This Privacy Policy explains how Lajos Kiss (owernight studio.), sole trader (“we”, “us”, “our”, or the “Controller”) collects, uses, stores, and protects personal data in connection with the website www.owernight.com and our related business activities.
We are committed to processing personal data lawfully, fairly, and transparently, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”) and applicable Hungarian data protection laws.
Registered seat: 3934 Hungary, Tolcsva, Dózsa György út 69.
Registration number: 59872010
Tax number: 90603224-1-25
Phone+36 30 1452580
Email: info@owernight.com
Website: www.owernight.com
We are not required to appoint a Data Protection Officer under Article 37(1) GDPR.
This Privacy Policy applies to:
- visitors of our website;
- individuals contacting us through the website or by email/phone;
- business partners and their contact persons;
- individuals subscribing to our newsletter or marketing communications;
- visitors interacting with our social media pages.
For the purposes of this Privacy Policy, the following terms shall have the meanings set out below:
Data Processing
the performance of technical tasks related to data processing operations.
Processing
any operation or set of operations which is performed on personal data or on sets of personal data, regardless of the procedure applied, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction, as well as the prevention of further use of the data, including the taking of photographs, audio or video recordings.
Controller
the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data and makes and implements decisions regarding data processing, or has such operations carried out by a data processor on its behalf.
Restriction of Processing
the marking of stored personal data with the aim of limiting their processing in the future.
Data Transfer
making personal data accessible to a specified third party.
Erasure
rendering personal data unrecognisable in such a way that their restoration is no longer possible.
Personal Data Breach
a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Pseudonymisation
the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures.
eDM (electronic Direct Mail)
a form of direct marketing communication, whereby the Controller sends advertising or marketing messages via email to the data subject, based on the data subject’s prior consent.
Data Subject
any identified or identifiable natural person to whom the personal data relates.
Third Party
any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent
any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them.
Filing System
any structured set of personal data which is accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
Personal Data
any information relating to an identified or identifiable natural person, including but not limited to name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Objection
a statement by the data subject objecting to the processing of their personal data and requesting the termination of such processing or the erasure of the data.
Website
the website operated by the Controller, available at: www.owernight.com
We process personal data in accordance with the principles set out in Article 5 of the GDPR, as detailed below:
Lawfulness, fairness and transparency
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. We ensure that all processing activities comply with applicable legal requirements and are carried out in a fair and transparent way.
Purpose limitation
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. We only process personal data to the extent necessary to achieve the defined purposes.
Data minimisation
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. We only collect and process personal data that is strictly necessary.
Accuracy
Personal data shall be accurate and, where necessary, kept up to date. We take reasonable steps to ensure that inaccurate personal data is rectified or erased without delay.
Storage limitation
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and confidentiality
Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.
Accountability
We are responsible for, and able to demonstrate compliance with, the above principles.
In addition to the above principles, we ensure that data subjects are provided with appropriate information regarding the processing of their personal data in accordance with applicable legal requirements.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction.
Depending on how you interact with us, we may process the following categories of personal data:
- name;
- email address;
- phone number;
- job title and company details;
- message content and other information voluntarily provided by you;
- technical data, such as IP address, browser type, device information, and website usage data;
- social media profile name, profile image, and publicly available content if you interact with our social media pages.
We do not intentionally collect special categories of personal data.
We select our processors carefully and ensure they provide appropriate safeguards for data protection.
7.1 Contacting us through the website or by email
When you contact us through the website, email, or other listed contact details, we process the personal data you provide, such as your name, email address, phone number, and the content of your message.
Purpose: To respond to your inquiry, communicate with you, and take steps prior to entering into a contract where relevant.
Legal basis:
- Article 6(1)(b) GDPR – processing necessary in order to take steps at your request prior to entering into a contract; or
- Article 6(1)(f) GDPR – our legitimate interest in handling incoming inquiries and business communications.
