Privacy Policy

1. Introduction

This Privacy Policy explains in a transparent way how Finna Research & Medical Kft. processes personal data in connection with the webshop and related services, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Hungarian law.

2. Data controller contact details

Finna Research & Medical Korlátolt Felelősségű Társaság
4405 Nyíregyháza, Lombkorona utca 52., Hungary
Tax number: 25730113-2-15
E-mail: info@finnaresearch.hu

3. Categories and purposes of processed data

3.1. Contact form

Processed data: name, e-mail address, subject, message and the time of form submission. Purpose: receiving enquiries and providing customer service replies. Legal basis: consent and legitimate interest.

3.2. Shop purchase (WooCommerce)

Processed data: name, billing and shipping address, e-mail address, phone number, ordered products, order and payment data, and billing data. Purpose: fulfilment of the contract, invoicing, delivery and complaint handling. Legal basis: performance of contract and legal obligation.

3.3. Newsletter and marketing messages (Mailchimp)

Processed data: e-mail address, name if provided, subscription time, newsletter open and click statistics. Purpose: marketing information about new products, promotions and campaigns. Legal basis: consent. You may unsubscribe at any time via the link in the message or by e-mail.

3.4. Online advertising and remarketing

The webshop may use Facebook ads, Google Ads campaigns and remarketing solutions. These platforms may use cookies and similar technologies to display, measure and target advertisements.

4. Cookies and analytics

The webshop uses cookies and similar technologies. Non-essential cookies, such as analytics and marketing cookies, require visitor consent through the cookie / consent interface displayed on the site.

• Google Analytics / Google Tag – traffic and conversion measurement;
• Google Ads – advertising and remarketing;
• Meta (Facebook) Pixel – ad measurement and targeting;
• Mailchimp – newsletter and marketing communication;
• WooCommerce – cart, login and order functionality.

Cookies may be restricted or deleted in the browser; this may affect some functions of the website.

5. Processors and data transfers

The Data Controller may use processors such as hosting providers, e-mail providers, payment providers, invoicing systems, Mailchimp and Google/Meta advertising platforms. Processors may act only according to the Data Controller’s instructions and with appropriate contractual and security safeguards.

If data is transferred outside the European Economic Area, the Data Controller ensures compliance with GDPR requirements.

6. Data retention

• Contact messages: usually 2 years, longer if legal claims require it;
• Purchase and billing data: according to accounting law, typically 8 years;
• Marketing consent: until consent is withdrawn;
• Cookie consents: for the period recorded in the consent system.

7. Rights of data subjects

Data subjects have the right of access, rectification, erasure, restriction of processing, data portability, objection and withdrawal of consent. Complaints may be submitted to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).

8. Data security

The Data Controller applies appropriate technical and organisational measures to protect personal data, including access control, encrypted connections (HTTPS) and permission management.

9. Minors

The webshop services are not aimed at children under 16 for marketing purposes. Food supplement purchases by minors should be made with the involvement of a legal representative.

10. Changes to this notice

The Data Controller may update this notice. Changes take effect when published in the webshop.