Privacy Policy

This Privacy Notice is adopted for the purpose of providing all essential information and explanations, in a concise, transparent, intelligible, and easily accessible form, using clear and plain language, to natural persons using our services and to the representatives of legal persons (hereinafter collectively referred to as the “Users”, as used throughout this Notice to designate all data subjects referred to herein). The purpose of this Privacy Notice is also to assist Users in exercising their rights set out in Section 4 below. Our services are available on the website stablethoughts.org (hereinafter referred to as the “Website”).

Our obligation to provide this information is based on Article 12 of Regulation (EU) 2016/679 of the European Parliament and of the Council, applicable as of 25 May 2018 (hereinafter: the “GDPR”); Section 16 of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: the “Infotv.”); and Section 4 of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (hereinafter: the “E-Commerce Act”).

This Privacy Notice has been prepared in consideration of the provisions of the GDPR, the Infotv., and other applicable legislation relevant to the specific data processing activities.

In drafting and applying this Privacy Notice, we have acted in accordance with the findings set out in the recommendation of the National Authority for Data Protection and Freedom of Information (NAIH) concerning the data protection requirements for prior information, and with due regard to Article 5 of the GDPR, in particular to the principle of accountability set out in Article 5(2).

We also closely follow the practice of the European Union regarding the protection of personal data; accordingly, we incorporate into our data processing practices the principles set out in the Guidelines on Transparency issued by the Article 29 Working Party of the European Commission.

Details of Data Controller

Name: Ábrahám Balázs István EV

Registered seat: 1239 Budapest, Szamaránszki D L 195716/1.

Registration number: 60756264

Tax number: 91272348-1-43

E-mail address: funofthoughts@gmail.com

Telephone number: +49175 9788221

Data Protection Officer’s (DPO) name: Dr. Miklós Péter

DPO’s e-mail address: dmp@dmp.hu

Data processing processes

This section sets out the essential circumstances pertaining to each data processing activity, as required of all data controllers under the GDPR and other relevant sectoral legislation.

1. Processing of Personal Data in Connection with the Distribution of Newsletters

In order to provide up-to-date information to visitors of our Website, Users may subscribe to our newsletter. The processing of personal data in connection with this activity is governed by the following provisions:

1. 1. Processed Personal Data and Purpose of Processing

Personal Data

Purpose of Processing

Legal Basis for Processing

Name

To enable us to address the User personally in our newsletter communications.

The User’s consent (Article 6(1)(a) of the GDPR)

E-mail address

To identify the User’s electronic contact details to which our newsletter can be sent.

The User’s consent (Article 6(1)(a) of the GDPR)

1. 1. Legal basis for Data Processing

The User’s consent (Article 6(1)(a) of the GDPR) and Section 6(1) of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (hereinafter: the “Advertising Act”).

1. 1. Duration of Data Processing

The personal data provided shall be processed until the withdrawal of consent. The User may withdraw their consent at any time by clicking the “Unsubscribe” link included in each message sent. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.

1. 1. Method of Data Processing

In electronic form.

1. Processing for the purpose of contact and communication

Users may contact us for any purpose through our Website. They also have the option to communicate with us via online chat. In addition, we process the personal data of contact persons of our business partners in the course of our operations. The details of the data processing related to these activities are set out below.

1. 1. Processed Personal Data and Purpose of Processing

Personal Data

Purpose of Processing

Legal Basis for Processing

Name

Identification of the User or of the contact person of our business partner.

The User’s consent (Article 6(1)(a) of the GDPR). For business partners: legitimate interest (Article 6(1)(f) of the GDPR).

E-mail address

Establishing and maintaining contact with the User or with the contact person of our business partner.

The User’s consent (Article 6(1)(a) of the GDPR). For business partners: legitimate interest (Article 6(1)(f) of the GDPR).

1. 1. Legal basis for Data Processing

The User’s consent to the processing of their personal data for the purpose specified in Section 3.2.1 is deemed to be granted through their voluntary and explicit act of contacting us (for example, by sending an e-mail), in accordance with Article 6(1)(a) of the GDPR.

