Privacy Policy

The protection of your personal data is absolutely important to our company. Processing and handling of data is done only on the basis of legal definitions and regulations. The Gallery undertakes to ensure that all data management related to its activity meets the requirements set out in this guide and in the applicable legislation. The Gallery reserves the right to unilaterally alter this guide at any time. The User accepts our actual applicable data security guide at the next entry, and there is no need to request the consent of each User.

(Regulation (EU) No 2016/679 (GDPR) of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing applicability of Regulation No 95/46 /EK) With the following guide we want to inform our website visitors about our data protection aspects, data processing, and closely related privacy information:

Responsible Body:

Horváth & Lukács Galéria Kép-, Képkeret-, Művészeti Kellék-,Kereskedelmi és Gyártó Korlátolt Felelősségű Társaság

Adress: H-9485 Nagycenk Kiscenki u. 47.
Phone: +36 995 32 210
E-mail: +36 995 32 210



» “Personal Data” means any information about an identified or identifiable natural person (“concerned”); a natural person may be identified, directly or indirectly, based on one or more factors such as name, number, positioning data, online identifier or factors relating to the natural persons physical, physiological, genetic, intellectual, economic, cultural or social identification. · “Data Management” means any operation or operation in any automated or non-automated way of personal data or data files, such as collecting, recording, rendering, compiling, storing, modifying or modifying, querying, inspecting, using, communicating, transmitting, distributing or making available by other means, alignment or interconnection, restriction, deletion or cancel;
» “Restrictions on data handling” means the designation of stored personal data to limit their future management;
» “Data Controller” means any natural or legal person, public authority, agency or any other body that determines the purposes and means of handling personal data individually or with others; where the purposes and means of data management are defined by the EU or national law, the data controller or the particular aspects of the designation of the data controller may also be defined by the EU or national law;
» „Data Processor” means any natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;
» “Restrictions on data management” means the designation of stored personal data to limit their future management;
» “Consent of the party concerned” means a voluntary, concrete, appropriate, informed and clear statement of the will of the person concerned by means of which the statement or confirmation is expressed in an unambiguous way of expressing his consent to the processing of his personal data;
» “Privacy Incident” means any breach of security resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.


Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site. Cookies often contain a unique identifier – a secret, randomly generated number line – that your device stores. Some cookies will disappear after the website is closed and some will be stored for a longer period of time on your computer, but will not cause any damage.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of GDPR. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Facebook Social Plugin

Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see

When you visit our site, a direct connection between your browser and the Facebook server is established via the plugin. This enables Facebook to receive information that you have visited our site from your IP address. If you click on the Facebook “Like button” while you are logged into your Facebook account, you can link the content of our site to your Facebook profile. This allows Facebook to associate visits to our site with your user account. Please note that, as the operator of this site, we have no knowledge of the content of the data transmitted to Facebook or of how Facebook uses these data. For more information, please see Facebook’s privacy policy at

If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.

For more information about Facebook’s data management policies, visit the following pages:


The service provider therefore does not affect the size of the data collected by Facebook through the plugin and therefore informs users according to their best knowledge: By integrating the plugin, Facebook receives information that the user has opened the online offer on the selected page. When a user has joined Facebook, Facebook can assign an “online visit” to your Facebook account.

If a user links to a plugin, such as pressing the Like button or leaving comments, it will directly send this information to Facebook and then this information will be store there. In addition, Facebook can access and store the user’s IP address if the user is not registered on Facebook. According to Facebook, only anonymous IP-

The purpose and scope of data collection, as well as the processing and use of data on Facebook, the rights and set-ups related to the protection of users’ privacy in this regard can be found in the Facebook Privacy Policy:,

If the user is a registered Facebook member and does not want to collect Facebook data through this online offer and link it to your Facebook stored data, you must log out of Facebook before visiting the site and delete the relevant Facebook cookies. Facebook social plugins can be locked with extensions linked to the browser, such as “Facebook Blocker”.