Retention period:
For as long as necessary to handle the inquiry and, where relevant, for the general civil law limitation period of 5 years in order to establish, exercise, or defend legal claims.
7.2 Cookies and similar technologies
Our website may use cookies and similar technologies. Cookies may be stored on your device either as strictly necessary for the operation of the website or based on your consent preferences.
Cookies are small text files stored on your device when you visit a website. They are widely used to ensure the proper functioning of websites, enhance user experience, and provide information to website operators.
We use cookies and similar technologies to:
- ensure the proper operation and security of the website;
- remember user preferences;
- analyse website traffic and usage (where applicable);
- improve the performance and functionality of our services.
Our website may use both first-party and third-party cookies:
- First-party cookies are set by our website and are typically necessary for its operation.
- Third-party cookies may be set by external service providers (such as analytics or social media platforms) and may be used to analyse user behaviour or provide additional functionality.
Where required by law, non-essential cookies (such as analytics or marketing cookies) are only used based on your prior consent.
You can manage your cookie preferences at any time through our cookie banner or settings panel, where you can withdraw or modify your consent.
Legal basis:
- Strictly necessary cookies: our legitimate interest in ensuring the proper operation and security of the website (Article 6(1)(f) GDPR);
- Non-essential cookies (e.g. analytics, marketing): your consent (Article 6(1)(a) GDPR).
Retention period:
Cookie retention periods vary depending on the specific cookie. Detailed information is available in our cookie settings panel.
For more information, please see our cookie settings panel.
7.3 Social media pages
We maintain social media pages, including:
- Facebook: owernight.studio
- Instagram: owernight.studio
- TikTok: owernight.studio
- Dribbble: owernight.studio
If you interact with our social media pages (for example, by following, liking, commenting, or messaging us), we may process your publicly available profile data and the content of your interaction.
Purpose:
To provide updates about our services, communicate with users, and maintain our online presence.
Legal basis:
Article 6(1)(f) GDPR – our legitimate interest in communication and marketing through social media platforms.
Retention period:
Until the relevant interaction is deleted, withdrawn, or removed by you or the platform, subject to the platform’s own retention rules.
Please note that Facebook, Instagram, TikTok and Dribbble process personal data independently under their own privacy policies.
7.4 Contract conclusion and performance
If we enter into a contract with a business partner, we may process the personal data of contact persons, such as name, phone number, job title, and email address.
Purpose:
Business communication, contract management, and performance of contractual obligations.
Legal basis:
Article 6(1)(f) GDPR – our legitimate interest in maintaining business relationships and ensuring effective communication; and, where applicable, Article 6(1)(b) GDPR.
Retention period:
For the duration of the contractual relationship and thereafter for 8 years where retention is required for accounting or legal compliance purposes.
7.5 Newsletter and electronic direct marketing (eDM)
If you subscribe to our newsletter or marketing emails, we process your name and email address.
Purpose:
To send newsletters, updates, offers, and other marketing communications.
Legal basis:
Article 6(1)(a) GDPR – your consent.
Retention period:
Until you withdraw your consent or unsubscribe. You may unsubscribe at any time using the unsubscribe link in our emails or by contacting us directly.
Under the GDPR, you have the following rights in relation to your personal data:
Right to transparent information
You have the right to receive information about the processing of your personal data in a concise, transparent, intelligible, and easily accessible form. We will respond to your request without undue delay and in any event within one month.
Right of access
You have the right to obtain confirmation as to whether or not we process your personal data, and, where that is the case, access to the personal data and information regarding:
- the purposes of processing;
- the categories of personal data concerned;
- the recipients or categories of recipients;
- the envisaged retention period;
- your rights under applicable data protection laws.
Right to rectification
You have the right to request the correction of inaccurate personal data and to have incomplete personal data completed.
Right to erasure (“right to be forgotten”)
You have the right to request the deletion of your personal data without undue delay where:
- the data is no longer necessary;
- you withdraw your consent and there is no other legal basis;
- you object to processing and there are no overriding legitimate grounds;
- the data has been unlawfully processed;
- erasure is required by law.
