You can return to the main page here.
-
E-mail:
hello@reflowevents.hu -
Phone:
+36 30 656 5339 -
© All rights reserved | Reflow Events Ltd. – Event Management Agency
Privacy Policy
Reflow Events Ltd.
Last updated: November 5, 2025.
1. Purpose, Scope, and Applicable Laws of the Privacy Policy
The purpose of this Privacy Policy is to establish the data protection and data management principles applied by Reflow Events Kft. (hereinafter referred to as the “Company”), as well as the Company’s data protection and data management policy, which the Company, as data controller, acknowledges as binding upon itself. When formulating the provisions of this Policy, the Company has taken into particular consideration Regulation (EU) 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”), Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (“Infotv.”), Act V of 2013 on the Civil Code (“Ptk.”), and Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (“Grtv.”). The scope of this Privacy Policy extends to (i) data processing related to the operation of the websites available at www.reflowevents.hu (hereinafter collectively referred to as the “Website”).
The purpose of this Privacy Policy is to establish the data protection and data management principles applied by Reflow Events Kft. (hereinafter referred to as the “Company”), as well as the Company’s data protection and data management policy, which the Company, as data controller, acknowledges as binding upon itself. When formulating the provisions of this Policy, the Company has taken into particular consideration Regulation (EU) 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”), Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (“Infotv.”), Act V of 2013 on the Civil Code (“Ptk.”), and Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (“Grtv.”). The scope of this Privacy Policy extends to (i) data processing related to the operation of the websites available at www.reflowevents.hu (hereinafter collectively referred to as the “Website”).
2. Definitions
Data processing: any operation or set of operations performed on Personal Data, regardless of the method applied, including in particular the collection, recording, organization, structuring, storage, adaptation, alteration, use, retrieval, consultation, disclosure, transmission, dissemination, or otherwise making available, publication, alignment or combination (including profiling), restriction, deletion, and destruction of Personal Data.
Data processor: a service provider that processes personal data on behalf of the Data Controller. The Data Processors referred to in this Policy are listed in Section 11.
Data controller: the person specified in Section 3 who determines, alone or jointly with others, the purposes and means of data processing.
User: any natural person who (i) visits the Website and/or requests a quote, and in doing so provides the data listed in Section 7.
External service provider: third-party service partners engaged by the Data Controller or the Website operator, either directly or indirectly, to provide certain services, to whom Personal Data may be transmitted or who may transmit Personal Data to the Data Controller in order to perform their services. Such providers may include, for example, delivery companies (such as Magyar Posta or courier services) or any other partners whose services are essential to the Company’s performance. These providers are permitted to use and transmit the collected and processed Personal Data of data subjects solely for the purpose of fulfilling the assignments given by the Company. External service providers also include entities that are not in cooperation with the Data Controller or the Website operators but may collect data about Users by accessing the Website, which—either independently or in combination with other data—may be suitable for identifying the User.
Policy: this data protection policy of the Data Controller.
3. The Data Controller and its activities
Name: Reflow Events Korlátolt Felelősségű Társaság
Address: 1048 Budapest, Tófalva u. 5. III. 8.
VAT number: 28749093-2-41
Company registration number: 01-09-372270
Legally represented by: Kiss Krisztián
E-mail: hello@reflowevents.hu
Business activity: event planning company, event agency
The Data Controller is a business entity registered in Hungary.
Data protection officer appointed by the Data Controller:
Name: Wojtekovits Kinga
Contact: hello@reflowevents.hu
4. Principles and Methods of Data Processing, Applicable Laws
4.1. The Data Controller acts in good faith, fairness, and transparency, cooperating with the Users throughout data processing. The Data Controller only processes data defined by law or provided by the Users, for the purposes set out in this Privacy Notice. The scope of processed Personal Data is proportionate to the purpose of data processing and does not exceed it.
4.2. In every case where the Data Controller intends to use Personal Data for a purpose other than that of the original data collection, the User shall be informed in advance and their explicit consent shall be obtained, or they shall be given the opportunity to prohibit such use.
4.3. The Data Controller does not verify the Personal Data provided. The person providing the data is solely responsible for the accuracy of the Personal Data.
4.4. The Data Controller does not transfer the Personal Data it manages to third parties other than the Data Processors specified in this Notice and, in certain cases referred to herein, External Service Providers. An exception to this is the statistical use of the data in aggregated form, which does not contain any information that could identify the User and therefore does not qualify as Data Processing or Data Transfer. In certain cases — such as official court or police requests, legal proceedings, infringement of intellectual property, property, or other rights, or the suspicion thereof, as well as in cases threatening the interests of the Data Controller or the provision of its services — the Data Controller may make available the Personal Data of the affected User to third parties.
