Privacy Policy

The protection of your personal data is absolutely important to our company. Processing and handling of data is done only on the basis of legal definitions and regulations. The Gallery undertakes to ensure that all data management related to its activity meets the requirements set out in this guide and in the applicable legislation. The Gallery reserves the right to unilaterally alter this guide at any time. The User accepts our actual applicable data security guide at the next entry, and there is no need to request the consent of each User.

(Regulation (EU) No 2016/679 (GDPR) of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing applicability of Regulation No 95/46 /EK)

With the following guide we want to inform our website visitors about our data protection aspects, data processing, and closely related privacy information:

Responsible Body:
Horváth és Lukács Galéria Kft.
Adress: H-9485 Nagycenk Kiscenki u. 47.
Phone: +36 99 532 210


“Personal Data” means any information about an identified or identifiable natural person (“concerned”); a natural person may be identified, directly or indirectly, based on one or more factors such as name, number, positioning data, online identifier or factors relating to the natural persons physical, physiological, genetic, intellectual, economic, cultural or social identification.

“Data Management” means any operation or operation in any automated or non-automated way of personal data or data files, such as collecting, recording, rendering, compiling, storing, modifying or modifying, querying, inspecting, using, communicating, transmitting, distributing or making available by other means, alignment or interconnection, restriction, deletion or cancel;

“Restrictions on data handling” means the designation of stored personal data to limit their future management;
“Data Controller” means any natural or legal person, public authority, agency or any other body that determines the purposes and means of handling personal data individually or with others; where the purposes and means of data management are defined by the EU or national law, the data controller or the particular aspects of the designation of the data controller may also be defined by the EU or national law;
„Data Processor” means any natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;
“Restrictions on data management” means the designation of stored personal data to limit their future management;
“Consent of the party concerned” means a voluntary, concrete, appropriate, informed and clear statement of the will of the person concerned by means of which the statement or confirmation is expressed in an unambiguous way of expressing his consent to the processing of his personal data;
“Privacy Incident” means any breach of security resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.


Our website uses cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site. Cookies often contain a unique identifier – a secret, randomly generated number line – that your device stores. Some cookies will disappear after the website is closed and some will be stored for a longer period of time on your computer, but will not cause any damage.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of GDPR. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Facebook Social Plugin

Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see

When you visit our site, a direct connection between your browser and the Facebook server is established via the plugin. This enables Facebook to receive information that you have visited our site from your IP address. If you click on the Facebook “Like button” while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate visits to our site with your user account. Please note that, as the operator of this site, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses these data. For more information, please see Facebook’s privacy policy at

If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.
For more information about Facebook’s data management policies, visit the following pages:

The service provider therefore does not affect the size of the data collected by Facebook through the plugin and therefore informs users according to their best knowledge: By integrating the plugin, Facebook receives information that the user has opened the online offer on the selected page. When a user has joined Facebook, Facebook can assign an “online visit” to your Facebook account.

If a user links to a plugin, such as pressing the Like button or leaving comments, it will directly send this information to Facebook and then this information will be store there. In addition, Facebook can access and store the user’s IP address if the user is not registered on Facebook. According to Facebook, only anonymous IP-
The purpose and scope of data collection, as well as the processing and use of data on Facebook, the rights and set-ups related to the protection of users’ privacy in this regard can be found in the Facebook Privacy Policy:,
If the user is a registered Facebook member and does not want to collect Facebook data through this online offer and link it to your Facebook stored data, you must log out of Facebook before visiting the site and delete the relevant Facebook cookies. Facebook social plugins can be locked with extensions linked to the browser, such as “Facebook Blocker”.


Our website uses the features of the Pinterest social network. Provided by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA.
When you call a page with Pinterest functionality, your browser connects directly to Pinterest servers. The log data is transmitted to Pinterest servers. The servers are located in the United States. The log data may allow us to draw conclusions about the IP address, the websites visited, the type and settings of the browser, the date and time of the request, the use of Pinterest and cookies.
For details, see Pinterest’s privacy statement:

Data Security

The Data Controller manages the Personal Data in accordance with the principles of good faith, fairness and transparency, as well as the applicable legislation and this guide. The Data Controller do not control the validity of the Personal Data you entered. Only the person who gave it will be responsible for the compliance of the provided Personal Data.

