Privacy Policy

This document will explain how this organisation uses personal data in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

Under the GDPR “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Hereinafter all personal information is referred to as “personal data”.

This Privacy Policy applies to all personal data you provide to me and also to all personal data which I collect about you, either about how you use my website (using "cookies") or about your purchasing patterns if you make an order with me. 


  1. Who am I?

Viktória Petrányi sole trader 54023682 (registered at Nemes street 100/b. 1st floor, 4th door Budapest, 1188. Hungary; sole trader identification number: 54023682 tax number: 55359579-1-43 ) acts as a data controller. It means Viktória Petrányi decides how the personal data provided to me/us is processed and for what purposes.


  1. How to contact me?

In respect of data protection related questions, to exercise your rights or file a complaint, contact me at 


  1. How do I collect personal data?

I collect personal data from you when you register on our website, make a purchase, sign up for the newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features.

  1. Why do I collect personal data? (data processing purposes)

I collect and use your personal data for the following purposes:

  1. To process and fulfil your order. For this purpose I collect the following data: name, address, email address, phone number, billing address (When different from shipping address) 

  2. To communicate with you in case of any issues with the order fulfilment and to facilitate your engagement with our customer service team. For this purpose I collect the following data: name, email address, order details

  3. To send periodic emails to update you about the status of your order or other products and services. For this purpose I collect the following data: name, email address, order details

  4. To create your Nimfa account. For this purpose I collect the following data: name, email address, phone number

  5. To send you reminders on unfinished orders. For this purpose I collect the following data: name, email address, list of products left in your cart

  6. To send you newsletters and offers tailored to your interests and needs. For this purpose I collect the following data: name, email address, date of birth, country of residence, details of your  historical website behavior and purchase history

  7. To provide offers tailored to your preferences and improve our website to better serve your needs. For this purpose, I collect the following data: details of your historical searches and historical order details

  8. To tailor advertising to make our offers more relevant. For this purpose I collect the following data: email address, details of your historical searches and historical order details

  1. Where and for how long do we keep your personal data?

Your personal data is contained behind secured networks and is only accessible by me and the personal data is kept confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. All transactions are processed through a gateway provider and are not stored or processed on my servers.

I process your personal data for the time required consistent with the purposes set out in this Privacy Policy or for the period specified by the relevant regulations.

In the case of consent-based data processing (like email subscription), personal data will be processed until the consent is withdrawn.


  1. Legal basis of data processing

The legal basis of data processing activities indicated in point a)-e) of Section 4 of this document lies in Subsection (a) Paragraph (1) of Article 5 of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter the “Freedom of information Act”), i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (b) of the General Data Protection Regulation (Regulation No. 2016/679 of the European Parliament and of the Council) ("GDPR"), i.e. such processing activities are necessary for the performance of the contract or in order to take steps at the request of data, subject to entering into a contract.

The legal basis of data processing activities indicated in point f)-h) of Section 4 of this document lies in Subsection (a) Paragraph (1) of Article 5 and Subsection (a) Paragraph (2) of Article 5 of the Freedom of information Act, i.e. based on your consent, and commencing from 25 May 2018 also Article 6 (1) (a) and Article 9 (2) (a) of the GDPR, i.e. such processing activities will be based on your consent.


  1. Further processing of personal data

If I wish to use your personal data for a new purpose, not covered by this document, I will provide you with a new Privacy Policy, explaining all detail to the new processing. If required, I will seek your consent before commencing the new data processing activity

  1. What rights do you have for managing your personal data in line with the GDPR?

  1. Right to information - how to handle your personal information and what are your rights in this regard.

  2. Right of access - regarding that your personal data is being processed is there, and if so, it is entitled to us by us you have access to your personal data. This will allow you to verify your personal data privacy legislation.

  3. Right to rectify - you are entitled to request the correction or addition of inaccurate or incomplete personal information.

  4. Right to cancel - also known as "right to be forgotten" ensures that you can request the deletion of your personal data if they are not necessarily handled or otherwise.

  5. Right to restrict data management - you are entitled to restrict the continued handling of your personal information, in this case we will not treat your data except for storage.

  6. Right to data storage - you are eligible for certain personal information we manage to request a copy and submit them to another data handler forward.