4.5. The Data Controller’s systems may collect information about the Users’ activity, which cannot be linked to other data provided by the Users during registration or to data generated when using other websites or services.
4.6. The Data Controller shall inform the affected User, as well as all parties to whom it previously transmitted the Personal Data for processing purposes, of any rectification, restriction, or deletion of such data. Notification may be omitted if it does not violate the User’s legitimate interest considering the purpose of processing.
4.7. The Data Controller manages Personal Data in compliance with the applicable legal regulations. The relevant laws include in particular:
Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (“Infotv.”);
Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (“Grtv.”);
Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services;
Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR);
Act C of 2000 on Accounting, Section 169 (regarding document retention).
4.8. Personal Data of a person under the age of 16 may only be processed with the consent of an adult exercising parental authority over them. The Data Controller is not in a position to verify the legitimacy of the consenting person or the content of their declaration; therefore, the User or the person exercising parental authority guarantees that the consent complies with legal requirements. In the absence of such consent, the Data Controller does not collect Personal Data relating to persons under the age of 16.
5. Legal Basis for Data Processing
5.1. Considering the nature of the Data Controller’s activities, the legal basis for data processing is the Users’ voluntary, informed, and explicit consent (Infotv. Section 5 (1) (a)), as well as, in the case of profiling, the User’s proper notification in accordance with the GDPR. Users contact the Data Controller voluntarily, register voluntarily, and use its services voluntarily. In the absence of such consent, the Data Controller only processes Personal Data if expressly authorized by law.
5.2. In the case of data processing based on consent, the User has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of data processing carried out prior to the withdrawal.
5.3. When the User accesses any of the websites, the Data Controller records the User’s IP address in connection with the provision of the service, based on the Data Controller’s legitimate interest and for the lawful operation of the service (e.g., to prevent unlawful use or filter illegal content), even without the User’s specific consent.
5.4. Data transfer to the Data Processors specified in this Notice may be carried out without separate User consent. Disclosure of Personal Data to third parties or authorities — unless otherwise required by law — is only possible based on a final official decision or the User’s prior, explicit consent.
5.5. When providing an email address or other data (such as username, phone number, etc.) during registration, the User also accepts responsibility for ensuring that services accessed via the given email address or provided data are used solely by them and do not violate any rights or laws. Accordingly, any liability arising from access or use of services with a given email address and/or data rests exclusively with the User who registered and provided such data.
5.6. In certain cases, the legal basis for data processing is a legal obligation. The main legal provisions requiring data processing are those listed in Section 4.7. If the User makes a payment to the Data Controller, the Controller processes the data appearing on the invoice in accordance with the Accounting Act.
5.7. When the legal basis for data processing is the Data Controller’s legitimate interest, the Data Controller has conducted and may continue to conduct a legitimate interest assessment in accordance with the relevant GDPR provisions to confirm that its legitimate interest in a given processing activity outweighs the data subject’s rights and freedoms.
5.8. The User guarantees that, in connection with ordering or using the Services, they have lawfully obtained the consent of any natural persons whose personal data they provide or make accessible. The User is fully responsible for any user-generated content uploaded or shared through the Services.
6. Purpose of Data Processing
6.1 The Data Controller processes Personal Data solely for specific purposes, in order to exercise rights and fulfill obligations. All stages of data processing comply with the purpose of the processing. The collection and management of data are carried out fairly and lawfully. The Data Controller strives to ensure that only the Personal Data essential and relevant to achieving the purpose of processing are collected. Personal Data may only be processed to the extent and for the duration necessary to achieve the intended purpose.
6.2 The primary purpose of data processing is the operation of the Website and the provision of the Data Controller’s services. Based on the above, the purposes of data processing include:
In connection with the Data Controller’s core activities:
– Identifying the User and maintaining communication with the User;
– Preparing analyses and statistics, and improving services — for this purpose, the Data Controller uses only anonymized, non-identifiable aggregated data;
– Providing the Data Controller’s services,
– Protecting Users’ rights.
7. Source of Personal Data and Scope of Processed Personal Data
7.1 In connection with its core activities, the Data Controller processes Personal Data provided by Users. Personal Data is provided by the User when submitting a request for a quote through the Website. The data the User may provide include: name, email address, phone number, and event details.
The Data Controller analyzes the User’s online activity on its Website, as well as—if the User has consented to joint data processing—on the co-controllers’ websites and other websites visited by the User, based on interaction data collected and analyzed. Following this analysis, the Data Controller creates user profiles containing demographic characteristics, interests, and preferences of the User. The connection of these data with Personal Data is made by the Data Controller using the User’s IP address and/or cookie identifiers.
