Privacy policy

1. Who We Are (Data Controller)

The Services (our online store and related digital experiences) are operated by:

You 2.0 Labs Kft.
Registered office: 1154 Budapest, Kis Rákos utca 154., Hungary
Mailing address / complaint address: 1154 Budapest, Kis Rákos utca 154., Hungary
Email: info@youphorin.hu
Phone: +36 70 701 1666
Website: https://www.youphorin.com and https://www.youphorin.hu

For the purposes of applicable data protection laws (including the EU General Data Protection Regulation – “GDPR” – and the UK GDPR), You 2.0 Labs Kft. is the data controller of your personal information collected via the Services, unless otherwise stated.

Some of our infrastructure (for example, certain web hosting and storage services) may also be provided by local partners such as:

Rackhost Zrt.
6722 Szeged, Tisza Lajos körút 41., Hungary
Email: info@rackhost.hu
Phone: +36 1 445 1200

---

2. Scope of This Privacy Policy

youphorin.com operates this store and website, including all related information, content, features, tools, products and services, in order to provide you with a curated shopping experience (the “Services”). The Services are powered by Shopify, which enables us to provide the store and certain related features.

This Privacy Policy describes how we collect, use, and disclose your personal information when you:

• visit or use the Services,

• make a purchase or other transaction,

• subscribe to our marketing communications, or

• otherwise communicate or interact with us.

If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

By using the Services, you acknowledge that you have read this Privacy Policy and understand how your information is collected, used, and disclosed as described here.

---

3. Personal Information We Collect or Process

When we use the term “personal information,” we refer to information that identifies or can reasonably be linked to you or another person. Personal information does not include information that has been anonymized or de-identified so that it cannot identify you or be reasonably linked to you.

Depending on how you interact with the Services, where you live, and what the applicable law allows, we may collect or process the following categories of personal information (including inferences drawn from them):

• Contact details
  Your name, billing address, shipping address, email address, phone number, and similar contact data.

• Financial and transaction details
  Payment method, payment card or account information (processed via our payment providers), transaction amounts, currency, payment confirmation, and other payment-related details.
  (For security reasons, we do not store your full card details; these are handled by our payment service providers and Shopify.)

• Account information (where applicable)
  If you create an account, your username, password, and preferences. (On some of our Services, purchases may be made as a “guest” without creating an account.)

• Order and transaction information
  Items you view, place in your cart, wishlist, purchase, return, exchange, or cancel; order numbers; shipping options; complaints and warranty/guarantee claims; and your past transactions.

• Communications with us
  Information you include when you contact us (e.g. via email, contact form, phone, social media, or customer-support messages), including any complaints, warranty claims, or consumer protection inquiries.

• Device information
  Technical details about the device and browser you use to access the Services, such as IP address, operating system, browser type and version, language settings, and other unique identifiers.

• Usage and analytics information
  Information about how you use and interact with the Services, such as pages and products viewed, referring/exit pages, time spent on pages, clicks, scrolls, search queries, and other usage data. This may be collected via cookies, pixels, and similar technologies (see “Cookies and Similar Technologies” below).

• Marketing and communication preferences
  Your subscription status and preferences for newsletters, promotional emails, SMS, and other communications, and your choices regarding personalized advertising.

• Legal and compliance data
  Information necessary to comply with legal obligations (e.g. invoice data required under accounting and tax laws; records related to warranty/jótállás and consumer complaints; consent logs).

---

4. Sources of Personal Information

We may collect personal information from:

• Directly from you
  When you create an account, place an order, subscribe to a newsletter, fill in forms, contact us, or otherwise provide information to us.

• Automatically through the Services
  When you use the Services, certain information is automatically collected from your device via cookies and similar technologies.

• Our service providers
  For example, payment processors, hosting providers, logistics and courier companies, email and newsletter providers, analytics providers, and advertising partners who collect or process information on our behalf.