The Data Controller shall ensure the security of Personal Data, take the technical and organizational measures and establish the procedural rules that ensure that the recorded, stored or managed data are protected or prevented for accidental loss, unauthorized destruction, unauthorized access, unauthorized use and unauthorized alteration or unauthorized disclosure. In order to comply with this obligation, the Data Controller invites all third parties to whom Personal Data is transmitted.

However, due to the nature of the service, we cannot be held responsible for the loss, damage or other damage to the data for technical reasons.
Purchases in our online store are possible without registration or with registration (recommended). If users register as customers in our online store, it is necessary to provide the following data to users during registration; name, address, email, phone number, order address, and billing information.

The online store may manage the natural personally identifiable data and address necessary to identify the user in order to create a contract for the provision of an information society service, define its content, modify it, monitor its fulfillment, in case invoice the resulting fees and enforce the related claims. The web store may also manage natural personally identifiable information, address and data information on the date, time and place of use of the service for the purpose of invoicing the fees arising from the contract for the provision of the information society service. The web store may process personal data that is technically necessary for the provision of the service in order to provide the service.

Our webshop fulfills a mandatory legal obligation to provide information based on requires to competent authorities, administrative bodies and other government bodies.
Hereby we inform our users that by registering in the webshop, you give your express consent to the use of your data for the purpose and in accordance with the general terms and conditions. The period of data processing lasts until the data subject’s consent to the data processing is revoked or the registration is canceled.

The purpose of managing your data is to enable the processes necessary for using the services of the web store (especially the purchase of products) (payment of the price of the product, delivery, etc.).
We inform you that we will only use the data from the web shop for the required period and scope for processing.
Your data is managed by the web store and our partners involved in the fulfillment of your order to the extent, in the manner and for the timeframe necessary for the fulfillment of the order.
You can also view, modify or delete the data provided by the web store through your registration account.
The data recorded and saved during your order is used by the web store to fulfill the order.

The data of the invoice that was created by ordering each IT system on the webshop pages is recorded with the data that was specified when the order was placed and stored for the period specified in the current accounting law.


To successfully subscribe to our newsletter we need the email address of our customers. A verification of the specified email address is necessary and the receipt of the newsletter must be consented to. Additional data is not collected and is voluntary. The data is used exclusively for sending the newsletter.
The data provided when registering for the newsletter are processed exclusively on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your already given consent at any time. An informal e-mail notification is sufficient for the revocation or you can unsubscribe using the “Unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

Data entered to set up the subscription will be deleted if you cancel.


The processing of personal data is voluntary consent of the user.
The Users can request information about the management of their personal data. The Controller provides information on request about the data handled by him, the purpose and time-frame of data management, legal basis, the Controller’s name, address (Address: H-9485 Nagycenk, Kiscenki u. 47.) and activities related to data management, as well as who and for what purpose the data were received. Information can be requested on the postal address of the Controller (Address: H-9485 Nagycenk, Kiscenki u. 47.), or at the e-mail address.

The request sent by Email will only be considered credible if it is sent by the Users registered email address, but this does not preclude that the Data Controller have the possibility to identify the User before providing the information in an additional method too.
The user may request the Company in writing to provide information as to:

the personal data processed by the Company regarding the data subject, as well as
the legal basis of the processing,
the purpose of the processing,
from which source the personal data originate,
the duration of the processing,
to whom the Company forwards the personal data and its legal basis.

The data controller shall inform the user of the processed data, the purpose, legal basis and duration of the processing as soon as possible but no later than 25 days after the request has been submitted.
The User can request the change or deletion of their personal data on the same contact information above.
The User may request the data processor to correct his / her personal data at the time of processing. The request is processed by the data controller within 15 working days.
The User may request the deletion of the Personal Data handled by the Data Controller.

The User have the opportunity to request the cancellation of personal data, which the data controller will complete within 15 working days of receiving the request. The right of revocation does not apply if the data controller can legally store the data, or the data controller is entitled to continue processing personal data (such as billing) by law.
Cancellation may be refused (i) for the purpose of exercising the right to freedom of expression and access to information, or (ii) where the law governing the processing of Personal Data is authorized; and (iii) submitting, enforcing, or protecting legal claims.
In any case, the Data Controller informs the User of the denial of the cancellation request, indicating the reason for the denial of the cancellation. After the request for deletion of personal data, previous (deleted) data can no longer be recovered.

