Privacy Policy

Effective date: January 1, 2025

This Privacy Policy describes how personal data is collected, used, and protected through the website of Chateau Káldi Winery (hereinafter: Website). This policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR) and the applicable data protection laws of Hungary.

1. Data Controller Information

  • Data Controller: Péter Káldi (natural person)
  • Brand name: Chateau Káldi Winery
  • Registered address: European Union, Hungary, Mád
  • Representative: Mr. Peter Káldi (Winemaker)
  • E-mail: peterkaldi@chateaukaldi.com

2. Scope of This Policy

This Privacy Policy applies to all personal data collected through the Contact form available on the Website.

3. Categories of Personal Data Collected

When you submit the Contact form on the Website, the following personal data is collected:

  • First Name
  • Last Name
  • E-mail address
  • Phone number
  • Message

4. Purpose of Data Processing

Your personal data is processed for the following purposes:

  • Receiving and responding to inquiries submitted through the Website.
  • Establishing and maintaining communication with you.
  • Handling business inquiries, orders, and potential cooperation opportunities.

5. Legal Basis for Data Processing

The legal basis for processing your personal data is your voluntary consent pursuant to Article 6(1)(a) of the GDPR. By completing and submitting the Contact form, you voluntarily consent to the processing of your personal data for the purposes described in this Privacy Policy.

You have the right to withdraw your consent at any time without giving reasons. The withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal.

6. Duration of Data Processing

Your personal data will be retained until the purpose of the contact has been fulfilled, or until you withdraw your consent. If you do not withdraw your consent, your data will be stored for a maximum period of 2 (two) years from the date of the last contact, after which it will be deleted.

If a contractual relationship is established as a result of the communication, data retention obligations arising from applicable legislation (e.g., accounting and tax regulations) shall apply.

7. Data Storage and Security

The Data Controller treats all personal data as confidential and takes all necessary technical and organisational measures to ensure their security. Personal data is accessible only to the Data Controller and to data processors engaged by the Data Controller, solely to the extent necessary to fulfil the purposes of data processing.

Security measures include, but are not limited to:

  • Use of encrypted connections (SSL/TLS) on the Website.
  • Access control to systems storing personal data.
  • Regular review of data processing practices and security measures.

8. Data Processors and Data Transfers

The Data Controller may engage the following data processors in connection with the processing of personal data:

  • Web hosting provider: The service provider ensuring the operation of the Website, which has technical access to data stored on its servers.
  • E-mail service provider: The service provider facilitating the delivery of e-mails sent within the context of the contact.

The Data Controller does not transfer personal data to third countries (countries outside the EEA), unless the country in question ensures an adequate level of data protection or appropriate safeguards under the GDPR are in place.

The Data Controller does not disclose personal data to third parties, unless required to do so by law or with the explicit consent of the data subject.

9. Your Rights as a Data Subject

Under the GDPR, you are entitled to the following rights:

  • Right of access (Article 15 GDPR): You have the right to request information about whether your personal data is being processed and, if so, to access the personal data and related information.
  • Right to rectification (Article 16 GDPR): You have the right to request the correction of inaccurate personal data or the completion of incomplete data.
  • Right to erasure – „right to be forgotten” (Article 17 GDPR): You have the right to request the deletion of your personal data if the purpose of processing has ceased, you have withdrawn your consent, or the processing is unlawful.
  • Right to restriction of processing (Article 18 GDPR): You have the right to request the restriction of processing if you contest the accuracy of the data, the processing is unlawful, or the Data Controller no longer needs the personal data.
  • Right to data portability (Article 20 GDPR): You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format.
  • Right to object (Article 21 GDPR): You have the right to object at any time to the processing of your personal data.
  • Right to withdraw consent (Article 7(3) GDPR): You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You may exercise any of the above rights by contacting the Data Controller at: peterkaldi@chateaukaldi.com.

The Data Controller shall respond to your request without undue delay and in any event within 1 (one) month of receipt of the request. This period may be extended by a further 2 (two) months where necessary, taking into account the complexity and number of requests, and the Data Controller shall inform you of any such extension.

10. Right to Lodge a Complaint

If you believe that the processing of your personal data infringes the GDPR or applicable data protection laws, you may seek remedy through the following channels:

  • Complaint to the Data Controller: You may contact the Data Controller directly at peterkaldi@chateaukaldi.com.
  • Complaint to the supervisory authority: You have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):
  • Judicial remedy: You have the right to bring proceedings before a court if you consider that the Data Controller has processed your personal data in breach of the applicable data protection regulations. You may bring the action before the competent court of your place of residence or habitual residence.

11. Use of Cookies

The Website may use cookies during its operation. Cookies are small text files stored on your device by your browser. For detailed information about the types and use of cookies, please refer to the Website’s separate Cookie Policy.

12. Changes to This Privacy Policy

The Data Controller reserves the right to amend this Privacy Policy at any time. The amended Privacy Policy will be published on the Website and shall take effect on the date of publication. The Data Controller will inform data subjects of material changes through the Website.

13. Governing Law

Any matters not covered by this Privacy Policy shall be governed by the GDPR, the applicable Hungarian data protection legislation, and the Hungarian Civil Code (Act V of 2013).

If you have any questions regarding the processing of your personal data, please do not hesitate to contact us at: peterkaldi@chateaukaldi.com.

Last updated: January 1, 2025