This document will explain how this organisation uses personal data in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
Under the GDPR “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Hereinafter all personal information is referred to as “personal data”.
Who am I?
Viktória Petrányi sole trader 54023682 (registered at Nemes street 100/b. 1st floor, 4th door Budapest, 1188. Hungary; sole trader identification number: 54023682 tax number: 55359579-1-43 ) acts as a data controller. It means Viktória Petrányi decides how the personal data provided to me/us is processed and for what purposes.
How to contact me?
In respect of data protection related questions, to exercise your rights or file a complaint, contact me at
How do I collect personal data?
I collect personal data from you when you register on our website, make a purchase, sign up for the newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features.
Why do I collect personal data? (data processing purposes)
I collect and use your personal data for the following purposes:
To process and fulfil your order. For this purpose I collect the following data: name, address, email address, phone number, billing address (When different from shipping address)
To communicate with you in case of any issues with the order fulfilment and to facilitate your engagement with our customer service team. For this purpose I collect the following data: name, email address, order details
To send periodic emails to update you about the status of your order or other products and services. For this purpose I collect the following data: name, email address, order details
To create your Nimfa account. For this purpose I collect the following data: name, email address, phone number
To send you reminders on unfinished orders. For this purpose I collect the following data: name, email address, list of products left in your cart
To send you newsletters and offers tailored to your interests and needs. For this purpose I collect the following data: name, email address, date of birth, country of residence, details of your historical website behavior and purchase history
To provide offers tailored to your preferences and improve our website to better serve your needs. For this purpose, I collect the following data: details of your historical searches and historical order details
To tailor advertising to make our offers more relevant. For this purpose I collect the following data: email address, details of your historical searches and historical order details
Where and for how long do we keep your personal data?
Your personal data is contained behind secured networks and is only accessible by me and the personal data is kept confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. All transactions are processed through a gateway provider and are not stored or processed on my servers.
In the case of consent-based data processing (like email subscription), personal data will be processed until the consent is withdrawn.
Legal basis of data processing
The legal basis of data processing activities indicated in point a)-e) of Section 4 of this document lies in Subsection (a) Paragraph (1) of Article 5 of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter the “Freedom of information Act”), i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (b) of the General Data Protection Regulation (Regulation No. 2016/679 of the European Parliament and of the Council) ("GDPR"), i.e. such processing activities are necessary for the performance of the contract or in order to take steps at the request of data, subject to entering into a contract.
The legal basis of data processing activities indicated in point f)-h) of Section 4 of this document lies in Subsection (a) Paragraph (1) of Article 5 and Subsection (a) Paragraph (2) of Article 5 of the Freedom of information Act, i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (a) and Article 9 (2) (a) of the GDPR, i.e. such processing activities will be based on your consent.
Further processing of personal data
What rights do you have for managing your personal data in line with the GDPR?
Right to information - how to handle your personal information and what are your rights in this regard.
Right of access - regarding that your personal data is being processed is there, and if so, it is entitled to us by us you have access to your personal data. This will allow you to verify your personal data privacy legislation.
Right to rectify - you are entitled to request the correction or addition of inaccurate or incomplete personal information.
Right to cancel - also known as "right to be forgotten" ensures that you can request the deletion of your personal data if they are not necessarily handled or otherwise.
Right to restrict data management - you are entitled to restrict the continued handling of your personal information, in this case we will not treat your data except for storage.
Right to data storage - you are eligible for certain personal information we manage to request a copy and submit them to another data handler forward.
Right to protest - you are entitled to object to certain data manipulations (eg. direct marketing).
Automated decision-making and profiling rights - you are entitled to request that I do not have legal or other significant consequences for you to decide on your own decision-making based solely on automated processing (including profiling).
How do I protect your personal data?
My website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to my site as safe as possible.
Your personal data is contained behind secured networks and is only accessible by me and I keep the personal data confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
I implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal data.
All transactions are processed through a gateway provider and are not stored or processed on my servers.
Sharing your personal data
Nimfa, in the course of its operation may utilise the services of various data processors and external service providers to handle and process your personal data for specific purposes, on behalf of and in accordance with the instructions of Nimfa.
The data processors shall process the personal data at most as long as the term of the data processing contract concluded with them is valid and in force, or until they are required to keep your data under the applicable data retention laws.
I may disclose your personal data to the following categories of third parties for the purposes described below:
Shipping service providers to deliver the product you purchased on my website
Credit card companies, payment service providers to process the payments you initiated on my website
Email service provider platform, in order to facilitate communication with you after purchase and to send you newsletter based on your consent
IT supporting services
Other third party service providers involved by me for data processing
Cookies In Use on This Site
Cookies and how they benefit you
My cookies help me:
Make my website work as you'd expect and provide brilliant experiences
Remember your settings during and between visits
Improve the speed/security of the site
Continuously improve my website for you
Make my marketing more efficient
Collect any personally identifiable information (without your express permission)
Collect any sensitive information
Pass personally identifiable data to third parties
You can learn more about all the cookies I use below
More about our Cookies
Website Function Cookies
Our own cookies
Making our shopping basket and checkout work
Remembering your settings
Remembering if you have accepted our terms and conditions
Showing you which pages you have recently visited
There is no way to prevent these cookies being set other than to not use our site.