• Business and marketing partners and third parties
  For example, advertising platforms (such as Google and Meta/Facebook) that help us show you relevant ads or measure their performance, and tools integrated via Shopify.

---

5. How We Use Your Personal Information

Depending on how you interact with us and which Services you use, we may use your personal information for the following purposes:

a) Provide, Tailor, and Improve the Services

We use your personal information to:

• provide and operate the online store and related Services,

• process and fulfill orders, returns, and exchanges,

• process payments and issue legally required invoices,

• arrange for shipping and delivery,

• handle warranty/jótállás and other legal claims,

• manage your account (if you create one),

• remember your preferences and items of interest,

• provide a personalized shopping experience (such as product recommendations),

• maintain and improve the functionality, performance, and security of the Services.

b) Marketing and Advertising

We use your personal information, with your consent where required, to:

• send marketing and promotional communications (email, SMS, postal mail) about our products, bundles, offers, and content,

• segment and personalize marketing content according to your interests, purchases, or browsing behavior,

• show you advertisements on our own sites and on third-party sites and apps (e.g. Google, Meta/Facebook, Instagram) including retargeting / remarketing based on your previous interactions with our Services.

You can opt out of our direct marketing communications at any time (see “Your Rights and Choices” below).

c) Security and Fraud Prevention

We use your personal information to:

• authenticate your identity (where relevant),

• detect, prevent, and investigate fraudulent, illegal, or malicious activities,

• protect the security and integrity of our Services,

• safeguard our legitimate business interests and the safety of our customers and the public.

d) Communicating with You

We use your personal information to:

• respond to your questions, inquiries, and support requests,

• manage warranty/jótállás and consumer protection (fogyasztóvédelmi) complaints,

• provide important updates about your orders, account, or changes to our Terms or this Privacy Policy,

• manage our business relationship with you.

e) Legal and Regulatory Compliance

We use your personal information to comply with:

• applicable tax and accounting laws (e.g. issuing and retaining invoices for 8 years under Hungarian accounting rules),

• consumer protection and warranty/jótállás regulations (e.g. recording and keeping warranty and complaint records for prescribed periods),

• data protection laws (such as storing consent logs),

• official requests from courts, regulators, or authorities, where required by law.

---

6. Legal Bases for Processing (EEA/UK Users)

Where the GDPR or UK GDPR applies, we rely on the following legal bases to process your personal information:

• Performance of a contract (Art. 6(1)(b) GDPR)
  Processing necessary to enter into and perform our contract with you, including:

  • processing and fulfilling your orders,

  • managing payments and invoicing,

  • arranging shipping and delivery,

  • handling returns, refunds, warranty and jótállás claims, and other contractual matters.

• Compliance with a legal obligation (Art. 6(1)(c) GDPR)
  Processing necessary to comply with our legal obligations, including:

  • issuing and retaining invoices for at least 8 years under applicable accounting and tax laws,

  • retaining warranty/jótállás and consumer protection complaint records for at least 3 years,

  • maintaining consent logs as required by data protection law,

  • complying with official requests from public authorities where legally required.

• Legitimate interests (Art. 6(1)(f) GDPR)
  Processing necessary for our legitimate interests, provided these are not overridden by your rights and freedoms. These interests include:

  • ensuring the security, availability, and proper functioning of our Services,

  • preventing fraud and abuse,

  • defending our legal rights and responding to legal claims,

  • limited analytics to understand and improve our Services,

  • certain direct marketing and personalization operations (where local law allows) and managing business relationships.

• Consent (Art. 6(1)(a) GDPR)
  In some cases we only process your personal information if you have given us your explicit consent, for example to:

  • send newsletters and other electronic marketing communications,

  • place non-essential (e.g. analytics or marketing) cookies and similar technologies,

  • use certain personalized advertising and remarketing tools,

  • share data with specific marketing partners where required by law.

You may withdraw your consent at any time, without affecting the lawfulness of processing that took place before the withdrawal.

---

7. Cookies and Similar Technologies

What Are Cookies?

