Buda Energy Privacy Policy

Last updated: 15 December 2025

This Privacy Policy explains how Buda Energy (“we”, “us”, “our”, “Controller”) collects, uses, shares, and protects personal data when you visit or use our websites and related services. This policy is aligned with Squarespace’s guidance for sites hosted on its platform.

1) Controller (data controller) and contact details

Name: Krisz-Pigment Kft.
Registered address: 9722, Perenye, Bárka utca 9., Hungary
Email: info@buda-energy.com
Phone: +36 30 288 8452

Websites covered by this policy: buda-energy.com

2) Where we host our site (Squarespace)

Our website is hosted and operated on the Squarespace platform. Squarespace provides website infrastructure and related services (for example: website hosting, security, and certain site functionality). Squarespace sites use cookies and visitor data to work correctly, and Squarespace provides tools such as cookie banners and settings to help with EU/UK privacy requirements.

Squarespace’s own Privacy Policy is available on its website and explains how Squarespace processes data as a service provider.

3) What personal data we collect

Depending on how you interact with our site, we may process the following categories of personal data:

A. Website/technical data

  • Device and browser information, pages viewed, approximate location (derived from IP), and cookie identifiers (where applicable).

  • Security and fraud-prevention related logs.

B. Contact and customer support data

  • Name, email address, phone number, and the content of your message when you contact us.

C. Order and customer account data (if you purchase from us / create an account)

  • Name, email, phone number

  • Billing and shipping address

  • Order details (what you purchased, quantity, size/variant, price, VAT info where relevant)

  • Payment status and transaction references (note: we do not typically receive your full card details, those are handled by payment providers).

Squarespace-based shops commonly share customer/order information with Squarespace as the hosting/e-commerce provider to provide website services (checkout, order management, etc.).

4) Why we use your data and our legal bases (GDPR)

We process personal data only where we have a lawful basis, including:

A. To operate the website and keep it secure
Legal basis: legitimate interests (site operation, IT security) and/or legal obligation where required.

B. To respond to messages and provide customer support
Legal basis: legitimate interests and/or steps prior to entering a contract (depending on the request). We delete general inquiries typically within 2 years.

C. To process orders and perform a contract (checkout, delivery, returns, warranty handling) Legal basis: performance of a contract; and legal obligation for invoicing/accounting records (where applicable).

D. Marketing communications (newsletter, direct marketing)
Legal basis: your consent (where required). You can withdraw consent at any time (e.g., unsubscribe).

E. Analytics and advertising cookies (where enabled)
Legal basis: consent for non-essential cookies, where required by law and your cookie settings. Squarespace provides cookie banner controls, and Squarespace analytics cookies can be disabled.

5) Cookies, analytics, and advertising

We use cookies and similar technologies to:

  • Make the site work (essential cookies)

  • Remember preferences (functional cookies)

  • Measure performance and site usage (analytics cookies)

  • Support advertising/remarketing (marketing cookies, where enabled)

Squarespace cookies: Squarespace uses cookies for site functionality and (optionally) analytics/performance; it also provides settings and a cookie banner for consent management.

Google Analytics (if enabled): Our site may use Google Analytics, which uses cookies to help analyze how visitors use the site; IP anonymization may be applied where configured.

Google Ads / conversion tracking & Consent Mode (if enabled): If we run ads, we may use Google conversion tracking and Google Consent Mode v2 signals (including consent-related cookie types such as ad_user_data and ad_personalization) via our consent banner/settings.

You can manage cookie preferences via our cookie banner/settings and your browser controls. Withdrawing consent does not affect processing that already happened based on consent before withdrawal.

6) Who we share data with (recipients / processors)

We may share your personal data with:

  • Squarespace (hosting and website services provider) to operate the site and, where applicable, process orders and site functionality.

  • Payment service providers (depending on what you choose at checkout) to process payments.

  • Shipping/delivery partners to deliver orders (name, address, phone/email as needed for delivery updates).

  • IT and security service providers (hosting support, backups, fraud prevention).

  • Authorities/courts if required by law or to enforce legal claims.

7) Data retention (how long we keep your data)

We keep personal data only for as long as necessary for the purposes described above, including:

  • Customer service messages: typically up to 2 years.

  • Invoicing/accounting documents: retained for the period required by applicable accounting/tax rules.

  • Contractual claims: we may retain certain data for limitation periods (e.g., civil claims).

  • Cookie data: retained based on cookie type and duration (see cookie settings).

8) Your rights (GDPR)

You have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Request deletion (“right to be forgotten”) where applicable

  • Restrict processing

  • Data portability

  • Object to processing based on legitimate interests

  • Object to direct marketing at any time

  • Not be subject to certain automated decisions (where applicable)

We respond without undue delay, generally within 1 month (extendable by 2 months in complex cases, with notice).

To exercise your rights, contact us using the details in Section 1.

9) Data security

We use appropriate technical and organizational measures to protect personal data (access controls, backups, malware protection, and related safeguards).

10) Data breaches

If a personal data breach occurs, we follow applicable GDPR rules, including notifying the supervisory authority within 72 hours where required, and informing affected individuals when the risk is high.

11) Complaints

If you believe your data protection rights have been violated, you can lodge a complaint with the Hungarian supervisory authority:

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
1055 Budapest, Falk Miksa utca 9-11.
Mailing address: 1363 Budapest, Pf. 9.
Phone: +36 1 391 1400
Email: ugyfelszolgalat@naih.hu

You may also seek judicial remedy.

12) Changes to this policy

We may update this Privacy Policy from time to time. The updated version becomes effective when published on our website(s).