If the User’s personal data are to be used for a purpose other than that for which they were originally collected, the User shall be informed thereof in advance, and their prior, explicit consent shall be obtained, or the User shall be given the opportunity to object to such use (see Section 9.1).

The personal data of the contact persons of our business partners are processed on the basis of the legitimate interest of both the Controller and our business partners, pursuant to Article 6(1)(f) of the GDPR. Both parties have a legitimate interest in ensuring effective business communication in connection with the use of the Website and during partner consultations, and in being able to inform each other’s designated representatives of any circumstances materially affecting the contracts concluded between them. The processing of such data does not infringe the contact person’s right to informational self-determination, as it forms part of their professional or contractual duty to facilitate communication between the parties and to provide their personal data for this purpose. The contact person of our business partner has the right to object to such processing.

1. 1. Duration of Data Processing

The personal data provided shall be processed until the withdrawal of consent. The User may withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.

The personal data of the contact persons of our business partners shall be processed for as long as necessary for communication purposes and for the period permitted by the relevant legal provisions — namely, five (5) years from the performance or termination of the contract pursuant to Act V of 2013 (the Civil Code), and eight (8) years from the issuance of the invoice pursuant to Act C of 2000 on Accounting.

1. 1. Method of Data Processing

In electronic form.

1. Processing of Personal Data Related to Subscriptions

Ticket purchases are available only after registration on our Website. The data processing activities related to registration are described in this section.

1. 1. Processed Personal Data and Purpose of Processing

Personal Data

Purpose of Processing

Legal Basis of Processing

Name

During registration, we use the name provided to identify the registered Users, as registration is a prerequisite for purchasing tickets

Performance of the Contract (Article 6 (1) (b) GDPR)

In the case of registration of a contact person of a legal entity, legitimate interest (Article 6(1)(f) GDPR)

E-mail address

Communication with the registered User and confirmation of the completion of registration

Performance of the Contract (Article 6 (1) (b) GDPR)

In the case of registration of a contact person of a legal entity, legitimate interest (Article 6(1)(f) GDPR)

Password

Performing technical operations

Performance of the Contract (Article 6 (1) (b) GDPR)

In the case of registration of a contact person of a legal entity, legitimate interest (Article 6(1)(f) GDPR)

1. 1. Legal Basis for Data Processing

Performance of the Contract between the Data Controller and the User (Article 6 (1) (b) of the GDPR).

In the case of the registration of a contact person of a legal entity, the legal basis for processing the above personal data is the legitimate interest of both the controller and the legal entity (Article 6(1)(f) GDPR). Both parties have a legitimate interest in ensuring effective business communication during and after registration, and in being able to inform each other’s designated representatives of any material circumstances relating to the contract concluded between them. The processing of the contact person’s personal data does not infringe their right to informational self-determination, as it constitutes a job-related or contractual obligation aimed at facilitating communication between the parties.

1. 1. Duration of Data Processing

Until deletion is requested by the User. If the User does not use their account, the profile will be deleted after a period of 5 years following the last purchase.

1. 1. Method for Data Processing

In electronic form.

1. Processing of Personal Data in Connection with Orders

Through our Website, Users have the option to order tickets in accordance with the provisions set out in the General Terms and Conditions. The data processing activities related to such orders are described in this section.

1. 1. Processed Personal Data and Purpose of Processing

Personal Data

Purpose of Processing

Legal Basis for Processing

Name

To identify the person placing the order during the performance of the contract.

Performance of a contract (Article 6(1)(b) of the GDPR)

For legal person clients: legitimate interest (Article 6(1)(f) of the GDPR)

E-mail address

To maintain contact with the purchaser and provide information regarding the details of the order.

Performance of a contract (Article 6(1)(b) of the GDPR)

For legal person clients: legitimate interest (Article 6(1)(f) of the GDPR)

Bank card number

Required for the verification of payment settlement in the case of payment by bank card.

Performance of a contract (Article 6(1)(b) of the GDPR)

1. 1. Legal Basis for Data Processing

The legal basis for processing is the performance of a contract concluded between the Controller and the User (Article 6(1)(b) of the GDPR).

