Privacy Policy

This Privacy Policy can be downloaded and printed by clicking the button below:

Privacy Policy

Privacy Policy

www.mealblogger.com

Effective Date: 1 June 2026

The purpose of this Privacy Policy is to provide information about the method, purpose, legal basis, and duration of the processing of personal data, as well as the rights of data subjects, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and the applicable Hungarian data protection laws.

1. Details of the Data Controller

The controller responsible for processing your personal data is:

Business Name: Rita Földi Sole Proprietor
Registered Office: 2225 Üllő, Papp László u. 1. G. ép. A. lph. 1st floor 3., Hungary
Postal Address: 2225 Üllő, Papp László u. 1. G. ép. A. lph. 1st floor 3., Hungary
Tax Identification Number: 56530335-1-33
Registration Number: 55185798
Registering Authority: National Tax and Customs Administration of Hungary
Bank Account Number: 11600006-00000002-00335207
Representative: Rita Földi
Website: www.mealblogger.com
E-mail Address: info@mealblogger.com

Hereinafter referred to as the “Data Controller”.

2. Purpose of this Policy

The Data Controller is committed to protecting the personal data of website visitors, customers, newsletter subscribers, and clients. All data processing is carried out in compliance with the applicable data protection laws, in particular the provisions of the GDPR.

This Notice describes:

  • what personal data we process,
  • for what purposes and on what legal basis the data is processed,
  • how long the data is stored,
  • who may have access to the data,
  • and what rights data subjects are entitled to.

The Data Controller processes personal data solely for the purposes specified in this Notice and does not disclose such data to unauthorized third parties.

3. Acceptance of the Notice

Viewing the website itself does not require the provision of personal data. However, the use of certain website functions (such as contacting us, making a purchase, or subscribing to the newsletter) may require the provision of certain personal data.

The use of non-essential cookies (e.g. marketing and analytics cookies) requires the prior consent of the data subject, which may be withdrawn at any time.

4. Definitions

Data Controller

The natural or legal person who determines the purposes and means of the processing of personal data.

Data Processor

The natural or legal person who processes personal data on behalf of the Data Controller.

Personal Data

Any information relating to an identified or identifiable natural person.

Data Processing

Any operation performed on personal data, such as collection, storage, organization, use, transfer, or deletion.

Data Subject

The natural person to whom the personal data relates.

Consent

Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of their personal data.

Data Breach

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

User

A visitor or user of the website: www.mealblogger.com

5. Principles of Data Processing

The Data Controller processes personal data:

  • lawfully,
  • fairly,
  • transparently,
  • solely for specified purposes,
  • only to the extent necessary,
  • and with appropriate security measures in place.

The Data Controller takes all reasonable technical and organizational measures to ensure the security of the personal data it processes.

6. Categories of Personal Data Processed

The Data Controller may process the following personal data:

  • name,
  • billing and mailing address,
  • email address,
  • telephone number,
  • company name and contact details (in the case of corporate clients),
  • IP address,
  • browser type,
  • operating system information,
  • statistical and technical data related to website activity.

7. Purpose, Legal Basis, and Duration of Data Processing

The Data Controller processes personal data only for as long as necessary.

The Data Controller deletes or anonymizes personal data once the purpose of processing has ceased or the legally required retention period has expired.

Purpose of ProcessingData ProcessedLegal BasisRetention Period
Contact inquiriesname, email addressGDPR Article 6(1)(a)1 year
Newsletter distributionname, email addressconsentuntil consent is withdrawn
Webshop purchasesname, address, email address, purchase dataperformance of a contract8 years
Invoicingbilling datalegal obligation8 years
Ensuring the secure operation, technical stability, and IT protection of the websiteIP address, browser type, operating system, time of visit, log files, technical error dataGDPR Article 6(1)(f)maximum 90 days
Commentsname, email address, IP addressGDPR Article 6(1)(f)until consent is withdrawn or a deletion request is submitted
Management of product reviewsname, email address, IP address, review contentGDPR Article 6(1)(f)until the product is available or until a deletion request is submitted
Analyticscookie identifiers, behavioral dataconsent14 months
Marketing/remarketingcookie dataconsentuntil consent is withdrawn

8. Data Transfers and Data Processors

The Data Controller transfers or makes personal data accessible only in compliance with applicable laws and only to the extent necessary to those data processors and partners who contribute to the operation of the Data Controller’s services.

The purposes of data transfers include in particular:

  • provision of hosting services,
  • newsletter distribution,
  • invoicing,
  • processing online payments,
  • web analytics and statistical analysis,
  • marketing activities,
  • fulfillment of accounting and legal obligations.

