Last updated: 2025-03-23
Privacy Policy
1. Data Controller
[TODO: Company name]
Address: [TODO: Registered address]
Tax number: [TODO: Tax number]
Company registration: [TODO: Registration number]
Email: privacy@organisr.io
This Privacy Policy explains how organisr collects, uses, and protects your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Hungarian Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information.
2. Personal Data We Collect
Order and fulfillment data
- Full name
- Email address
- Shipping address (street, city, postal code, country)
- Order details (products, dimensions, quantities, price)
- Payment metadata (transaction ID, payment status — card numbers are handled exclusively by Stripe and never stored by us)
Account data (if registered)
- Email address
- Saved designs
- Order history
Usage data (with consent)
- Pages visited, time spent, referral source (analytics cookies)
3. Lawful Basis for Processing
| Processing purpose | Lawful basis | Retention period |
|---|---|---|
| Order fulfillment (name, address, order details) | Contract performance (Art. 6(1)(b) GDPR) | 5 years after order |
| Invoice data (name, address, tax info) | Legal obligation (Art. 6(1)(c) GDPR; Hungarian Accounting Act) | 8 years (statutory requirement) |
| Customer support correspondence | Legitimate interests (Art. 6(1)(f) GDPR) | 2 years after resolution |
| Marketing emails | Consent (Art. 6(1)(a) GDPR) | Until consent is withdrawn |
| Analytics cookies | Consent (Art. 6(1)(a) GDPR) | Until consent is withdrawn |
4. Data Processors
We share your data with the following processors solely to provide our service:
| Processor | Purpose | Location |
|---|---|---|
| Supabase Inc. | Database and authentication | EU (Frankfurt) |
| Stripe Inc. | Payment processing | EU / USA (SCCs) |
| [TODO: Szamlazz.hu or Billingo] | Invoice generation | Hungary |
| Resend Inc. | Transactional email | USA (SCCs) |
| Vercel Inc. | Hosting and edge delivery | EU / USA (SCCs) |
For transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission.
5. Your Rights
Under GDPR you have the following rights regarding your personal data:
- Right of access — request a copy of the data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure — request deletion (subject to legal retention obligations)
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — withdraw consent at any time for consent-based processing
To exercise any right, email privacy@organisr.io. We will respond within 30 days.
6. Right to Lodge a Complaint
You have the right to lodge a complaint with the Hungarian data protection authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9-11.
Phone: +36 1 391 1400
Email: ugyfelszolgalat@naih.hu
Website: www.naih.hu
7. Cookies
For detailed information about the cookies we use, please see our Cookie Policy.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by a prominent notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.