Where the purchaser is a legal person, the legal basis for processing the personal data of its contact person is the legitimate interest of both the Controller and the purchaser (Article 6(1)(f) of the GDPR). Both parties have a legitimate interest in ensuring effective business communication throughout the ordering process and in being able to inform each other’s designated representatives of any circumstances materially affecting the contract concluded between them. The processing of the contact person’s personal data does not infringe their right to informational self-determination, as providing such data and facilitating communication between the Parties form part of their professional or contractual duties.

1. 1. Duration of Data Processing

The personal data shall be retained for eight (8) years following the issuance of the accounting document based on the contract, in accordance with Section 169(1), having regard to Section 166(6) of Act C of 2000 on Accounting.

Personal data not required for the fulfilment of accounting obligations shall be retained for five (5) years following the performance of the order, for the purposes set out above, in accordance with Section 6:22(1) of Act V of 2013 on the Civil Code.

1. 1. Method of Data Processing

In electronic form.

1. 1. Provision of Personal Data

In view of the fact that the personal data referred to in this section are necessary for the fulfilment of orders, the provision of such personal data is necessary for entering into and performing the contract.

1. Processing of Personal Data in Connection with the Issuance of Invoices

Following the completion of orders, an accounting document is issued in accordance with the provisions of Act C of 2000 on Accounting (hereinafter: the Accounting Act). The details of the data processing related to this activity are set out below.

1. 1. Processed Personal Data and Purpose of Processing

Personal Data

Purpose of Processing

Legal Basis for Processing

Name

To substantiate the accounting of the economic event (performance of the order).

Processing based on a legal obligation (Article 6(1)(c) of the GDPR), in accordance with Section 5(1)(b) of Infotv. and Sections 166(1)–(3) of Accounting Act

Address/Registered office of sole trader (including postal code, city, street and house number)

To substantiate the accounting of the economic event (performance of the order).

Processing based on a legal obligation (Article 6(1)(c) of the GDPR), in accordance with Section 5(1)(b) of Infotv. and Sections 166(1)–(3) of the Accounting Act

Tax number of Sole Trader

To substantiate the accounting of the economic event (performance of the order).

Processing based on a legal obligation (Article 6(1)(c) of the GDPR), in accordance with Section 5(1)(b) of Infotv. and Sections 166(1)–(3) of the Accounting Act

1. 1. Legal Basis for Data Processing

Processing based on a legal obligation (pursuant to Article 6(1)(c) of the GDPR and having regard to Section 5(1)(b) of Infotv. and Sections 166(1)–(3) of Accounting Act).

1. 1. Duration of Data Processing

For eight (8) years following the issuance of the accounting document (in accordance with Section 169(1), having regard to Section 166(6) of Accounting Act).

1. 1. Method of Data Processing

In electronic form.

The accounting document issued in electronic form shall be retained in compliance with the provisions of the legislation governing digital archiving, in such a manner that the method applied ensures the reproducibility of all data contained in the document without delay, its continuous readability, and prevents any subsequent modification.

1. 1. Provision of Personal Data

In view of the fact that the personal data referred to in this section are required for the issuance of an accounting document, the provision of such personal data is based on a legal obligation.

1. Processing of Personal Data in Connection with Complaint Management

Users may contact us by e-mail in order to submit inquiries or to request the examination of complaints. The details of the data processing related to this activity are set out below.

1. 1. Processed Personal Data and Purpose of Processing

Personal Data

Purpose of Processing

Legal Basis of Processing

Name

Identification of the User.

Processing based on a legal obligation, pursuant to Article 6(1)(c) and (2) of the GDPR, Section 5(1)(b) of Infotv., and Act CLV of 1997 on Consumer Protection

E-mail address

Maintaining contact and providing information to the User.

