cookie

  • Detailed Description: Records the last viewed product.
  • Expiration: 60 days

Last Viewed Product Category Cookie

  • Detailed Description: Records the last viewed product category.
  • Expiration: 60 days

Cart Cookie

  • Detailed Description: Stores data of the products placed in the cart.
  • Expiration: 360 days

1P_JAR

  • Provider: Google.com and Gstatic.com
  • Detailed Description: This cookie is used to collect website statistics and track conversion rates.
  • Expiration: 2 years
  • Nature: Does not collect personal information

CONSENT

  • Detailed Description: This cookie is used to store settings related to the acceptance of cookies.
  • Expiration: 1 year
  • Nature: Does not collect personal information

viewedExitPopupWP

  • Detailed Description: This cookie is used to store settings for information communicated when leaving the website.
  • Expiration: 30 nap
  • Nature: Does not collect personal information

NID

  • Provider: Google.com
  • Detailed Description: These cookies enable our websites to remember how the website behaves or looks, such as your preferred language or region.
  • Expiration: 10 years
  • Nature: Does not collect personal information

_ga

  • Provider: Google.com
  • Detailed Description: Google Analytics cookies are used to measure traffic on our website. A single text string is stored to identify the browser, timestamp of interactions, and the source page that led the user to the website.
  • Expiration: 2 years
  • Nature: Does not collect personal information

_gat

  • Provider: Google.com
  • Detailed Description: Google Analytics cookies are used to measure traffic on our website. A single text string is stored to identify the browser, timestamp of interactions, and the source page that led the user to the website.
  • Expiration: 2 years
  • Nature: Does not collect personal information

_gid

  • Provider: Google.com
  • Detailed Description: Google Analytics cookies are used to measure traffic on our website. A single text string is stored to identify the browser, timestamp of interactions, and the source page that led the user to the website.
  • Expiration: 2 years
  • Nature: Does not collect personal information

4. General Data Processing Guidelines, Data Processing Names, Uses, Legal Basis, and Retention Period

The data processing activities of the controller are based on voluntary consent or legal authorization. In the case of data processing based on voluntary consent, the data subjects may withdraw their consent at any stage of the data processing.

In certain cases, the processing, storage, and transfer of certain data provided are mandatory by law, and our customers will be specifically informed of this. We remind data providers that if they provide data that is not their own personal data, it is their responsibility to obtain the consent of the data subject. The data processing principles are in line with the applicable data protection laws, including, but not limited to:

  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.);
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR);
  • Act V of 2013 on the Civil Code (Ptk.);
  • Act C of 2000 on Accounting (Accounting Act);
  • Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (AML Act);
  • Act CCXXXVII of 2013 on Credit Institutions and Financial Enterprises (Banking Act).

The data controller has created data maps based on which the scope of processed data, their uses, legal basis, and retention periods have been determined.

4.1 Data Related to Online Orders

Through the website, it is possible to order products. The personal data requested during the ordering process are:

  • Name (mandatory field)
  • Email address (mandatory field)
  • Phone number (optional field, can be filled out for callback requests)

For certain services, such as website maintenance, additional personal data may also be transferred.

Purpose of Data Processing and Intended Use: The data are used to fulfill the order.

Legal Basis for Data Processing: Contractual obligation.

Retention Period: Duration of the business relationship or until a deletion request is made.

4.2 Data Related to Online Customer Service

The personal data requested during contact:

  • Name (mandatory field)
  • Email address** (mandatory field)
  • Phone number** (optional field, can be filled out for callback requests)

Purpose of Data Processing and Intended Use: The data are used for contact and to fulfill the order.

Legal Basis for Data Processing: Voluntary consent.

Retention Period: Duration of the business relationship or until a deletion request is made.

4.3 Data Related to Telephone Customer Service

The personal data requested during contact:

  • Name (mandatory field)
  • Phone number (optional field, can be filled out for callback requests)

Purpose of Data Processing and Intended Use: The data are used for contact and to fulfill the order.

Legal Basis for Data Processing: Voluntary consent.

