en
en

Privacy policy

Woven Hills Kft. – Woven Hills Publishing
Effective as of: the date of publication on the website

1. Introduction

The purpose of this Privacy Policy is to explain how Woven Hills Kft. (hereinafter: the “Controller”, “we”) collects, processes, and protects personal data provided in the course of using www.rebelheart-book.com (hereinafter: the “Website”, “Webshop”).

In the course of data processing, the Controller acts in compliance with the following laws in particular:

· Regulation (EU) 2016/679 (GDPR),

· Act CXII of 2011 on the Right to Informational Self-Determination and on Freedom of Information (Infotv.),

· Act CVIII of 2001 on Certain Issues of Electronic Commerce Services (Eker. tv.),

· Government Decree 45/2014 (II. 26.) on the detailed rules of contracts between consumers and businesses,

· Act C of 2000 on Accounting.

By using the Website, you accept the provisions of this Privacy Policy.

Contact: hello@wovenhills.com

2. Details of the Controller

Controller: Woven Hills Kft. (Woven Hills Publishing)
Registered seat: 2724 Újlengyel, Petőfi Sándor utca 48., Hungary
Company registration number: 13-09-227309
EU VAT number: HU32285691
E-mail: publishing@wovenhills.com

The Controller determines the purposes and means of data processing.

3. Categories and Sources of Personal Data Processed

3.1. Data Provided by You (during ordering or contact)

· name

· email address

· billing address

· shipping address

· selected delivery method and pick-up point details (Packeta, Foxpost)

· order details (products ordered, quantity, price, date/time of order)

· payment transaction identifier (Stripe)

We currently do not operate a newsletter and do not maintain any newsletter mailing list.

3.2. Automatically Collected Technical Data

During your visit to the Website, the following data may be automatically logged:

· IP address

· browser type and version

· operating system

· time zone

· pages visited, session duration

· referring page (referrer)

· cookie identifiers

3.3. Cookies and Similar Technologies

The Website uses cookies.
Details are set out in the Cookie Policy.

4. Purposes and Legal Bases of Data Processing

4.1. Performance of a Contract – GDPR Article 6(1)(b)

· receiving, processing, and fulfilling orders

· handling payments and issuing invoices

· customer service communication

4.2. Compliance with a Legal Obligation – GDPR Article 6(1)(c)

· retention of accounting records (invoices, bookkeeping)

· fulfilment of tax obligations

4.3. Legitimate Interest – GDPR Article 6(1)(f)

· maintaining the security of the Website

· preventing misuse and fraud

· compiling statistics to improve the operation of the Website (in anonymised form)

4.4. Consent – GDPR Article 6(1)(a)

· use of non-essential cookies (analytics, marketing)

· embedded third-party services (e.g. YouTube, Meta pixel)

You may withdraw your consent at any time; such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

5. Detailed Purposes of Data Processing

· operating the Webshop and providing cart and ordering functionality

· sale of products and fulfilment of orders

· organising delivery (Packeta, Foxpost)

· secure processing of payments (Stripe)

· compliance with legal obligations (invoicing, taxation)

· ensuring the security of IT systems

· statistical and analytical purposes (in anonymised form)

We do not sell, trade, or rent your personal data to third parties.

6. Processors and Data Transfers

Personal data are only shared with partners who are necessarily involved in order fulfilment or the operation of the Website.

6.1. Shipping Partners

· Packeta / Zásilkovna – international parcel delivery

· Foxpost – parcel lockers and home delivery in Hungary

Carriers process address and contact details for the purpose of delivering the parcel.

6.2. Payment Service Provider

· Stripe Payments Europe Ltd. (and affiliated entities) – processing online card payments

Stripe processes the data necessary for payment transactions.
The Controller does not see and does not store card data.

6.3. Hosting and Technical Service Providers

· Hostinger International Ltd. – web hosting

· WordPress / WooCommerce – Webshop engine

6.4. Analytics and Marketing (based on consent)

· Google Analytics – web statistics

· Meta (Facebook) Pixel – marketing and remarketing

· YouTube – embedded videos

All processing is carried out in accordance with the GDPR.

7. Data Retention Periods

We retain personal data only for as long as necessary.

7.1. Order and Billing Data

Retention period: 8 years (as required by the Accounting Act).

7.2. Customer Service Correspondence

Retention period: generally 2 years, unless a longer period is required due to a legal dispute or regulatory procedure.

7.3. Shipping Data

Retention period: 1 year from fulfilment of the order (for complaint handling and enforcement of claims), after which the data are deleted or anonymised.

7.4. Cookies

· Essential cookies: for the duration of the session or a short technical period only

· Analytics/marketing cookies: typically 1 day – 2 years, depending on the type; details are provided in the Cookie Policy.

After expiry of the retention period, the data are deleted or irreversibly anonymised.

8. Data Transfers Outside the EEA

Certain service providers (e.g. Stripe, Google, Meta, YouTube) may process data outside the European Economic Area (EEA). In such cases:

· data transfers are based on safeguards provided by EU law (e.g. Standard Contractual Clauses), and

· data subject rights remain protected.

9. Data Subject Rights

Under the GDPR, you have the following rights:

· Right of access – to receive information about the personal data we process about you,

· Right to rectification – to request correction of inaccurate or incomplete data,

· Right to erasure (“right to be forgotten”) – where there is no conflicting legal obligation,

· Right to restriction of processing,

· Right to object – where processing is based on legitimate interests,

· Right to data portability – for data processed on the basis of contract or consent,

· Right to withdraw consent – where processing is based on consent.

You may submit your request to exercise your rights via:

E-mail: hello@wovenhills.com

10. Remedies

If you believe that the processing of your personal data violates the GDPR or other applicable data protection laws, you have the right to:

· lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH), and/or

· bring the matter before a court.

NAIH contact details:
https://www.naih.hu

11. Data Security

To protect personal data, the Controller applies, among others:

· HTTPS encryption,

· firewall and server protection systems,

· access control,

· regular backups,

· protection against malicious code.

12. External Links

The Website may contain links to third-party websites (e.g. payment or logistics platforms).
The Controller is not responsible for the data processing practices of such third-party sites; we recommend reviewing the respective privacy policies of those websites.

Privacy policy

Withdrawal and return

Terms and conditions

Shipping and payment

Kovács Héda & Woven Hills Publishing 2025

Rebel Heart - A magyar tetoválás öröksége könyv

Cookie policy

Complaint Handling

About