Processing based on a legal obligation, pursuant to Article 6(1)(c) and (2) of the GDPR, Section 5(1)(b) of Infotv., and Act CLV of 1997 on Consumer Protection

1. 1. Legal basis for Data Processing

Processing based on a legal obligation, pursuant to Article 6(1)(c) and (2) of the GDPR, having regard to Section 5(1)(b) of Infotv. and Act CLV of 1997 on Consumer Protection (Fgytv.)

1. 1. Duration of Data Processing

For three (3) years from the receipt of the complaint, in accordance with Section 17/A(7) of Fgytv.

1. 1. Method of Data Processing

In electronic form.

1. Processing in Connection with the Administration of Warranty Claims

If, due to a defect in a movable item sold, the User asserts a claim for the statutory guarantee of conformity under the Civil Code (hereinafter: the “Guarantee Claim”), we are required to draw up a record pursuant to Government Decree No. 19/2014 (IV.29.) of the Ministry for National Economy on the procedural rules for the administration of guarantee claims relating to goods sold under a contract between a consumer and a business (hereinafter: the “NGM Decree”). The details of the data processing related to this activity are set out below.

1. 1. Processed Personal Data and Purpose of Processing

Personal Data

Purpose of Processing

Legal Basis for Processing

Name

Identification of the User and preparation of the record.

Processing based on a legal obligation, pursuant to Article 6(1)(c) and (2) of the GDPR, Section 5(1)(b) of Infotv., and Section 4(1) of the NGM Decree

Address

Identification of the User and preparation of the record.

Processing based on a legal obligation, pursuant to Article 6(1)(c) and (2) of the GDPR, Section 5(1)(b) of Infotv., and Section 4(1) of the NGM Decree

Information concerning the User’s consent to data processing

Preparation of the record.

Processing based on a legal obligation, pursuant to Article 6(1)(c) and (2) of the GDPR, Section 5(1)(b) of Infotv., and Section 4(1) of the NGM Decree

1. 1. Legal basis for Data Processing

Processing based on a legal obligation, pursuant to Article 6(1)(c) and (2) GDPR, Section 5(1)(b) Infotv., and Section 4(1) NGM Decree.

1. 1. Duration of Data Processing

For three (3) years from the preparation of the record, in accordance with Section 4(1) and (6) NGM Decree.

1. 1. Method of Data Processing

In electronic form.

Rights of Data Subjects

We consider it essential that our data processing activities comply with the principles of fairness, lawfulness, and transparency. In this regard, this section provides a brief overview of the individual rights of data subjects.

Our Users may request information, access, and a copy of their personal data processed by us, free of charge, and — in the cases provided for by law — may request the rectification, erasure, restriction of processing, or blocking of such data, and may object to the processing of their personal data. Requests for information or any of the rights described in this section may be submitted to us using the contact details provided in Section 2.

1. Right of Access

The User has the right to receive confirmation from us as to whether their personal data are being processed and, where that is the case, to access such personal data and information concerning the details of their processing. The User is also entitled to obtain a copy of the personal data processed by us.

1. Right of Rectification

Upon the User’s request, we shall rectify any inaccurate personal data concerning them without undue delay. The User is also entitled to request the completion of incomplete personal data, including by means of providing a supplementary statement.

1. Right to Erasure

At the User’s request, we shall erase the personal data concerning them where the processing of such data is no longer necessary, or where the User has withdrawn their consent, objected to the processing, or where the processing is otherwise unlawful.

1. Right to Be Forgotten

Where the User so requests, we shall make reasonable efforts to inform any data controllers of the User’s request for erasure to whom the User’s personal data have been, or may have been, made public.

1. Right to Restriction of Processing

Upon the User’s request, we shall restrict the processing of personal data where the accuracy of the data is contested, where the processing is unlawful, where the User objects to the processing, or where we no longer require the personal data provided.

1. Right to Data Portability

The User has the right to receive the personal data concerning them, which they have provided to us, in a structured, commonly used and machine-readable format, and to transmit those data to another controller.

1. Right to Object

The User has the right, on grounds relating to their particular situation, to object at any time to the processing of their personal data based on legitimate interest (see Sections 3.3 and 3.4). In such cases, we shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the User, or which are related to the establishment, exercise, or defence of legal claims. In the event of an objection, the personal data shall, as a general rule, no longer be processed for that purpose.