Data processors may process personal data solely based on the instructions of the Data Controller and in accordance with the applicable data protection laws.

Remarketing

The website may use remarketing technologies that allow visitors to receive personalized advertisements based on their interests.

9. Data Processors Used by the Data Controller

Hosting Provider

Name: Tárhely.Eu Szolgáltató Kft.
Registered Office: 1144 Budapest, Ormánság u. 4. X. em. 241., Hungary
Website: https://tarhely.eu/
E-mail Address: iroda@tarhely.eu
Telephone Number: +36 1 789-2-789

Privacy Policy: https://tarhely.eu/dokumentumok/adatvedelmi_szabalyzat.pdf

Tasks:

  • hosting services,
  • server operation,
  • ensuring data security.

Cookie Consent Management Platform (CMP)

Name: CookieHub ehf.

Registered Office: Hafnargata 55, 230 Reykjanesbær, Izland

Website: https://www.cookiehub.com/

Privacy Policy: https://www.cookiehub.com/privacy-policy

Tasks:

  • management of cookie-related consents,
  • storage of consent logs,
  • management of cookie settings,
  • support for GDPR and ePrivacy compliance.

Google Services

Name: Google LLC

Registered Office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Contact information: https://knowledge.workspace.google.com/admin/compliance/how-google-protects-your-organizations-security-and-privacy?hl=en&visit_id=639146902373713801-1471780183&rd=1

Privacy Policy: https://policies.google.com/privacy?hl=hu

The Data Controller may use the following Google services:

  • Google Analytics,
  • Google Tag Manager,
  • Data Studio,
  • Google Drive,
  • Google Ads,
  • YouTube.

When using Google services, personal data may be transferred outside the European Union, particularly to the United States.

Such transfers are carried out with appropriate safeguards, especially:

  • the Standard Contractual Clauses (SCCs) adopted by the European Commission,
  • and the EU-US Data Privacy Framework.

Meta Platforms Ireland Ltd.

Registered Office: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Írország

Meta Privacy Policy:  https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

Data Protection Officer contact: https://help.meta.com/support/privacy/

The Data Controller may use Meta services for marketing and communication purposes, including:

  • Facebook,
  • Instagram,
  • Messenger.

Through Meta services, statistical and marketing-related data processing may occur, including remarketing and advertisement optimization functions.

In relation to certain Meta services, the Data Controller and Meta Platforms Ireland Ltd. may qualify as joint controllers.

Brevo (formerly Sendinblue Inc.)
Registered Office: 55 Rue d’Amsterdam, 75008, Paris, France

Privacy Policy: https://www.brevo.com/legal/privacypolicy/

Tasks:

  • newsletter distribution,
  • email automation,
  • management of marketing communications.

Online Payment Service Providers

PayPal

PayPal (Europe) S.à r.l. et Cie, S.C.A.
Registered Office: 22-24 Boulevard Royal, L-2449 Luxembourg

Contact information: https://www.paypal.com/hu/webapps/mpp/about

Privacy Policy: https://www.paypal.com/hu/legalhub/paypal/home

Task:

  • processing online payments.

Invoicing Service Provider

KBOSS.hu Kft. – Számlázz.hu
Registered Office: 1031 Budapest, Záhony utca 7.

Email: info@szamlazz.hu

Privacy Policy: https://www.szamlazz.hu/adatvedelem/

Tasks:

  • issuing invoices,
  • retaining accounting documents.

The Data Controller may modify the list of current data processors if necessary and will provide information about such changes by updating this Notice.

10. Rights of Data Subjects

Data subjects are entitled to the following rights regarding the processing of their personal data:

Right to Information

The data subject has the right to receive clear, transparent, and easily understandable information from the Data Controller regarding the processing of personal data.

Right of Access

The data subject has the right to obtain confirmation as to whether their personal data is being processed and to access the processed data and details of the processing.

Right to Rectification

The data subject may request the correction or completion of inaccurate or incomplete personal data.

Right to Erasure (“Right to be Forgotten”)

The data subject may request the deletion of their personal data if the purpose of the processing has ceased, consent has been withdrawn, or the processing is unlawful. The Data Controller shall not comply with the deletion request where the processing is required by law.

Right to Restriction of Processing

The data subject may request the restriction of processing, for example if they contest the accuracy or lawfulness of the processing of personal data.

Right to Data Portability

The data subject has the right to receive the personal data they have provided in a structured, commonly used, and machine-readable format, and may request the transfer of such data to another controller where the legal conditions are met.

