Privacy Policy

Last updated: June 15, 2025

1. Who we are

This privacy policy explains how Vinotek.hu Kft. ("we", "us", "Wanderyarn") collects, uses, and protects your personal data when you use our website at https://wanderyarns.com. We are based in Hungary and comply with the EU General Data Protection Regulation (GDPR).

For any privacy-related questions, contact us at hello@wanderyarns.com.

2. What data we collect

We collect the following categories of personal data:

Account information

  • Email address
  • Display name (if you choose to set one)
  • Password (stored as a secure hash, never in plain text)

Purchase and payment data

  • Purchase history (which tours or bundles you bought)
  • Transaction amounts and dates
  • Stripe customer ID (we never see or store your full card number)

Usage and analytics data

  • Pages visited and features used
  • Device type, browser, and operating system
  • Approximate location (country/city level, from IP address)
  • Referral source (how you found our website)

3. How we use your data

We use your data for the following purposes:

  • Providing our service β€” to create your account, deliver purchased tours, and manage subscriptions
  • Processing payments β€” to handle transactions securely through Stripe
  • Improving our product β€” to understand how people use Wanderyarn and make it better
  • Communication β€” to send purchase confirmations, service updates, and (with your consent) marketing emails
  • Legal compliance β€” to meet our legal obligations, including tax and accounting requirements

4. Legal basis for processing

Under the GDPR, we process your data based on:

  • Contract performance β€” processing necessary to deliver the services you purchased
  • Consent β€” for marketing emails and non-essential cookies (you can withdraw consent at any time)
  • Legitimate interest β€” for analytics and product improvement, balanced against your privacy rights
  • Legal obligation β€” for tax records and fraud prevention

5. Cookies and tracking technologies

We use the following cookies and tracking tools:

Essential cookies

Session cookies required for authentication and basic site functionality. These cannot be disabled.

Analytics cookies

  • Google Tag Manager (GTM) β€” manages the loading of other tracking scripts
  • Google Analytics 4 (GA4) β€” measures website traffic, user behavior, and conversion events

Marketing cookies

  • Meta Pixel (Facebook) β€” tracks conversions and enables retargeting ads on Meta platforms

You can manage your cookie preferences at any time. Most browsers also allow you to block or delete cookies through their settings.

6. Third-party data processors

We share your data with the following trusted service providers who process data on our behalf:

  • Supabase (database hosting) β€” stores your account data and purchase history. Servers located in the EU.
  • Stripe (payment processing) β€” handles payment transactions securely. Stripe is PCI DSS Level 1 certified.
  • Vercel (website hosting) β€” hosts and serves our website. May process server logs containing IP addresses.
  • Google (analytics) β€” processes anonymized usage data through GA4.
  • Meta (advertising) β€” receives conversion data for ad targeting.

All processors are bound by data processing agreements and are required to protect your data in accordance with GDPR.

7. How long we keep your data

  • Account data β€” kept as long as your account is active. Deleted within 30 days of account deletion request.
  • Purchase records β€” retained for 8 years to comply with Hungarian tax and accounting laws.
  • Analytics data β€” automatically anonymized or deleted after 14 months (GA4 default).
  • Marketing data β€” deleted when you withdraw consent or within 30 days of unsubscribing.

8. Your rights under GDPR

As a user in the EU, you have the following rights regarding your personal data:

  • Right of access β€” request a copy of all personal data we hold about you
  • Right to rectification β€” ask us to correct inaccurate data
  • Right to erasure β€” request deletion of your personal data ("right to be forgotten")
  • Right to data portability β€” receive your data in a machine-readable format
  • Right to restrict processing β€” limit how we use your data
  • Right to object β€” object to processing based on legitimate interest
  • Right to withdraw consent β€” withdraw consent at any time for consent-based processing

To exercise any of these rights, email us at hello@wanderyarns.com. We will respond within 30 days. You also have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).

9. International data transfers

Some of our service providers (Stripe, Vercel, Google, Meta) may transfer data outside the EU. Where this happens, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions.

10. Children's privacy

Wanderyarn is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you via email or a prominent notice on our website. The "Last updated" date at the top indicates the most recent revision.

Please also read our Terms & Conditions for information about how you may use our service.