1. Response to Requests

We shall examine the request as soon as possible after its submission, but no later than 30 days — or 15 days in the case of an objection — and shall take a decision regarding its merits. The User shall be notified of the decision in writing. Where the User’s request is not granted, our decision shall include the factual and legal grounds for the refusal

1. Remedies

We consider the protection of personal data and the respect for the User’s right to informational self-determination to be of fundamental importance. Accordingly, we endeavour to respond to all requests fairly and within the prescribed time limits. In this context, we kindly ask Users to contact us first, in order to submit any complaints or questions, before resorting to any administrative or judicial remedies, so that any concerns may be resolved as swiftly as possible.

If the User’s request does not lead to a satisfactory outcome, the User may

Seek judicial remedy under Act V of 2013 on the Civil Code. The User may bring proceedings before the competent regional court having jurisdiction over their place of residence or habitual residence. A list of regional courts and their contact details is available at: http://birosag.hu/torvenyszekek. Furthermore,

Lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH), in accordance with the provisions of the Infotv. Address: 1055 Budapest, Falk Miksa utca 9–11. Postal address: 1363 Budapest, Pf.: 9. Telephone: +36-1-391-1400 Fax: +36-1-391-1410 E-mail: ugyfelszolgalat@naih.hu Website: https://naih.hu/

Procedure Relating to the Exercise of Data Subject Rights

1. Notification of Recipients

We shall notify all recipients to whom the User’s personal data have been disclosed of any rectification, erasure, or restriction of processing, unless this proves impossible or would involve a disproportionate effort. Upon the User’s request, we shall provide information concerning those recipients.

1. Manner and Timeframe for Providing Information

We shall inform the User, in electronic form (unless otherwise requested by the User), of the measures taken pursuant to the requests referred to in Section 4 within one month of receipt of the request. Where necessary — taking into account the complexity of the request and the number of requests — this period may be extended by a further two months. We shall notify the User of any such extension, together with the reasons for the delay, within one month of receiving the request.

Upon the User’s request, information may also be provided orally, provided that the User’s identity has been verified by other means.

If no action is taken on the request, we shall inform the User within one month of receipt of the request of the reasons for not taking action, and of the User’s right to lodge a complaint with the NAIH and to seek judicial remedy (see Section 4.9).

1. Verification

In exceptional cases, where we have reasonable doubts concerning the identity of the natural person submitting the request, we may request the provision of additional information necessary to confirm their identity. This measure is taken to ensure the confidentiality of processing, as defined in Article 5(1)(f) GDPR, and to prevent unauthorised access to personal data.

1. Costs of Providing Information and Taking Action

Information provided and measures taken in response to requests under Section 4 shall be free of charge.

Where a User’s request is manifestly unfounded or excessive, in particular because of its repetitive character, we may — taking into account the administrative costs of providing the requested information, communication, or action — either charge a reasonable fee or refuse to act on the request.

Personal Data Recipients and Data Processors

1. In connection with the operation of the Website

Our Website has been developed using the wix.com website builder platform. During the use of the Website, the hosting service provider, acting as a data processor, may have access to the personal data provided.

Name: wix.com

Contact: https://support.wix.com/en

1. In connection with payment of the order fee

The fee for the order may be paid through the interface of a banking service provider, acting as a data processor. The data processor’s details are as follows:

Name: PayPal Inc.

Contact: enquiry@paypal.com

1. In connection with the issuance of invoices

For invoicing purposes, the data processor engaged by us may have access to the personal data provided by the Users for this purpose. The data processor’s details are as follows.

Name: KBOSS.hu Kft.

Contact: https://www.szamlazz.hu/

Data Security

Taking into account the state of the art, the cost of implementation, as well as the nature, scope, context, and purposes of processing and the risk of varying likelihood and severity to the rights and freedoms of natural persons, we implement, both at the time of determining the means of processing and during the processing itself, appropriate technical and organisational measures — such as pseudonymisation — designed to effectively apply data protection principles, such as data minimisation, and integrate the necessary safeguards into the processing in order to meet the requirements of the GDPR and protect the rights of the data subjects.