  7. Right to protest - you are entitled to object to certain data manipulations (eg. direct marketing).

  8. Automated decision-making and profiling rights - you are entitled to request that I do not have legal or other significant consequences for you to decide on your own decision-making based solely on automated processing (including profiling).

  1. How do I protect your personal data?

My website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to my site as safe as possible.

Your personal data is contained behind secured networks and is only accessible by me and I keep the personal data confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

I implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal data.

All transactions are processed through a gateway provider and are not stored or processed on my servers.


  1. Sharing your personal data

Nimfa, in the course of its operation may utilise the services of various data processors and external service providers to handle and process your personal data for specific purposes, on behalf of and in accordance with the instructions of Nimfa.

The data processors shall process the personal data at most as long as the term of the data processing contract concluded with them is valid and in force, or until they are required to keep your data under the applicable data retention laws.

I may disclose your personal data to the following categories of third parties for the purposes described below:

  1. Shipping service providers to deliver the product you purchased on my website

  2. Credit card companies, payment service providers to process the payments you initiated on my website

  3. Email service provider platform, in order to facilitate communication with you after purchase and to send you newsletter based on your consent

  4. IT supporting services

  5. Other third party service providers involved by me for data processing

Cookies In Use on This Site

Cookies and how they benefit you

Our website uses cookies, as almost all websites do, to help provide you with the best experience we can. Cookies are small text files that are placed on your computer or mobile phone when you browse websites., stores the information, to create the best and easiest shopping experience for you, tailored to your needs.

My cookies help me:

  • Make my website work as you'd expect and provide brilliant experiences

  • Remember your settings during and between visits

  • Improve the speed/security of the site

  • Continuously improve my website for you

  • Make my marketing more efficient

We do not use cookies to:

  • Collect any personally identifiable information (without your express permission)

  • Collect any sensitive information

  • Pass personally identifiable data to third parties

You can learn more about all the cookies I use below

Granting us permission to use cookies

If your device and software (the browser) is set to allow accepting cookies we take this, and your continued use of our website, to mean that you are fine with this. Should you wish to remove or not use cookies from our site you can learn how to do this below, however doing so will likely mean that our site will not work as you would expect.


More about our Cookies

Website Function Cookies

Our own cookies

We use cookies to make our website work including:

  • Making our shopping basket and checkout work

  • Remembering your settings

  • Remembering if you have accepted our terms and conditions

  • Showing you which pages you have recently visited

There is no way to prevent these cookies being set other than to not use our site.

Third party functions

Our site, like most websites, includes functionality provided by third parties. A common example is an embedded YouTube or Vimeo video. Our site includes the cookies listed below following.

Disabling these cookies will likely break the functions offered by these third parties therefore we recommend you allowing these. 

Visitor Statistics Cookies

I use cookies to compile visitor statistics such as how many people have visited my website, what type of technology they are using (e.g. Mac or Windows which helps to identify when my site isn't working as it should for particular technologies), how long they spend on the site, what page they look at etc. This helps me to continuously improve my website. These so called “analytics” programs also tell me how people reached this site (e.g. from a search engine).

Advertising Cookies

Cookies are widely used in online advertising. Neither I, advertisers or our advertising partners can gain personally identifiable information from these cookies. 


You can learn more about online advertising at opt-out of almost all advertising cookies at It is also worth noting that opting out of advertising cookies will not mean you won't see adverts, just simply that they won't be tailored to you any longer.


Remarketing Cookies

You may notice that sometimes after visiting a site you see increased numbers of adverts from the site you visited. This is because advertisers, including myself pay for these adverts. The technology to do this is made possible by cookies and as such the site I use to offer you a webshop, may place a so called “remarketing cookie” during your visit. uses these adverts to offer special offers etc to encourage you to come back to my site. I am unable to proactively reach out to you as the whole process is entirely anonymised. You can opt out of these cookies at anytime as explained below. 


Examples where and how your data is used through


  1. Payment


Your payment is secure by SSL technology and data is not stored on my servers.


You have 2 options when you are about to pay. Check out with Paypal, deposit the price directly on pay with cash when meeting in person.


  1. Log in

Facebook and gmail logins are enabled


  1. Placing and order

After placing an order, Nimfa can only see delivery and billing address, order details, quantity, so only the necessary information for completing the delivery.