Right to restriction of processing
You have the right to request restriction of processing where:
- you contest the accuracy of the data;
- processing is unlawful but you oppose erasure;
- we no longer need the data, but you require it for legal claims.
Right to data portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
Right to object
You have the right to object to processing based on legitimate interests at any time. In such cases, we will cease processing unless we demonstrate compelling legitimate grounds.
Right to withdraw consent
Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.
To exercise your rights, please contact us at: info@owernight.com
We may use carefully selected service providers who process personal data on our behalf for technical, hosting, communication, analytics, newsletter, invoicing, cookie management, and social media related purposes.
These may include, where applicable:
- **Framer B.V.** – website hosting and form infrastructure;
- **Google / Gmail** – email communication and receiving form submissions;
- **Billingo Technologies Zrt.** – invoicing;
- **Rackhost Zrt.** – domain hosting or server-related services, if used;
- **Google Ireland Limited / Google LLC** – analytics or related services, if used;
- **CookieYes Limited** – cookie consent management, if used;
- **Meta Platforms Ireland Limited** – Facebook and Instagram social platform, page management.
- **TikTok Technology Limited** – Tiktok socal media platform, page management.
We ensure that our processors only act on our documented instructions and are subject to appropriate confidentiality and security obligations.
Please note that our data processors may process personal data in accordance with their own privacy policies. Further information about their data processing practices is available in their respective privacy notices, which are accessible via the links provided.
Framer: https://www.framer.com/legal/privacy-statement/
Google: https://business.safety.google/compliance/
Billingo: https://www.billingo.hu/adatkezelesi-tajekoztato
Rackhost: https://www.rackhost.hu/privacy-policy
CookieYes: https://www.cookieyes.com/privacy-policy/
TikTok: https://www.tiktok.com/legal/page/us/privacy-policy/en
Meta (Facebook, Instagram): https://www.facebook.com/privacy/policy/
Some of our service providers may process personal data outside the European Economic Area (“EEA”).
Where personal data is transferred outside the EEA, we ensure that an appropriate transfer mechanism under Chapter V GDPR is in place, such as:
- an adequacy decision of the European Commission;
- the European Commission’s Standard Contractual Clauses (SCCs);
- where applicable, participation in the EU–US Data Privacy Framework;
- where applicable, another lawful transfer mechanism recognised under the GDPR.
For more information about international transfers and the safeguards applied in a specific case, you may contact us at info@owernight.com.
We do not use personal data for automated decision-making or profiling within the meaning of Article 22 GDPR.
We store personal data in electronic systems and, where necessary, in paper-based records.
We implement appropriate technical and organisational security measures designed to protect personal data, including protection against unauthorised access, accidental loss, unlawful destruction, alteration, or disclosure.
We maintain records of personal data breaches and, where required by law, notify the competent supervisory authority and/or affected individuals.
Under the GDPR, you have the following rights, subject to applicable legal conditions:
- the right to access your personal data;
- the right to rectification;
- the right to erasure;
- the right to restriction of processing;
- the right to data portability;
- the right to object to processing based on legitimate interests;
- the right to withdraw consent at any time where processing is based on consent;
- the right to lodge a complaint with a supervisory authority.
To exercise your rights, please contact us at info@owernight.com.
We will respond to your request without undue delay and in any event within one month of receipt, unless the GDPR permits a longer period.
If you believe that the processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority.
In Hungary, the competent authority is:
National Authority for Data Protection and Freedom of Information (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary
Website: www.naih.hu
Phone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
You also have the right to seek judicial remedy before the competent court.
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
Where a personal data breach is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay, unless an exception under the GDPR applies.
We reserve the right to amend this Privacy Policy at any time, in particular to reflect changes in our services, legal obligations, or data processing practices.
The current version is always available on our website.
This privacy statement is effective April 01, 2026.