The Data Controller manages the User’s profile exclusively for the purposes defined in this Privacy Notice and does not make it accessible to any other data controller. The User may object to profiling by sending an email to the Data Controller’s email address provided in this Notice. In such cases, the Data Controller will delete the User’s profile; however, as a result, the Data Controller may be unable, or only able to a significantly lesser extent, to provide services to the User.
7.2 With respect to Clients, the Data Controller processes the following data:
– Full name, email address, phone number, other identifiers necessary for communication through electronic channels (e.g. Skype, Zoom), and any other personal data obtained from the client, from public or purchased databases, the content of the quote request, and any other information shared by the User that is necessary for the provision of the service.
7.3 In addition to the above, the Data Controller also processes technical data, including IP address and cookies, as described in Section 9.
8. Description of the Data Processing Procedure
8.1 The source of Personal Data is the User, who provides the data during the quote request process. The data requested on the registration form are mandatory unless otherwise explicitly indicated.
8.2 The User provides the data voluntarily and independently. The Data Controller does not issue any mandatory guidelines or impose any content requirements in this regard. The User expressly consents to the processing of the data they provide.
9. Management of Technical Data and Cookies
9.1 The Data Controller’s system automatically records the User’s computer IP address, the start time of the visit, and, in some cases—depending on the computer’s settings—the type of browser and operating system used. The recorded data—except in cases where the User has given consent for marketing communication or profiling—cannot be linked to other Personal Data and are processed solely for statistical purposes. 9.2 Cookies enable the Website to recognize previous visitors. Cookies help the Data Controller, as the operator of the Website, to optimize the Website and to tailor its services according to Users’ habits. Cookies are also suitable for remembering settings, so the User does not need to re-enter them when navigating to a new page, and for analyzing the use of the Website in order to make improvements based on the information obtained, so that the Website operates as much as possible according to the User’s expectations and allows the User to easily find the desired information. The Data Controller also uses cookies to display advertisements to Users through Google, Facebook, Instagram, LinkedIn, and Pinterest.
9.1 The Data Controller’s system automatically records the User’s computer IP address, the start time of the visit, and, in some cases—depending on the computer’s settings—the type of browser and operating system used. The recorded data—except in cases where the User has given consent for marketing communication or profiling—cannot be linked to other Personal Data and are processed solely for statistical purposes. 9.2 Cookies enable the Website to recognize previous visitors. Cookies help the Data Controller, as the operator of the Website, to optimize the Website and to tailor its services according to Users’ habits. Cookies are also suitable for remembering settings, so the User does not need to re-enter them when navigating to a new page, and for analyzing the use of the Website in order to make improvements based on the information obtained, so that the Website operates as much as possible according to the User’s expectations and allows the User to easily find the desired information. The Data Controller also uses cookies to display advertisements to Users through Google, Facebook, Instagram, LinkedIn, and Pinterest.
Data processing in this context takes place without human intervention.
9.3 The User can configure their web browser to accept all cookies, reject all cookies, or notify them when a cookie is sent to their device. These settings are usually found in the “Options” or “Settings” menu of the browser. By disabling cookies, the User acknowledges that the Website may not function fully. The English-language website www.aboutcookies.org provides detailed guidance on cookie settings in different browsers.10. Data Transfer
10.1 The Data Controller does not transfer Personal Data to any third party under any circumstances.
10.2 The Data Controller is entitled and obliged to transfer any Personal Data in its possession, which has been lawfully stored, to the competent authorities if required to do so by law or a final and binding official order. The Data Controller cannot be held liable for such data transfers or any consequences arising from them.
10.3 The Data Controller documents all data transfers and keeps records of them.
11. Data Processing
11.1 The Data Controller is entitled to use a Data Processor in order to perform its activities. Data Processors do not make independent decisions; they are only authorized to act according to the contract concluded with the Data Controller and the instructions they receive. The Data Controller supervises the work of the Data Processors. Data Processors may only engage further data processors with the consent of the Data Controller.
11.2 The Data Controller specifies the Data Processors used in this Privacy Notice. The Data Processors engaged by the Data Controller are:
– Websupport Magyarország Kft., 1119 Budapest, Fehérvári út 97-99. (hosting services)
– Google Ireland Limited Ireland, Dublin, Barrow Street 4. (hosting, analytics)
– Meta Platforms Ireland Limited, HARBOUR, 4, Grand Canal Quay, Grand Canal Bridge, Dublin, 2, Ireland
– Pinterest Inc. at 651 Brannan Street, San Francisco, CA 94107, USA.