1. Organisational measures

Access to our IT systems is granted on the basis of personally assigned authorisations. When assigning access rights, we apply the principle of least privilege, meaning that our IT systems and services may only be used by each employee to the extent necessary for the performance of their duties, with the corresponding authorisations, and for the required duration. Access rights to IT systems and services are granted only to individuals who are not subject to any restrictions for security or other reasons (e.g., conflicts of interest) and who possess the professional, business, and information security knowledge required for their secure use.

1. Technical measures

With the exception for the data stored by our data processors, we store personal data on our own devices, within a data centre. The IT equipment used for data storage is kept separately, in a locked server room, protected by a multi-level access control system based on authorisation verification.

We make every effort to ensure that our IT infrastructure and software continuously comply with the technological standards generally accepted in the market.

In the course of system development, we implement logging mechanisms that allow the operations performed to be monitored and traced, and that enable the detection of incidents, such as unauthorised access.

Our server is located on a dedicated, isolated server provided by the hosting service provider, in a secure and restricted environment.

In accordance with the relevant recommendations of the NAIH, our Website uses the https protocol, which provides a higher level of data security compared to the http protocol.

In order to ensure the proper functioning of our Website, we may place small data files (cookies) on the User’s device, similarly to most modern websites.

1. What are Cookies?

A cookie is a small text file that a website places on the User’s device (including mobile phones). This allows the website to “remember” the User’s preferences — such as language settings, font size, or display options — so that these do not need to be reconfigured each time the User visits our Website.

Our Website operates on the hosting platform provided by wix.com, and therefore the cookies defined by wix.com apply. Cookies are set in accordance with the current configuration established by wix.com.

The full list of cookies used on the Website — including their names, functions, and expiration periods — is available in English at the following link: https://www.wix.com/about/cookie-table

Cookies used on our Website may be deleted or blocked; however, doing so may result in certain parts of the Website not functioning properly.

We do not use cookies to personally identify the User. These cookies serve exclusively the purposes described above.

1. How Can Cookies Be Managed?

Cookies can be deleted (for detailed information, visit www.AllAboutCookies.org) or blocked using most modern browsers. However, in this case, certain settings may need to be reconfigured each time the User visits our Website, and some services may not function properly.

Detailed information on deleting or blocking cookies can be found (in English) on www.AllAboutCookies.org and on the websites of the User’s respective browser providers via the links below:

Other provisions

1. Data processing for a different purpose

If we intend to use the data provided for a purpose different from that of the original collection, we shall inform the Users in advance and obtain their explicit prior consent, or alternatively, provide them with the opportunity to object to such use.

1. Record-keeping obligation

We maintain a record of processing activities concerning all data processing operations carried out under our responsibility, in accordance with Article 30 of the GDPR.

1. Personal data breach

A personal data breach refers to any security incident resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed. In the event of a personal data breach, we act in accordance with Articles 33 and 34 of the GDPR. We maintain a record of personal data breaches, indicating the relevant facts, their effects, and the corrective actions taken.

1. Amendments

We reserve the right to unilaterally amend this Privacy Notice at any time. In the event of such an amendment, we retain the previous versions of the Notice as they existed prior to the modification and, where feasible and appropriate, inform the data subjects of the amended provisions.

1. Data Protection Officer

The Data Protection Officer (DPO) is responsible for monitoring and supporting the lawful processing of personal data, providing advice on data protection matters, and maintaining communication with Users and the supervisory authority. In the course of operating the Website, the DPO ensures that data processing — including the handling of customer data and payment information — complies with the relevant legal provisions and the requirements of the GDPR.

Name: Dr. Miklós Péter Ákos

E-mail address: dmp@dmp.hu

Postal address: 1136 Budapest, Hegedűs Gyula utca 29. A.

Effective date: 4 November 2025

Ábrahám Balázs István EV

Data Controller

StableThought

Privacy Policy