We use cookies, pixels, and similar technologies on the Services. Cookies are small text files placed on your device (computer, smartphone, tablet) when you visit a website. They often contain an anonymous unique identifier and may enable:

• basic site and store functionality (e.g. maintaining your cart),

• remembering your preferences,

• producing aggregated statistics,

• supporting marketing and personalized advertising.

Some cookies do not contain personal data and cannot identify you, while others can be linked to a specific device or user.

Types of Cookies We Use

We broadly distinguish:

1. Strictly necessary (functional) cookies
   These cookies are essential for the functioning of the Services (e.g. cart, checkout, security). Without them, certain functionality would not work. The legal basis is our legitimate interest in operating the Services and/or the performance of a contract.

2. Analytics / statistical cookies
   These help us understand how visitors use the Services (e.g. which pages are visited, how long visitors stay), so we can improve design, usability, and performance.

   • We use Google Analytics to collect anonymized statistics and reports about site usage. Google uses cookies such as “_ga” to generate aggregated statistics without identifying individual visitors.
     Where required by law, the legal basis for these cookies is your consent.

3. Marketing / advertising cookies and pixels
   These are used to display relevant advertising and measure the effectiveness of ads:

   • Google Ads (AdWords) cookies: used to build remarketing lists and show you relevant ads based on your previous visits to our site and other Google services.

   • Meta (Facebook) pixel: a tracking pixel used to measure conversions, build custom audiences, and serve targeted ads on Facebook/Instagram based on how you interacted with our site.
     The legal basis for these cookies is your consent, where required.

Google Consent Mode v2

We use Google Consent Mode v2 integrated with our cookie banner. This means:

• Your choices in the cookie banner control which types of cookies and data uses are allowed.

• Google uses additional consent “flags” such as ad_user_data (whether user data may be sent to Google for advertising) and ad_personalization (whether data may be used for personalized ads, e.g. remarketing).

• Statistical and marketing cookies will only operate according to your preferences set in the cookie panel.

Your Cookie Choices

You can manage your cookie preferences via:

• our cookie banner / cookie settings tool on the site, and

• your browser settings (where you can delete or block cookies).

Guides for managing cookies in common browsers:

• Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

• Firefox / Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito

• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac

• Chrome: https://support.google.com/chrome/answer/95647

• Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies

Please note that disabling strictly necessary cookies may affect the functionality of the Services.

---

8. How We Disclose Personal Information

We may disclose personal information to third parties for legitimate purposes, subject to this Privacy Policy and applicable law.

a) Service Providers and Data Processors

We share personal information with third parties who perform services on our behalf, including:

• Shopify (store platform, hosting, certain analytics and payments infrastructure)

• Hosting and infrastructure providers, such as Rackhost Zrt., for certain web and data storage services

• Payment service providers (e.g. payment gateways integrated with Shopify)

• Logistics and courier partners, e.g.:

  • FoxPost Kft. – foxpost.hu

  • Magyar Posta Zrt. – posta.hu

  • GLS Hungary – gls-group.eu/HU

  • DPD Hungária Kft. – dpd.com/hu

  • Express One Hungary Kft. – expressone.hu

  • Packeta Hungary Kft. – packeta.hu

  • Delivery Solutions Zrt. (Sameday) – sameday.hu

  These companies process your name, address, email address, phone number and package details to deliver your order.

• Newsletter and email marketing providers, e.g.:

  • The Rocket Science Group LLC (Mailchimp), 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (for newsletter distribution and campaign analytics)

• Accounting / bookkeeping providers, e.g.:

  • E-account Tanácsadó Kft., 1093 Budapest, Közraktár u. 22/B. fszt. 2., Hungary
    (they process invoice-related data as required by accounting law)

• IT, security, analytics, and customer-support providers
  (e.g. tools used for site analytics, spam filtering, customer service, or ticketing).

These service providers only process personal information as instructed by us and for the purposes specified in our agreements with them.

b) Business and Marketing Partners

We may share personal information with business and marketing partners who:

• support our marketing, personalization, or analytics, and

• operate advertising networks such as Google Ads and Meta (Facebook/Instagram).

