Privacy & GDPR Policy

Erdőkör Forest School processes your personal data lawfully, fairly, and transparently.

This policy explains how we collect, use, store, and protect your information when you use our website or register for our forest school sessions.

1. Details and Contact Information of the Data Controller

GDPR and privacy inquiries should be directed to:

Business name: Compton Ross Graham e.v.
Registered address: Budapest, Hungary, Tündérliget u 9.
Tax number (adószám): 90985841-1-41
Email: hello@erdokor.hu

 

2. Personal Data We Collect

We collect only the personal information necessary for our operations and to ensure the safety and wellbeing of children attending our forest school.

Billing & Contact Information

  • Name, company (optional), address, phone, email

Child & Emergency Information

  • Child’s full name, date of birth, sex, home address
  • Additional children’s details (if applicable)
  • Emergency contact names, phone numbers, email addresses
  • Medical conditions, allergies, dietary requirements, or other relevant details

Consents & Permissions

  • First aid and medical care consent
  • Consent for participation in forest school activities
  • Consent for photographs or video recordings for social media

Marketing Preferences

  • Consent to receive newsletters or promotional emails

Technical Data

When you use our website, we may collect technical data such as IP address, browser type, and device information.
 This information is used only to maintain website security and performance.

 

3. How We Use Personal Data
We use your data to:

  • Process bookings and payments
  • Ensure child safety and provide appropriate care
  • Comply with legal, tax, and accounting obligations
  • Send newsletters or marketing messages (only with your consent)
  • Share photos or videos on social media (only with explicit consent)

4. Legal Basis for Processing

We process personal data based on:

  • Contractual necessity: to manage bookings and provide services
  • Consent: for medical information, photographs, and marketing
  • Legal obligations: for accounting and tax compliance

5. How We Store and Protect Your Data

  • Our website and database are securely hosted by Rackhost.hu (GDPR-compliant).
  • Payments are processed via Stripe (through WooCommerce); we do not store payment card details.
  • We use appropriate technical and organizational measures such as secure servers, encryption, and restricted access.
  • All personal data are treated confidentially and accessed only by authorized personnel.

6. Who We Share Data With

We may share personal data with:

  • Rackhost.hu – for website hosting and database storage (GDPR-compliant)
  • Mailchimp – for sending newsletters, only if you have given consent (GDPR-compliant)
  • Stripe (via WooCommerce) – to process payments securely (GDPR-compliant)
  • Photography/social media – only if explicit consent is provided

Some of our third-party providers, such as Mailchimp and Stripe, may process data outside the European Economic Area (EEA). These providers implement appropriate safeguards to protect your personal data, including Standard Contractual Clauses or equivalent measures.

We do not sell or trade your personal information to other parties.

7. Data Retention

We retain personal data only for as long as necessary to fulfill legal, tax, and accounting obligations and to provide our services.

  • Billing and booking information is kept for 8 years to comply with accounting and tax regulations.
  • Child and emergency information is also retained for 8 years.
  • Marketing consent data are retained until consent is withdrawn.
  • Photos and media are retained until consent is withdrawn.
  • After the retention period, personal data is securely deleted or anonymized.

8. Cookies

Our website uses cookies as described in our Cookie Policy.
 Cookies help ensure the proper functioning of our website and may enhance your browsing experience.
 We only use non-essential (e.g., analytics or marketing) cookies with your consent.

You can manage or withdraw your cookie preferences at any time through our cookie banner or your browser settings.
 For detailed information about the types of cookies we use, their purpose, and storage duration, please refer to our Cookie Policy.

 

9. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Correct any errors in your data
  • Request deletion of your data (right to be forgotten)
  • Restrict or object to processing
  • Withdraw consent for marketing or photography
  • Lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH)

To protect your personal data, we may require verification of your identity before fulfilling any access, correction, or deletion requests.

NAIH Contact:
Website: https://www.naih.hu
Email: ugyfelszolgalat@naih.hu
Postal address: 1055 Budapest, Falk Miksa u. 9-11, Hungary

 

10. Applicable Laws

This policy complies with:

  • EU Regulation 2016/679 (GDPR)
  • Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Info Act)
  • Act V of 2013 on the Civil Code (Ptk.)
  • Act CVIII of 2001 on Electronic Commerce (Eker tv.)
  • Act C of 2003 on Electronic Communications (Ehtv.)
  • Act CLV of 1997 on Consumer Protection (Fogyv tv.)
  • Act XLVIII of 2008 on Advertising (Grtv.)

11. Updates to This Policy
We may update this policy if our services or data processing change.
 The latest version is always available on erdokor.hu.

 Last updated: October 24, 2025

0