The newsletters sent by the Data Controller can be canceled via the unsubscribe link or button. In case of unsubscribe, the data controller will delete the user’s personal data in the newsletter database.
The User may request that his or her personal data is restricted by the Data Controller if the User disputes the accuracy of the given Personal Data. In this case, the restriction refers to the time period that the Data Controller may check for the accuracy of Personal Data.
The Data Controller denotes the Personal Data which is managed if the User disputes its accuracy, but the incorrect or imprecise nature of the disputed Personal Data cannot be ascertained clearly.

The User may request that the Data Controller hand over and / or transfer the data provided by the User and processed by the User in a machine (digitalized) readable and widely used machine-readable, personalized form and / or forward them to another data processor.
The User may deny to the processing of Personal Data (i) if the processing of Personal Data is only required to fulfill the Legal Obligation of the Data Manager or to enforce the legitimate interest of the Data Controller, any Service Operator or third party; (ii) if the purpose of Data Management is to acquire direct business, research or scientific research; or (iii) if Data Management is performed in the interest of a public interest task.

The Data Controller examines the legitimacy of the User’s denial and, if it establishes the validity of the denial, closures the Data Management and stops the Personal Data processing. In additionally, it informs the infected parties -to whom the personal data affected by the denial were previously transmitted- of notification of the denial and its sanctions.
The User may ask the Data Processor to block personal data if the final deletion of the data would harm or damage the legal interests of the data subject. Blocked personal data can only be processed until the reason for the deletion of personal data (until it is possible to complete the process) is discontinued.

Th user may object to data handling when:
• if the processing or transmission of personal data is only necessary to fulfill the legal obligation of the Data Controller or to enforce the legitimate interests of the Data Controller, Data Provider or third party, except in case of mandatory data handling and Infotv. Article 6 (5);
• If the use or transmission of personal data is done for direct business acquisition, polling or scientific research without your consent.

The Data Controller will examine the denial within the shortest time, but within 15 days of the submission of the request, make a decision on its validity and will inform you in writing of its decision. If the data controller fails to complete his or her claim for rectification, blocking or cancellation, he or she communicates, in writing or with the consent of the person concerned, within 25 days of receipt of the request the factual and legal grounds for rejecting the request for rectification, blocking or cancellation.

In the event that a court or authority orders the deletion of Personal Data, the deletion will be executed by the Data Controller. Instead of deleting, the Data Controller restricts the use of Personal Data, while informing the User, if the User so requests or if, based on the information available to him, it may be assumed that deletion would undermine the legitimate interest of the User. The Personal Data will not be cleared by the Data Controller until such time as the Data Management Purpose still exist, which excludes the deletion of Personal Data.

Data Processing

For the purpose of performing the activities of the Data Controller, the Data Processors named above are referred to in this guide.
Data processors will not make a separate decision, only deal with the contract with the Data Controller and have only the right to proceed with the instructions received. After May 25, 2018 Personal Data transmitted and processed by the Data Controller to the Processor is recorded, processed or processed in accordance with the provisions of the GDPR. Therefore, the processor makes a written statement to Data Controller.
The Data Controller checks the work of Data Processors.
The Data Processor are only entitled to use services of further the Data Processing Processor by the agreement of the Data Controller.

Name: Horváth és Lukács Galéria Kft.
Owner: Horváth Ágnes
Address: H-9485 Nagycenk Kiscenki u. 47.
Phone: +36 99 532 210

If you contact us via the contact form on the webpage or by email, the information provided here will be stored for up to six months for processing your request and answering tracking questions. Without your consent, we will not share this information.
The invoices are set out according to the Articles Sztv. 169. § (2.) and will be stored for eight years from the date of issue of the invoice. Please note that, if you withdraw your consent to the issuance of your invoice, the Data Controller is entitled due to the Infotv. (6) (5) (a) to retain the personal data included during storage of the invoice for 8 years.

Legal remedy:
If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at:
The User may contact the National Data Protection and Information Authority directly with your privacy complaint:

Contact information of the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)
Registered seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Mailing address: 1530 Budapest, Pf. 5
Telephone: +36(1)3911400
Telefax: +36(1)3911410
E-mail address:

Right to a court

The User– regardless of their right to complaint – may file an action with the courts if their rights under the GDPR and the Privacy Act have been violated. Any action against the Company may only be filed with a Hungarian court. The case may be initiated before the tribunal of the domicile or place of residence of the person concerned, according to his choice. The Data Controller informs the User of the juridical opportunity and instruments upon request.

Nagycenk, 2021.05.01.