Right to Object

The data subject has the right to object to the processing of personal data based on legitimate interests. In such cases, the Data Controller shall cease the processing unless compelling legitimate grounds justify the processing and override the rights and freedoms of the data subject.

The data subject also has the right to object to profiling and targeted advertising (remarketing) based on their personal data. In such cases, the processing of personal data for these purposes shall cease unless there are compelling legitimate grounds overriding the rights of the data subject.

The Data Controller does not carry out decision-making based solely on automated processing that would produce legal effects concerning the data subject or similarly significantly affect them. In certain cases, the Data Controller may use profiling for statistical and marketing purposes (e.g. personalized advertisements), which does not produce automatic legal effects concerning the data subject.

Right to Withdraw Consent

The data subject has the right to withdraw their consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

The data subject may unsubscribe from marketing communications (newsletter, promotional emails) at any time without providing reasons. Unsubscription may be initiated via the link included in all marketing emails or by sending an email to the Data Controller. Unsubscription qualifies as withdrawal of consent and does not affect the lawfulness of processing prior to the withdrawal.

The data subject may submit requests concerning the exercise of their rights by email at info@mealblogger.com or by post.

The Data Controller shall respond to requests without undue delay and no later than 30 days from receipt of the request.

The Data Controller reserves the right to verify the identity of the applicant in accordance with applicable laws.

11. Legal Remedies

If the data subject believes that the processing of their personal data violates the applicable laws, they have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) or seek judicial remedy.

Hungarian National Authority for Data Protection and Freedom of Information (NAIH)

Address: 1055 Budapest, Falk Miksa utca 9-11.
Website: https://naih.hu/
Email: ugyfelszolgalat@naih.hu
Phone: +36 1 391 1400

12. Processing of Minors’ Data

The website and the services of the Data Controller are primarily intended for persons over the age of 18.

The Data Controller does not knowingly collect personal data relating to children under the age of 16 without the consent of a parent or legal guardian.

If the Data Controller becomes aware that personal data of a child under the age of 16 has been processed without appropriate consent, such data will be deleted without delay.

13. Use of Cookies

The website uses cookies for the purposes of proper operation, improving user experience, statistical analysis, and marketing activities.

Detailed information regarding the use of cookies, their types, legal basis, retention periods, and the possibility of withdrawing consent is provided in the separate Cookie Policy.

The use of non-essential cookies is based solely on the prior consent of the data subject.

The website uses a Consent Management Platform (CMP) for managing cookies and recording user consents.

The consent management system used on the website is CookieHub.

The system ensures that non-essential cookies – particularly statistical, analytical, and marketing cookies – are activated only based on the prior and voluntary consent of the data subject.

The logging and management of consents are carried out through the CookieHub system in accordance with the GDPR accountability principle.

The website may also use Google Consent Mode v2 technology to ensure that Google services (e.g. Google Analytics, Google Ads) operate in accordance with the user’s consent choices.

The data subject may modify cookie settings or withdraw consent at any time through the cookie settings interface available on the website.

The website uses Google Tag Manager, which is a tag management system. Google Tag Manager itself does not collect personal data; however, it enables the loading of analytical, marketing, and other functionalities used on the website (e.g. Google Analytics, Meta Pixel, CookieHub).

These services are activated solely based on the prior consent of the data subject in accordance with the settings of the consent management system (CookieHub).

14. Data Security

The Data Controller implements appropriate technical and organizational measures to ensure the security of personal data and to prevent unauthorized access, alteration, transfer, disclosure, deletion, loss, or damage of personal data.

In particular, the Data Controller applies the following measures:

  • use of SSL/TLS encrypted data connections to protect data transmission through the website,
  • use of password-protected IT systems,
  • restriction and monitoring of access rights,
  • regular creation of backups,
  • use of up-to-date software and security updates,
  • use of antivirus protection and firewalls,
  • enhanced protection of administrative interfaces,
  • use of two-factor authentication where necessary,
  • verification of appropriate data security practices of data processors.

The Data Controller takes all reasonable measures to ensure the confidentiality, integrity, availability, and resilience of personal data during processing.

The technical and organizational measures applied during data processing are regularly reviewed and updated where necessary.

15. Management of Data Breaches

The Data Controller records and investigates data protection incidents and, where necessary, reports them to the supervisory authority and informs the affected data subjects in accordance with the provisions of the GDPR.

16. Amendments to this Policy

The Data Controller reserves the right to amend this Privacy Policy.

Any amendments shall enter into force upon publication on the website.