– Hotjar Ltd. Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St. Julian’s STJ 3141 Malta, Europe
– Wojtekovits Máté e.v. (editing of marketing communication materials, website development)
12. External Service Providers
12.1 During the operation of the Website, the Data Controller uses External Service Providers with whom it cooperates. External Service Providers include, for example, postal and courier services (such as Magyar Posta and other delivery companies) or any partner whose service is essential for the fulfillment of the Company’s obligations. These providers are permitted to use and process personal data collected about the data subjects solely for the purpose of performing the tasks assigned by the Company.
12.2 With respect to the Personal Data processed in the systems of the External Service Providers, the provisions of their respective privacy policies shall apply. The Data Controller takes all reasonable measures to ensure that the External Service Provider handles the Personal Data transferred to them in compliance with applicable laws and uses such data only for the purposes defined by the User or as set out in this Privacy Notice.
12.3 The Data Controller informs Users about the transfer of data to External Service Providers within this Privacy Notice.
– Google Ireland Limited Ireland, Dublin, Barrow Street 4.
– Meta Platforms Ireland Limited, HARBOUR, 4, Grand Canal Quay, Grand Canal Bridge, Dublin, 2, Ireland
– Pinterest Inc. at 651 Brannan Street, San Francisco, CA 94107, USA.
– Hotjar Ltd. Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St. Julian’s STJ 3141 Malta, Europe
13. Data Security and Access to Personal Data
13.1 The Data Controller ensures the security of the Personal Data it manages, takes the necessary technical and organizational measures, and establishes the procedural rules required to enforce the relevant legal, data protection, and confidentiality regulations. The Data Controller protects Personal Data through appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental loss or damage, and against becoming inaccessible due to technological changes.
13.2 The Data Controller maintains Personal Data in compliance with the applicable laws, ensuring that such data can only be accessed by employees or other persons acting within the Data Controller’s scope of authority (data processors) who need it to perform their duties. The employees of the Data Controller perform individual searches or operations on the data only upon the User’s request or when necessary for providing the service.
13.3 When defining and applying data security measures, the Data Controller takes into account the current state of technology. Among multiple possible data processing solutions, the Data Controller selects the one that ensures a higher level of protection for Personal Data, unless this would cause disproportionate difficulty. In the context of IT security, the Data Controller ensures in particular:
– Measures to protect against unauthorized access, including software and hardware protection, and physical security (access control, network protection);
– Measures ensuring data recovery, including regular backups and the secure, separate handling of copies (mirroring, backup);
– Protection of data files against viruses (virus protection);
– Physical protection of data files and the devices storing them, including protection against fire, water damage, lightning, and other natural disasters, as well as restoration in case of such events (archiving, fire protection).
13.4 Employees and other persons acting on behalf of the Data Controller are obliged to securely store and protect all data carriers containing Personal Data—regardless of the recording method—against unauthorized access, alteration, transmission, disclosure, deletion, destruction, accidental loss, or damage.
13.5 The Data Controller operates its electronic records through an IT system that meets data security requirements. The system ensures that data can only be accessed for specific purposes, under controlled conditions, and only by individuals who require access to perform their tasks.
14. Duration of Data Processing
The Data Controller deletes Personal Data if:
a) its processing is unlawful;
If it becomes evident that data is being processed unlawfully, the Data Controller will immediately delete the data.
b) the User requests deletion (except in cases of processing required by law);
The User may request the deletion of data processed based on their voluntary consent. In this case, the Data Controller will delete the data. Deletion may only be refused if a legal regulation authorizes the continued processing of the data. The Data Controller will always inform the User of any refusal to delete, specifying the legal basis that permits data retention.
c) the data is incomplete or inaccurate – and this condition cannot be lawfully remedied – provided that deletion is not excluded by law;
d) the purpose of data processing has ceased, or the statutory retention period has expired;
Deletion may be refused (i) for the purpose of exercising the right to freedom of expression and information, (ii) if data processing is authorized by law, or (iii) for the establishment, exercise, or defense of legal claims. The Data Controller will always inform the User if a deletion request is refused, stating the reason for refusal. Once Personal Data has been deleted, it cannot be restored.Newsletters sent by the Data Controller can be unsubscribed from via the unsubscribe link contained in each message. Upon unsubscribing, the Data Controller deletes the User’s Personal Data from the newsletter database. The Company retains contact data as necessary for maintaining communication and deletes inactive contacts from its system within one year at the latest.
Personal Data related to events will be deleted no later than 90 days after the event has concluded. The Company processes data only to the extent and for the duration necessary for the performance of its tasks. The Data Processor permanently deletes any Personal Data once the retention period has expired. The Data Processor retains Personal Data related to an event for up to 90 days following its conclusion.
