top of page
  • Instagram
  • Facebook
  • Untitled design (2)

Privacy Policy and Data Protection Notice


Effective date: April 21, 2025

This Privacy Policy (hereinafter referred to as “Policy”) explains how personal data is processed by Cintia Torma, sole proprietor (hereinafter referred to as “Data Controller”) in the context of her activities, including services and digital products offered through the website www.bucketlister.org.

This Policy applies to all users of the website, regardless of nationality or place of residence, including individuals from the European Union (EU), European Economic Area (EEA), and third countries (non-EU/EEA). All data processing is conducted in accordance with the European General Data Protection Regulation (GDPR), the Hungarian Information Act (Act CXII of 2011), and other applicable data protection laws.
 

1. Data Controller


Name: Cintia Torma (sole proprietor)
Registered address: Illyés Gyula utca 132., 4032 Debrecen, Hungary
Tax ID: 90805732-1-29
Email: bucketlister.org@gmail.com
Phone: +36-20-483-4186
Website: www.bucketlister.org
 

2. Definitions


- Personal Data: Any information relating to an identified or identifiable natural person (“data subject”).
- Data Controller: The natural or legal person who determines the purposes and means of personal data processing.
- Data Processor: A natural or legal person who processes personal data on behalf of the Data Controller.
- Consent: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data.
- Data Subject: Any individual whose personal data is being processed.
- Data Protection Incident: Any breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.
 

3. Principles of Data Processing


Personal data is processed lawfully, fairly, and in a transparent manner. Data is collected for specified, legitimate purposes and is not further processed in a manner incompatible with those purposes. The data collected is adequate, relevant, and limited to what is necessary. The data is accurate and kept up to date, stored only for as long as necessary, and processed with appropriate technical and organizational safeguards.

 

3.1 Children’s Data
This website is not intended for use by children under the age of 16. We do not knowingly collect personal data from individuals under this age.

4. Legal Basis and Purposes of Data Processing


4.1 Registration on the Website:
- Purpose: Account creation and access to related services.
- Legal basis: Consent (Article 6(1)(a) GDPR), or Contract performance (Article 6(1)(b) GDPR).
- Data processed: Name, email address, password (encrypted), registration date, IP address.

4.2 Order Processing:
- Purpose: Fulfillment of orders and delivery of services/products.
- Legal basis: Contract performance (Article 6(1)(b) GDPR).
- Data processed: Name, billing address, contact information, order details.

4.3 Invoicing:
- Purpose: Compliance with accounting and taxation laws.
- Legal basis: Legal obligation (Article 6(1)(c) GDPR).
- Data processed: Name/company name, address, tax ID (if applicable), invoice details.

4.4 Newsletter Subscription:
- Purpose: Marketing and communication about products, services, offers.
- Legal basis: Consent (Article 6(1)(a) GDPR).
- Data processed: Name, email address.
- Note: Users may unsubscribe at any time via the unsubscribe link or by contacting the Data Controller.

4.5 Cookies:
- Purpose: Website functionality, analytics, and marketing.
- Legal basis: Consent (Article 6(1)(a) GDPR) or Legitimate interest/Contract (Article 6(1)(f)/(b)).
- Types: session cookies, functional cookies, analytics cookies, marketing cookies.

4.6 Social Media:
- Purpose: Communication and content sharing.
- Legal basis: Consent (Article 6(1)(a) GDPR).
 

5. Data Retention


Personal data is stored electronically on secure servers protected by passwords and security protocols. No paper-based data storage is used. Data is retained only as long as necessary to fulfill the purposes for which it was collected or as required by law. Upon expiration, data is deleted or anonymized.
 

6. Rights of the Data Subject


- Right to access: Request information on how and why data is processed.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): Request deletion of data under certain conditions.
- Right to data portability: Receive data in a structured format or have it transferred.
- Right to object: Object to data processing based on legitimate interests or direct marketing.
 

7. Data Security


The Data Controller implements technical and organizational measures such as multi-level access controls, secure Wi-Fi, encrypted servers, regular backups, and antivirus protection. Employees and data processors receive regular training on data protection responsibilities.
 

8. Data Protection Incidents


In the event of a data breach, the Data Controller will notify the supervisory authority within 72 hours if there is a risk to data subjects' rights. High-risk incidents will also be communicated directly to affected individuals, along with mitigation steps.
 

9. Data Processors and Third Parties


9.1 Hosting and Platform Services:
- Provider: Wix.com Ltd., 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel
- Website: www.wix.com | Contact: privacy@wix.com

9.2 Accounting Services:
- Accountant: Éva Puskás
- Purpose: Fulfillment of legal accounting obligations.
 

10. Cookies


Cookies may be used to improve the website’s functionality and user experience. Users can manage cookie preferences via browser settings or consent popups.
 

11. Data Protection Officer


A Data Protection Officer (DPO) is not currently appointed as the Data Controller’s activities do not require it under Article 37 of the GDPR.
 

12. Legal Remedies


If a data subject believes their rights have been violated, they may file a complaint with the Hungarian Authority for Data Protection and Freedom of Information (NAIH): Falk Miksa utca 9-11, 1055 Budapest, Hungary | Email: ugyfelszolgalat@naih.hu | Phone: +36 (1) 391-1400

Additionally, individuals may seek judicial remedy before the competent court in their country of residence.
 

13. Governing Law


This Privacy Policy is governed by Hungarian law and the General Data Protection Regulation (EU) 2016/679. For users outside the EU/EEA, international data transfers are handled with appropriate safeguards as required by applicable laws.
 

14. Amendments


The Data Controller reserves the right to modify this Policy at any time. Any changes will be posted on the website and take effect upon publication. Continued use of the website constitutes acceptance of the updated Policy.
 


Issued in Debrecen on April 21, 2025.
Cintia Torma (sole proprietor)

Bucketlist

My adventures

Home page

Terms and conditions

Subscribe here and get the latest travel tips  and my insider secrets!

© Copyright

Pivacy policy

Contact me

Thanks for subscribing!

bottom of page