  1. Contact page


In the contact section you can send me a message. To do so, I ask for your First name, Last Name, Email and phone number in order to be able to reach out for you and respond to your message.




Everyone who would like to be a member, can fill out the member signup form. 


For this, First name, Last name, Email address and password are necessary.

So you can log into your personal account to make your shopping more convenient. 


You can sign up to create this member page in case you read and accepted the terms & conditions and the privacy policy. 


You also have the option to subscribe to the newsletter for useful information. 


The Recaptcha test allows me to protect the site from robots, with clicking this box, you will assure me, that you are a human being who decided to use the site. 


None of these boxes are compulsory, in case you do not agree with the terms and conditions or the privacy policy, you can decide not to use the site. In this case, you can not create your member account.




This Shopify template has Member pages for those who signed up. These member pages are the following:


6.1 My Wallet


Here you can see and securely save your credit and debit card (all in all payment) details for faster checkout.


The My Wallet feature allows customers to save their credit card information securely so they can complete future transactions without re-entering their details. 


How does it work?

When a customer who is logged into the site gets to the checkout page, they see their personal details (name, email, address and phone number) filled in. If a customer has an account but is not logged in, they are prompted to do so.


When a logged in customer enters credit card details for the first time, they can choose to save their credit card details. 


What happens when a customer with a saved card makes another purchase?

When a customer who saved a card returns, they can select their saved card as a payment option.


Where can you view and make changes to your saved cards?

The My Wallet page is where you can manage your saved cards. 


In the My Wallet page, customers can:


  • View saved credit cards

  • Remove saved credit cards

  • Set a card as default

Customers can access their My Wallet page by logging in and selecting it from their personal drop-down menu.



  • The My Wallet page is private. Each customer see only their own information.


6.2. My Addresses


The My Addresses page lets repeat customers complete transactions quickly and easily by selecting addresses they've already used.

Customers can access their My Addresses page by logging in and selecting it from their personal drop-down menu.


In the My Addresses page, site visitors can:


  • View and update addresses that were automatically saved

  • Manually add new addresses and delete outdated ones

  • Select a default address



These pages are private. Customers only see their own addresses.


6.3. My Orders


In this member page you can check the status of your orders or browse through your past purchases.


You can see the date, the order, status and the total price. 


Using the drop down icon, customers can view the details of the order.


6.4 My account


In this member page section you can view and edit your personal info, like your first name, last name, contact email and phone number.


Turning Cookies Off

At any time, you have the option to accept or decline the use of cookies by changing your browser settings. On most browsers, the “Help” portion of the toolbar will tell you how to prevent it from accepting cookies, how to have it notify you when you receive cookies or how to disable cookies altogether.

Be aware that disabling cookies will affect the functionality of this website and the experience you’ll have. Disabling cookies will result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies.

Opting out:

Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. - See more at:

According to CalOPPA, I agree to the following:

Users can visit my site anonymously.

Once this privacy policy is created, I will add a link to it on my home page or as a minimum, on the first significant page after entering my website.

My Privacy Policy link includes the word 'Privacy' and can easily be found on the page specified above.

  • On my Privacy Policy page

Can change your personal information:

  • By emailing me at


How does my site handle Do Not Track signals?

I honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.


Does my site allow third-party behavioral tracking?

It's also important to note that I allow third-party behavioral tracking

COPPA (Children Online Privacy Protection Act

When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

I do not specifically market to children under the age of 13 years old.


Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices I will take the following responsive action, should a data breach occur:

I will notify you via email

  • Within 7 business days

I also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.



The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

I collect your email address in order to:

  • Send information, respond to inquiries, and/or other requests or questions

To be in accordance with CANSPAM, I agree to the following:

  • Not use false or misleading subjects or email addresses.


If at any time you would like to unsubscribe from receiving future emails, you can email me at and I will promptly remove you from ALL correspondence.


Contacting Me

If there are any questions regarding this privacy policy, you may contact us using the information below.


You may request information, data correction, deletion, blocking, refusal of data protection, refusal of data protection, refusal of access to personal data, violation of your rights, claim for damages and damages or complain to the data protection authority at Hungarian National Privacy Authority 

Registration number: 25/2555-2/2019.

22/c Szilágyi Erzsébet fasor 

Budapest 1122, Hungary

+36 1 391 1400