Google Analytics

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Browser plugin

You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link:

Objecting to the collection of data

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
For more information about how Google Analytics handles user data, see Google’s privacy policy:

Outsourced data processing

We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic data collection by Google Analytics

This website uses Google Analytics’ demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section “Refusal of data collection”.

To learn more about Google Analytics data management policies, visit the following pages:


Your IP address will be recorded but will be aliased at the time of capture. As a result, only rough localization is possible. Connecting to a web analytics service is based on the European Commission’s compliance decision (for the USA, “Privacy Shield”).

The data processing is based on the regulations of the GDPR.

Our goal is to continually improve our online appearance, supply and website through GDPR. Because protecting the privacy of our users is important to us, user data is immediately identified and stored for 7 years.

Data Security

The Data Controller manages the Personal Data in accordance with the principles of good faith, fairness and transparency, as well as the applicable legislation and this guide. The Data Controller do not control the validity of the Personal Data you entered. Only the person who gave it will be responsible for the compliance of the provided Personal Data. The Data Controller shall ensure the security of Personal Data, take the technical and organizational measures and establish the procedural rules that ensure that the recorded, stored or managed data are protected or prevented for accidental loss, unauthorized destruction, unauthorized access, unauthorized use and unauthorized alteration or unauthorized disclosure. In order to comply with this obligation, the Data Controller invites all third parties to whom Personal Data is transmitted.

The rights of the Users’ About the Management of their Personal Data

The processing of personal data is voluntary consent of the user.

The Users can request information about the management of their personal data. The Controller provides information on request about the data handled by him, the purpose and time-frame of data management, legal basis, the Controller’s name, address (Address: H-9485 Nagycenk, Kiscenki u. 47.) and activities related to data management, as well as who and for what purpose the data were received. Information can be requested on the postal address of the Controller (Address: H-9485 Nagycenk, Kiscenki u. 47.), or at the e-mail address.

The request sent by Email will only be considered credible if it is sent by the Users registered email address, but this does not preclude that the Data Controller have the possibility to identify the User before providing the information in an additional method too.

The user may request the Company in writing to provide information as to:

» the personal data processed by the Company regarding the data subject, as well as
» the legal basis of the processing,
» the purpose of the processing,
» from which source the personal data originate,
» the duration of the processing,
» to whom the Company forwards the personal data and its legal basis.

The data controller shall inform the user of the processed data, the purpose, legal basis and duration of the processing as soon as possible but no later than 25 days after the request has been submitted.

The User can request the change or deletion of their personal data on the same contact information above.

The User may request the data processor to correct his / her personal data at the time of processing. The request is processed by the data controller within 15 working days.

The User may request the deletion of the Personal Data handled by the Data Controller.

The User have the opportunity to request the cancellation of personal data, which the data controller will complete within 15 working days of receiving the request. The right of revocation does not apply if the data controller can legally store the data, or the data controller is entitled to continue processing personal data (such as billing) by law.

Cancellation may be refused (i) for the purpose of exercising the right to freedom of expression and access to information, or (ii) where the law governing the processing of Personal Data is authorized; and (iii) submitting, enforcing, or protecting legal claims.

In any case, the Data Controller informs the User of the denial of the cancellation request, indicating the reason for the denial of the cancellation. After the request for deletion of personal data, previous (deleted) data can no longer be recovered.

The newsletters sent by the Data Controller can be canceled via the unsubscribe link or button. In case of unsubscribe, the data controller will delete the user’s personal data in the newsletter database.

The User may request that his or her personal data is restricted by the Data Controller if the User disputes the accuracy of the given Personal Data. In this case, the restriction refers to the time period that the Data Controller may check for the accuracy of Personal Data.

The Data Controller denotes the Personal Data which is managed if the User disputes its accuracy, but the incorrect or imprecise nature of the disputed Personal Data cannot be ascertained clearly.