The Data Controller deletes any other Personal Data if it is evident that such data will no longer be used in the future, meaning the purpose of data processing has ceased.
e) deletion is ordered by a court or the National Authority for Data Protection and Freedom of Information (NAIH).
If a court or the NAIH issues a final order for the deletion of Personal Data, the Data Controller will carry out the deletion. Instead of deletion, the Data Controller may block (restrict) the Personal Data—while informing the User—if the User requests it or if there is reason to believe that deletion would harm the User’s legitimate interests. Such blocked Personal Data may only be processed as long as the purpose that excluded deletion still exists.
The Data Controller marks Personal Data if the User disputes its accuracy or correctness but the inaccuracy or incorrectness cannot be clearly established. In cases where data processing is mandated by law, the legal provisions shall apply regarding deletion. When deletion occurs, the Data Controller ensures that the Personal Data becomes irreversibly anonymized. If required by law, the Data Controller destroys the data carriers containing the Personal Data.
15. Users’ Rights and the Exercise Thereof
15.1. The Data Controller informs the User about the processing of Personal Data at the time of initial contact. The User is also entitled to request information about data processing at any time. Upon the User’s request, the Data Controller provides information about the data processed by it or by any Data Processor acting on its behalf or instruction — including the source of the data, the purpose, legal basis, and duration of processing, the name and address of the Data Processor, its activities related to data processing, the circumstances and effects of any data protection incident, and the measures taken to prevent or mitigate such incidents.
In the event of data transfer, the Data Controller shall also provide information on the legal basis and the recipient of the data transfer. The Data Controller must provide this information in writing, in an understandable form, within the shortest possible time but no later than 25 days from receipt of the request. The information is provided free of charge if the User has not previously requested information on the same data set within the current year. In all other cases, the Data Controller may charge a fee. The fee must be refunded if the data were processed unlawfully or if the request resulted in rectification.
15.2. The User may request the correction of inaccurate Personal Data. If data correction affects ongoing data transfers, the Data Controller shall, if necessary, notify the recipient of the correction or inform the User that correction must also be requested from other data controllers.
15.3. Except for cases of data processing required by law, the User may request the deletion of their Personal Data. The Data Controller will notify the User upon deletion.
15.4. The User may object to the processing of their Personal Data in accordance with the provisions of the Information Act (Infotv.).
15.5. The User may submit requests for information, correction, or deletion in writing by sending a letter to the registered office or premises of the Data Controller, or by email to hello@reflowevents.hu.
15.6. The User may request the restriction of data processing if they contest the accuracy of their Personal Data. In this case, the restriction applies for the period during which the Data Controller verifies the accuracy of the data. The Data Controller marks the disputed data if its accuracy or correctness cannot be clearly determined.
The User may also request restriction if the processing is unlawful but they oppose deletion and instead request limitation of use. Furthermore, the User may request restriction if the purpose of processing has been achieved but the data is still needed for the establishment, exercise, or defense of legal claims.
15.7. The User may request that the Data Controller provide the Personal Data they have supplied and which are processed automatically in a structured, commonly used, machine-readable format, and/or request that such data be transmitted to another data controller.
15.8. If the Data Controller refuses the User’s request for correction, blocking, or deletion, it must communicate the reasons for refusal in writing within 25 days of receiving the request. In such cases, the Data Controller will inform the User about available legal remedies and the option to contact the National Authority for Data Protection and Freedom of Information (NAIH).
15.9. The User may exercise the above rights using the contact details provided in Section 3 of this Policy.
15.10. The User may file a complaint directly with the National Authority for Data Protection and Freedom of Information (NAIH):
Address: 1055 Budapest, Falk Miksa utca 9–11.
Mailing address: 1363 Budapest, Pf. 9.
Phone: +36-1-391-1400
Email: ugyfelszolgalat@naih.hu
Website: www.naih.hu.
16. Amendment of the Privacy Policy
16.1. The Data Controller reserves the right to unilaterally amend this Privacy Policy at any time. The date of the last modification is indicated at the beginning of the Policy under the label “Last modified”.
16.2. By continuing to use the Website after any amendment, the User accepts the provisions of the Privacy Policy as amended. No separate consent from individual Users is required for the amendments to take effect.
I have read and understood the information provided. I declare that I am providing my data voluntarily and I expressly consent to the processing of my personal data.
2022. 02.26.
Together with us organize events you’ll be proud of.
Menu
© 2025 | All rights reserved by Reflow Events Kft. | event planning company based in Budapest
We don't bite.
Really.