Retention Period: Duration of the business relationship or until a deletion request is made.

4.5 Customer Contact Data

The following personal data and contact details of company managers and contacts of customers are stored:

  • Name
  • Email address
  • **Phone number

Purpose of Data Processing and Intended Use: The data are used for contact and communication purposes.

Legal Basis for Data Processing: Legitimate interest.

Retention Period: Duration of the business relationship or until a deletion request is made.

4.6 Personal Data Provided During Registration

It is possible to register on the website’s webshop module, which facilitates the use of additional services by not requiring repeated data entry. The personal data processed during registration are:

  • Name
  • Email address
  • Address
  • Phone number
  • Purchase information (product, date, etc.)

Purpose of Data Processing and Intended Use: Billing.

Legal Basis for Data Processing: Voluntary consent.

Retention Period: Until withdrawal.

4.7 Personal Data Provided During Purchase

If you wish to place an order through the webshop module, the data processing and provision of data during the purchase are essential for fulfilling the contract. The personal data processed during the purchase are:

  • Name
  • Email address
  • Address
  • Phone number
  • Purchase information (product, date, etc.)

Purpose of Data Processing and Intended Use: Fulfillment of contractual obligations.

Legal Basis for Data Processing: Contractual obligation.

Retention Period: According to legal requirements, current year + 5 years.

4.8 Data Related to Billing

The data controller enters into contracts with its customers for the ordered services, during which the following data are stored:

  • Name
  • Email address
  • Address

Purpose of Data Processing and Intended Use: Billing.

Legal Basis for Data Processing: Legal requirement.

Retention Period: According to legal requirements, current year + 5 years.

4.9 Warranty Management

If you initiate warranty management, the data processing and provision of data are essential for the management. The personal data processed are:

  • Name
  • Email address
  • Phone number
  • Complaint

Purpose of Data Processing and Intended Use: Warranty management.

Legal Basis for Data Processing: Voluntary consent.

Retention Period: According to consumer protection laws, current year + 5 years.

4.10 Consumer Protection Complaint Management

If you submit a consumer protection complaint, the data processing and provision of data are essential for the management. The personal data processed are:

  • Name
  • Email address
  • Phone number
  • Complaint

Purpose of Data Processing and Intended Use: Consumer protection complaint management.

Legal Basis for Data Processing: Voluntary consent.

Retention Period: According to consumer protection laws, current year + 5 years.

5. Physical Locations of Data Storage

Your personal data (i.e., data that can be associated with you) may be processed in the following ways:

  • Firstly, in connection with maintaining the internet connection, technical data related to your computer, browser program, internet address, and visited pages are automatically generated in our computer system.
  • Secondly, you may provide your name, contact details, or other information if you wish to make personal contact with us while using the website. The technically recorded data during the operation of the system include: data of the login computer of the data subject, recorded automatically by the systems of lostgarden.hu and its subdomains as a result of technical processes.

The system automatically logs these data at the time of entry and exit without any specific statement or action by the data subject.

These data cannot be linked to other personal user data, except in cases required by law. Only the lostgarden.hu domain and its subdomains have access to these data.

6. Data Transfer, Data Processing, and Scope of Data Recipients

As part of its business activities, the data controller uses the following data processors:

Hosting Service:

  • MarkCon Informatikai Kft.
  • Address: 7623 Pécs, Móré Fülöp u. 33.
  • Email: info@markcon.hu
  • Scope of Data Accessed: Content of websites on the lostgarden.hu domain and subdomains, emails sent to email addresses based on these domains.

Billing:

  • Company Name
  • Company Address
  • Contact Information
  • Scope of Data Accessed: Issued invoices.

Accounting:

  • Gondoldó Kft.
  • Address:
  • Contact Information:
  • Scope of Data Accessed: Issued invoices.

Google Analytics:

  • Google Inc.
  • Location: Mountain View, California, USA
  • Scope of Data Accessed: Anonymized, non-personally identifiable IP addresses of visitors to webfolio.hu and fotofolio.hu.

