Ongoing checkout

You have an ongoing checkout process.

Privacy Notice

Last updated: 2025-09-10

This Privacy Notice for Hungarian by Heart ("we", "us", or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services by visiting our website at hungarianbyheart.com.

Data Collector

Definition: The natural or legal person, public authority, agency, or other body which determines the purposes and means of processing personal data.

That means the data controller is the one who decides:

  • Why personal data is collected (the purpose).
  • How personal data is collected, used, stored, or shared (the means).

The data controller for this website is: Lilla Lábas

Email: hungarianbyheart@gmail.com

Address: 4032 Debrecen, Akadémia utca 171.

What Information Do We Collect?

1. Personal Information Provided by You

  • Email, password, full name – upon registration
  • Billing address – upon registration / during checkout process
  • Lesson booking information – when you book lessons through our platform, including:
    • Lesson date, time and price
    • Cancellation data

All personal information that you provide to us must be true, complete and accurate and you must notify us of any changes to such personal data.

2. Personal Data Provided by Third Party Login Provider

If you log in to our service with a provider like Google, we request information from the provider:

  • Email, full name – upon registration

3. Payment Data

We collect payment data to handle lesson purchases. Payment data is processed by Stripe. You can read more about it in the Stripe Payment Processing section.

4. Usage Data

  • Performance metrics – using Vercel Speed insights to test and improve the website's performance
  • Website analytics e.g. page views, geolocation, device information etc. – using Google analytics

Why Do We Process Your Information and What Legal Bases Do We Rely On?

⚖️ Legal Basis: We process your data based on legitimate business interests, contractual necessity, and your consent where required.

We collect your data for the following purposes, and applicable legal bases listed in GDPR Article 6:

  • Service provision (lesson booking, materials) – contract (Art. 6(1)(b))
  • Account management (Firebase Auth) – contract (Art. 6(1)(b)) or legitimate interest (Art. 6(1)(f))
  • Payment processing (Stripe) – contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c))
  • Customer support – legitimate interest (Art. 6(1)(f))
  • Error logging & security (Sentry) – legitimate interest (Art. 6(1)(f))
  • Performance insights (Vercel Speed Insights) – legitimate interest (Art. 6(1)(f))
  • Website usage analysis (Google Analytics) – consent (Art. 6(1)(a))
  • Legal obligations (tax, accounting records) – legal obligation (Art. 6(1)(c))

With Whom Do We Share Your Personal Information?

Our website development and technical support may involve access to user data by qualified technical personnel. This access is limited to what is necessary for website functionality, security, troubleshooting, and maintenance purposes.

Third-party Services

Essential Service Providers

  • Firebase Authentication (Google LLC) – account login and authentication
  • Firestore (Google LLC) – data storage and user information
  • Stripe, Inc. – payment processing, subscription management, and financial data handling
  • Google Meet (Google LLC) – lesson delivery and video conferencing

Analytics & Monitoring

  • Sentry (Functional Software, Inc.) – error monitoring and debugging
  • Vercel Speed Insights (Vercel Inc.) – performance and usage insights
  • Google Analytics (Google LLC) – visitor analytics (only with your consent)

Communication Services

  • Email service providers – for lesson notifications and communications
  • Calendar services (Google calendar) – for lesson scheduling and reminders

These third-party services except Stripe are only processing your data. This means that they cannot do anything with your personal information unless we instruct them to do so. They also cannot share your personal information with any organization apart from us. They commit to protect the data they hold. Stripe also acts as a controller (see Stripe Payment Processing). Although Google analytics can behave as a controller too, we configured it in a privacy friendly way, so captured data cannot be used by Google (see Google Analytics Usage).

International Transfers: These providers may transfer data outside the EU/EEA (e.g., to the United States). In such cases, transfers are safeguarded by Standard Contractual Clauses (SCCs), adequacy decisions, or other appropriate safeguards under GDPR.

Stripe Payment Processing

💳 Payment Security: All payment data is processed securely by Stripe and is never stored on our servers.

What Stripe processes:

  • Payment method information (credit/debit card details, bank account information)
  • Transaction data and payment history
  • Billing address and contact information
  • Identity verification data (if required)
  • Dispute and chargeback information

Stripe's role: Stripe acts as both a data processor (on our behalf) and an independent data controller for fraud prevention, regulatory compliance, and their own business purposes. Please review Stripe's Privacy Policy for details on their data handling practices.

Google Analytics Usage

Data Sharing with Google

We have configured Google Analytics with privacy-focused settings:

  • We do NOT share your data with Google for improving their products and services
  • We do NOT participate in Google's benchmarking or modeling programs
  • We do NOT allow Google technical support or account specialists to access our data
  • Google processes your data only as our data processor according to our instructions

Legal Safeguards

We have entered into Google's Data Processing Agreement to ensure your data is handled in compliance with applicable privacy laws, including GDPR where applicable.