The User may request that the Data Controller hand over and / or transfer the data provided by the User and processed by the User in a machine (digitalized) readable and widely used machine-readable, personalized form and / or forward them to another data processor.

The User may deny to the processing of Personal Data (i) if the processing of Personal Data is only required to fulfill the Legal Obligation of the Data Manager or to enforce the legitimate interest of the Data Controller, any Service Operator or third party; (ii) if the purpose of Data Management is to acquire direct business, research or scientific research; or (iii) if Data Management is performed in the interest of a public interest task.

The Data Controller examines the legitimacy of the User’s denial and, if it establishes the validity of the denial, closures the Data Management and stops the Personal Data processing. In additionally, it informs the infected parties -to whom the personal data affected by the denial were previously transmitted- of notification of the denial and its sanctions.

The User may ask the Data Processor to block personal data if the final deletion of the data would harm or damage the legal interests of the data subject. Blocked personal data can only be processed until the reason for the deletion of personal data (until it is possible to complete the process) is discontinued.

The user may object to data handling when:

» if the processing or transmission of personal data is only necessary to fulfill the legal obligation of the Data Controller or to enforce the legitimate interests of the Data Controller, Data Provider or third party, except in case of mandatory data handling and Infotv. Article 6 (5);

» If the use or transmission of personal data is done for direct business acquisition, polling or scientific research without your consent.

The Data Controller will examine the denial within the shortest time, but within 15 days of the submission of the request, make a decision on its validity and will inform you in writing of its decision. If the data controller fails to complete his or her claim for rectification, blocking or cancellation, he or she communicates, in writing or with the consent of the person concerned, within 25 days of receipt of the request the factual and legal grounds for rejecting the request for rectification, blocking or cancellation.

In the event that a court or authority orders the deletion of Personal Data, the deletion will be executed by the Data Controller. Instead of deleting, the Data Controller restricts the use of Personal Data, while informing the User, if the User so requests or if, based on the information available to him, it may be assumed that deletion would undermine the legitimate interest of the User. The Personal Data will not be cleared by the Data Controller until such time as the Data Management Purpose still exist, which excludes the deletion of Personal Data.

Data Processing

For the purpose of performing the activities of the Data Controller, the Data Processors named above are referred to in this guide.

Data processors will not make a separate decision, only deal with the contract with the Data Controller and have only the right to proceed with the instructions received. After May 25, 2018 Personal Data transmitted and processed by the Data Controller to the Processor is recorded, processed or processed in accordance with the provisions of the GDPR. Therefore, the processor makes a written statement to Data Controller.

The Data Controller checks the work of Data Processors.

The Data Processor are only entitled to use services of further the Data Processing Processor by the agreement of the Data Controller.


Name: Horváth és Lukács Galéria Kft.
Owner: Horváth Ágnes
Address: H-9485 Nagycenk Kiscenki u. 47.
Phone: +36 995 32 210

If you contact us via the contact form on the webpage or by email, the information provided here will be stored for up to six months for processing your request and answering tracking questions. Without your consent, we will not share this information.

The invoices are set out according to the Articles Sztv. 169. § (2.) and will be stored for eight years from the date of issue of the invoice. Please note that, if you withdraw your consent to the issuance of your invoice, the Data Controller is entitled due to the Infotv. (6) (5) (a) to retain the personal data included during storage of the invoice for 8 years.

Legal remedy:

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at:

The User may contact the National Data Protection and Information Authority directly with your privacy complaint:

Contact information of the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)

Registered seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Mailing address: 1530 Budapest, Pf. 5
Telephone: +36(1)3911400
Telefax: +36(1)3911410
E-mail address:

Right to a court

The User– regardless of their right to complaint – may file an action with the courts if their rights under the GDPR and the Privacy Act have been violated. Any action against the Company may only be filed with a Hungarian court. The case may be initiated before the tribunal of the domicile or place of residence of the person concerned, according to his choice. The Data Controller informs the User of the juridical opportunity and instruments upon request.

Nagycenk, 2018.05.24.


Scroll to Top