Facebook Page:

  • Meta Inc.
  • Location: Menlo Park, California, USA
  • Scope of Data Accessed: Username, comments.

6.1 Data Transfer to Third Countries

Data is transferred to the United States of America, which is subject to an adequacy decision dated July 12, 2016 (EU-US Privacy Shield).

The adequacy decision applies to the data controllers Google (Google Privacy Policy) and Facebook (Facebook Privacy Shield).

7. Rights of the Data Subject and Legal Remedies

The data subject can request information about the processing of their personal data and request the rectification, deletion, or withdrawal of their personal data, except for mandatory data processing, and exercise their right to data portability and objection in the manner indicated at the time of data collection or through the contact details of the data controller provided above.

7.1 Right to Information

The data controller takes appropriate measures to provide all the information mentioned in Articles 13 and 14 of the GDPR and any communication under Articles 15 to 22 and 34 relating to the processing of personal data to the data subjects in a concise, transparent, intelligible, and easily accessible form, using clear and plain language.

7.2 Right of Access

The data subject has the right to obtain confirmation from the data controller as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the following information:

  • The purposes of the processing;
  • The categories of personal data concerned;
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • The envisaged period for which the personal data will be stored;
  • The existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing;
  • The right to lodge a complaint with a supervisory authority;
  • Where the personal data are not collected from the data subject, any available information as to their source;
  • The existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The data controller provides a copy of the personal data undergoing processing. For any further copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. The information will be provided within one month of the request.

7.3 Right to Rectification

The data subject has the right to obtain from the data controller the rectification of inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed.

7.4 Right to Erasure

The data subject has the right to obtain from the data controller the erasure of personal data concerning them without undue delay, and the data controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • The data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
  • The data subject objects to the processing, and there are no overriding legitimate grounds for the processing;
  • The personal data have been unlawfully processed;
  • The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject;
  • The personal data have been collected in relation to the offer of information society services.

The right to erasure does not apply if processing is necessary for exercising the right of freedom of expression and information, compliance with a legal obligation, the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, for reasons of public interest in the area of public health, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or the establishment, exercise, or defense of legal claims.

7.5 Right to Restrict Processing

The data subject has the right to obtain from the data controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data;
  • The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • The data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims;
  • The data subject has objected to processing pending the verification of whether the legitimate grounds of the data controller override those of the data subject.

Where processing has been restricted under this provision, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

7.6 Adathordozáshoz való jog

The data subject has the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used, and machine-readable format and has the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided.

7.7 Right to Object

The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller or necessary for the purposes of the legitimate interests pursued by the data controller or a third party, including profiling based on those provisions. The data controller shall no longer process the personal data unless the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

7.8 Right Not to Be Subject to Automated Decision-Making, Including Profiling

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

7.9 Right to Withdraw Consent

The data subject has the right to withdraw their consent at any time

7.10 Right to Lodge a Complaint

The data subject has the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data relating to them infringes the GDPR.

The data subject can bring proceedings before a court. The court shall act in the case out of turn.

Data Protection Authority Procedure

Complaints can be lodged with the National Authority for Data Protection and Freedom of Information

  • Name: National Authority for Data Protection and Freedom of Information
  • Székhely: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
  • Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
  • Mailing Address: 1530 Budapest, Pf.: 5.
  • Phone: +36 1 391 1400
  • Fax: +36 1 391 1410
  • Email: ugyfelszolgalat@naih.hu
  • Website: http://www.naih.hu

8. Other Provisions

For data processing activities not listed in this notice, information will be provided at the time of data collection. We inform our customers that the court, the prosecutor, the investigating authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, or other bodies authorized by law may request the data controller to provide information, disclose data, transfer data, or make documents available.

The data controller shall disclose personal data to authorities only to the extent and in such an amount as is indispensable for the purpose of the request, provided that the authority has specified the exact purpose and scope of the data.

(This privacy notice has been prepared based on the recommendation of the Budapest Chamber of Commerce and Industry.)