These partners use your information in accordance with their own privacy notices and may act as independent controllers for certain processing (e.g. when they use data to improve their own services).

Where required by law, you can opt out of certain “sharing” or “sale” of personal information or of processing for targeted advertising purposes (see “Your Rights and Choices”).

c) When You Direct or Consent to Sharing

We may disclose your personal information:

• when you request or authorize us to do so (e.g. social media integrations, reviews, referral programs),

• to fulfill your specific instructions (e.g. shipping to a third party as a gift).

d) Within Our Group

We may share information within our corporate group (affiliates, successors) for internal administrative, operational, or compliance purposes.

e) Business Transfers and Legal Reasons

We may disclose personal information:

• in connection with a business transaction (e.g. merger, acquisition, asset sale, or bankruptcy),

• to comply with legal obligations or respond to valid legal process (e.g. subpoenas, court orders, regulatory requests),

• to enforce or investigate potential violations of our Terms, or

• to protect the rights, property, or safety of the Services, our company, our users, or others.

---

9. Relationship with Shopify

The Services are hosted and technically operated in part by Shopify. Shopify collects and processes personal information about your access to and use of the Services in order to provide, secure, and improve its platform for us and for other merchants.

Information you submit through our Store is transmitted to and processed by Shopify (and certain third parties working with Shopify) which may be located in countries other than your own.

In addition, to help protect, grow, and improve our business, we use certain Shopify features that may incorporate data obtained from your interactions with our Store, with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information for its own purposes, including:

• personalisation across different Shopify-powered stores,

• platform security and integrity,

• improving Shopify’s products and services.

To learn more about how Shopify uses your personal information and any rights you may have in relation to Shopify’s own processing, please refer to the Shopify Consumer Privacy Policy and the Shopify Privacy Portal (available via https://privacy.shopify.com).

---

10. International Transfers

We are based in Hungary and operate the Services primarily from the European Economic Area (EEA). However, your personal information may be transferred to and processed in countries outside of your own, including:

• other EEA countries,

• the United Kingdom,

• the United States and other third countries (particularly where Shopify, Mailchimp, or other service providers are located).

Where we transfer personal information from the EEA or UK to a country that is not deemed to provide an adequate level of data protection, we rely on appropriate safeguards such as:

• the European Commission’s Standard Contractual Clauses (SCCs), and/or

• equivalent contractual mechanisms approved under UK law.

You can contact us for more details about specific transfer mechanisms used.

---

11. Security and Retention of Your Information

Security

We implement appropriate technical and organizational measures designed to protect your personal information against:

• unauthorized access,

• alteration,

• disclosure, or

• destruction.

However, no security measures are perfect or impenetrable, and no method of transmission over the internet is completely secure. We therefore cannot guarantee “perfect security”. We recommend that you do not transmit sensitive information to us via unencrypted or insecure channels.

We also take reasonable steps to require our service providers (data processors) to implement appropriate security measures.

Retention

We keep personal information only for as long as necessary to:

• provide the Services and fulfill the purposes described in this Privacy Policy,

• comply with legal and regulatory obligations,

• resolve disputes, and

• enforce our agreements.

Typical retention periods include:

• Order and contract data: retained for up to 5 years after the transaction, in line with the general civil limitation period.

• Invoices and accounting records: retained for 8 years from issuance, as required by applicable accounting and tax laws.

• Warranty (szavatosság, jótállás) records: retained for 3 years following the relevant claim, as required by consumer protection regulations.

• Consumer complaints: retained for 3 years in accordance with the Hungarian Consumer Protection Act.

• Consent records (e.g. for newsletters, cookies): retained at least for the period of processing and for the applicable limitation period to prove compliance with legal requirements.

• Marketing data: retained until you withdraw your consent or object, or for a shorter period where required by law.