Third party functions
Our site, like most websites, includes functionality provided by third parties. A common example is an embedded YouTube or Vimeo video. Our site includes the cookies listed below following.
Disabling these cookies will likely break the functions offered by these third parties therefore we recommend you allowing these.
Visitor Statistics Cookies
Cookies are widely used in online advertising. Neither I, advertisers or our advertising partners can gain personally identifiable information from these cookies.
You can learn more about online advertising at can opt-out of almost all advertising cookies at It is also worth noting that opting out of advertising cookies will not mean you won't see adverts, just simply that they won't be tailored to you any longer.
You may notice that sometimes after visiting a site you see increased numbers of adverts from the site you visited. This is because advertisers, including myself pay for these adverts. The technology to do this is made possible by cookies and as such the site I use to offer you a webshop, wix.com may place a so called “remarketing cookie” during your visit. Wix.com, uses these adverts to offer special offers etc to encourage you to come back to my site. I am unable to proactively reach out to you as the whole process is entirely anonymised. You can opt out of these cookies at anytime as explained below.
Examples where and how your data is used through wix.com
Your payment is secure by SSL technology and data is not stored on my servers.
You have 2 options when you are about to pay Check out with Paypal Or checkout with Braintree that supports several debit and credit cards.
Facebook and gmail logins are enabled
Placing and order
After placing an order, Nimfa can only see delivery and billing address, order details, quantity, so only the necessary information for completing the delivery.
In the contact section you can send me a message. To do so, I ask for your First name, Last Name, Email and phone number in order to be able to reach out for you and respond to your message.
Everyone who would like to be a member, can fill out the member signup form.
For this, First name, Last name, Email address and password are necessary.
So you can log into your personal account to make your shopping more convenient.
You also have the option to subscribe to the newsletter for useful information.
The Recaptcha test allows me to protect the site from robots, with clicking this box, you will assure me, that you are a human being who decided to use the site.
This Wix template has Member pages for those who signed up. These member pages are the following:
6.1 My Wallet
Here you can see and securely save your credit and debit card (all in all payment) details for faster checkout.
The My Wallet feature allows customers to save their credit card information securely so they can complete future transactions without re-entering their details.
How does it work?
When a customer who is logged into the site gets to the checkout page, they see their personal details (name, email, address and phone number) filled in. If a customer has an account but is not logged in, they are prompted to do so.
When a logged in customer enters credit card details for the first time, they can choose to save their credit card details.
What happens when a customer with a saved card makes another purchase?
When a customer who saved a card returns, they can select their saved card as a payment option or choose Credit / Debit Card to enter a new card.
Where can you view and make changes to your saved cards?
The My Wallet page is where you can manage your saved cards.
In the My Wallet page, customers can:
View saved credit cards
Remove saved credit cards
Set a card as default
Customers can access their My Wallet page by logging in and selecting it from their personal drop-down menu.
The My Wallet page is private. Each customer see only their own information.
6.2. My Addresses
The My Addresses page lets repeat customers complete transactions quickly and easily by selecting addresses they've already used.
Customers can access their My Addresses page by logging in and selecting it from their personal drop-down menu.
In the My Addresses page, site visitors can:
View and update addresses that were automatically saved
Manually add new addresses and delete outdated ones
Select a default address
These pages are private. Customers only see their own addresses.
6.3. My Orders
In this member page you can check the status of your orders or browse through your past purchases.
You can see the date, the order, status and the total price.
Using the drop down icon, customers can view the details of the order.
6.4 My account
In this member page section you can view and edit your personal info, like your first name, last name, contact email and phone number.
Turning Cookies Off
Be aware that disabling cookies will affect the functionality of this website and the experience you’ll have. Disabling cookies will result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies.
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.
California Online Privacy Protection Act
According to CalOPPA, I agree to the following:
Users can visit my site anonymously.
Can change your personal information:
By emailing me
How does my site handle Do Not Track signals?
I honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does my site allow third-party behavioral tracking?
It's also important to note that I allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act
When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
I do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices I will take the following responsive action, should a data breach occur:
I will notify you via email
Within 7 business days
I also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
I collect your email address in order to:
Send information, respond to inquiries, and/or other requests or questions
To be in accordance with CANSPAM, I agree to the following:
Not use false or misleading subjects or email addresses.
If at any time you would like to unsubscribe from receiving future emails, you can email me at and I will promptly remove you from ALL correspondence.
You may request information, data correction, deletion, blocking, refusal of data protection, refusal of data protection, refusal of access to personal data, violation of your rights, claim for damages and damages or complain to the data protection authority at Hungarian National Privacy Authority
Registration number: 25/2555-2/2019.
22/c Szilágyi Erzsébet fasor
Budapest 1122, Hungary
+36 1 391 1400