Cookies Used

Google Analytics uses cookies to distinguish unique visitors and track sessions. These cookies do not contain personally identifiable information. For more information about our cookie usage, please see the next section about cookies.

Google's Privacy Policy

For information about how Google handles data in their products generally, please review Google's Privacy Policy.

Do We Use Cookies and Other Tracking Technologies?

🍪 Cookie Control: You have control over optional cookies and can change your preferences anytime.

We use essential cookies to provide our service seamlessly. With your consent we also use analytics cookies to improve our website. We do not use marketing cookies.

Essential Cookies (No consent required)

  • Authentication cookies: Required for login and account access
  • Session cookies: Maintain your browsing session
  • Security cookies: Protect against fraud and security threats
  • Functional cookies: Remember your preferences and settings

Optional Cookies (Consent required)

  • Analytics cookies: Google Analytics for traffic analysis

Managing cookies: You can manage your preferences via the cookie banner, your profile settings, or your browser settings. Note that disabling essential cookies is not allowed on our website directly. They can be opted-out as well in browser settings, but that may break basic functionality of the website.

How Long Do We Store the Data?

⏰ Data Retention: We only keep data as long as necessary for business and legal purposes.

Account data:

  • User data: Stored until account exists (you can delete your account on the Profile page)

Lesson related data:

  • Cancellation data: maximum 3 months

Payment data:

Logs:

  • Errors (Sentry): 30 days
  • App logs (Vercel): 1 hour

Analytics data:

  • Event data: 2 months
  • User data: 14 months

How Do We Keep Your Information Safe?

🛡️ Security: We implement reasonable and appropriate safeguards to protect your data.

We use reasonable and appropriate technical and organizational safeguards to protect the personal information we process. However, no method of transmitting data over the internet or storing information can be guaranteed to be completely secure. This means we cannot promise that hackers, cybercriminals, or other unauthorized parties will never bypass our security and gain access to, steal, or alter your data. While we are committed to doing our best to keep your information safe, the transmission of personal data to and from our Services is ultimately at your own risk. We recommend only accessing our Services from a secure environment.

We protect your data through:

  • Encryption: Data encrypted in transit (HTTPS/TLS) and at rest
  • Access controls: Limited access to authorized personnel only
  • Monitoring: Continuous monitoring for security threats

Data breach notification: In the unlikely event of a data breach affecting your personal data, we will notify you and relevant authorities as required by law.

What Are Your Privacy Rights?

✊ Your Rights: You have comprehensive rights over your personal data. Contact us anytime to exercise them.

Depending on where you live—such as certain U.S. states, the European Economic Area (EEA), the United Kingdom, Switzerland, or Canada—you may have specific rights that give you more control over your personal information.

Under GDPR, you have the following rights:

Access & Information Rights

  • Right of access: Know what data we hold about you and how it's used
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to data portability: Receive your data in a machine-readable format

Control & Deletion Rights

  • Right to erasure ("right to be forgotten"): Request deletion of your data
  • Right to restriction: Limit processing in certain circumstances
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: For consent-based processing (e.g., analytics)

How to Exercise Your Rights

  • Contact us directly at hungarianbyheart@gmail.com
  • Use the cookie management settings to withdraw consent
  • We will respond to your request within 30 days
  • Some requests may require identity verification for security

Complaints: You have the right to lodge a complaint with your local Data Protection Authority if you believe your data rights have been violated.

Children's Privacy

👨‍👩‍👧‍👦 Minors: Special protections apply for users under 13.

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Automated Decision-Making

🤖 No Automated Decisions: We don't use automated systems to make decisions about you.

This website does not use automated decision-making, profiling, or algorithmic processing that would significantly affect you. All decisions regarding your lessons, account, and services are made by humans.

Changes to This Privacy Notice

📝 Updates: We'll notify you of any significant changes to this privacy notice.

We may update this Privacy Notice from time to time to reflect:

  • Changes in our services or business practices
  • Updates to applicable laws and regulations
  • Improvements to our data protection practices

For significant changes, we will notify you by email or through a notice on our website. The "Last updated" date at the top shows when this notice was last revised.

Contact Information

📞 Get in Touch: Have questions about your data or this privacy notice? We're here to help.

Data Protection Contact:

Lilla Lábas - Hungarian By Heart
Email: hungarianbyheart@gmail.com
Website: hungarianbyheart.com

Response time: We aim to respond to all privacy-related inquiries within 72 hours.