When there is no longer a legal or business need to retain personal information, we will delete or anonymize it.

---

12. Your Rights and Choices

Your rights may differ depending on your place of residence and the applicable laws (e.g. GDPR in the EEA/UK, CCPA/CPRA in California). Subject to conditions and limitations, you may have some or all of the following rights:

• Right to access / know
  You can request confirmation of whether we process your personal information and, if so, request a copy and information about how we process it.

• Right to rectification (correction)
  You can request that we correct inaccurate or incomplete personal information we hold about you.

• Right to deletion (erasure)
  You can request that we delete your personal information in certain circumstances (for example, when it is no longer necessary for the purposes for which it was collected or if you withdraw your consent). We may be required to retain certain information (e.g. invoices, open claims) due to legal obligations.

• Right to restrict processing
  You can request that we restrict the processing of your personal information in certain circumstances (e.g. while we verify the accuracy of data you contest).

• Right to data portability
  Where processing is based on consent or on a contract and carried out by automated means, you may request to receive your personal information in a structured, commonly used, machine-readable format and to have it transmitted to another controller where technically feasible.

• Right to object
  You can object at any time to the processing of your personal information based on our legitimate interests, including profiling. We will stop such processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing is needed for legal claims.
  You always have the right to object to processing of your personal information for direct marketing (including profiling related to direct marketing). If you object, we will stop using your data for this purpose.

• Right to withdraw consent
  When processing is based on your consent, you can withdraw your consent at any time. This does not affect the lawfulness of processing carried out before the withdrawal.

• Right to opt out of “sale” or “sharing” / targeted advertising (where applicable)
  In some jurisdictions (such as certain US states), you may have the right to opt out of the “sale” or “sharing” of personal information or of processing for targeted advertising. We will honor such rights where required by law.

• Managing communication preferences
  You can opt out of promotional emails at any time by using the unsubscribe link in those emails. Even if you opt out of marketing, we may still send you non-promotional messages related to your orders, account, or legal notices.

To exercise any of these rights, please contact us using the contact details in the “Contact” section below. We may need to verify your identity (and, where applicable, the authority of any agent acting on your behalf) before fulfilling your request.

We will respond within the time limits set by applicable law.

---

13. Complaints and Supervisory Authority

If you have concerns or complaints about how we process your personal information, please contact us first so we can try to resolve the issue.

If you are located in the European Economic Area (EEA) or the UK, you also have the right to lodge a complaint with your local data protection authority. In Hungary, the competent authority is:

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Postal address: 1363 Budapest, Pf. 9., Hungary
Email: ugyfelszolgalat@naih.hu
Phone: +36 (1) 391 1400, +36 (30) 683 5969, +36 (30) 549 6838

You may also have the right to bring a claim before a competent court if you believe your data protection rights have been infringed.

---

14. Children’s Data

The Services are not intended for children, and we do not knowingly collect personal information from individuals under the age of majority in their jurisdiction.

If you are a parent or guardian and believe that your child has provided us with personal information, you may contact us using the details below to request deletion.

As of the effective date of this Privacy Policy, we do not have actual knowledge that we “sell” or “share” (as defined by applicable law) personal information of individuals under 16 years of age.

---

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect:

• changes to our practices,

• changes to our Services, or

• legal, regulatory, or technical developments.

When we update the policy, we will:

• post the revised version on this page,

• update the “Last updated” date at the top, and

• provide additional notice as required by applicable law.

Your continued use of the Services after the updated Privacy Policy becomes effective will constitute your acknowledgment of the changes.

---

16. Contact

If you have any questions about this Privacy Policy, our privacy practices, or if you wish to exercise any of your rights, please contact us at:

You 2.0 Labs Kft.
Attn: Privacy / Data Protection
Address: 1154 Budapest, Kis Rákos utca 154., Hungary
Email: info@youphorin.hu
Phone: +36 70 701 1666

For the purposes of applicable data protection laws, You 2.0 Labs Kft. is the data controller of your personal information processed via the Services.