Last Updated: [28/09/2025]

1. Who We Are

This website is operated by Safran Mihaly Zoltan (sole proprietor), located at
Mernok utca 37/c II/9, 1119 Budapest, Hungary.
For privacy questions, email info@mihalysafran.com.

We sell digital e-books, provide online coaching/training plans, and organize fitness camps worldwide.
We are the Data Controller under the EU General Data Protection Regulation (GDPR).

2. What Personal Data We Collect

We collect only the data needed to run our services:

  • Account & Contact Data – name, email, billing details, messages sent to us.

  • Purchase Data – order history, payment confirmations (but no full credit-card data; this is handled by secure payment processors).

  • Usage Data – IP address, device type, browser, pages visited, and cookies (for analytics and security).

  • Optional Health Information – if you voluntarily share fitness-related details during coaching.

3. How We Use Your Data

We use your data to:

  • Deliver digital products and coaching sessions.

  • Process payments and issue invoices.

  • Communicate with you about purchases, updates, or important service changes.

  • Improve our website and services (analytics, error detection).

  • Meet legal obligations (tax, accounting, consumer protection).

We never sell your data.

4. Legal Basis for Processing (GDPR)

We process your personal data only when:

  • You consent (e.g. newsletter signup, optional cookies),

  • It’s needed to perform a contract (order fulfillment, coaching),

  • We have a legal obligation (invoicing, tax),

  • Or we have a legitimate interest (site security, service improvement).

5. Cookies & Tracking

We use:

  • Essential cookies – required for login, checkout and security.

  • Analytics cookies (Google Analytics, Jetpack) – to understand site usage.

  • Marketing/remarketing cookies (Google Ads, Facebook) – only with your consent.

You can manage cookies in your browser or via our cookie banner. Rejecting non-essential cookies will not affect purchases.

6. Sharing Your Data

We only share data with:

  • Payment processors (PayPal, Stripe, Barion) for secure payments.

  • Service providers (web hosting, email services, analytics) under strict data-processing agreements.

  • Authorities, when required by law.

All partners are required to protect your data and use it only for the agreed purpose.

7. International Transfers

Our servers and service providers may operate outside the EU (e.g. US).
When data leaves the EU, we ensure adequate safeguards such as Standard Contractual Clauses to protect your rights.

8. Data Retention

  • Order and billing data: kept for the period required by tax/accounting law (usually 8 years in Hungary).

  • Coaching communications: retained as long as necessary to provide services.

  • Analytics data: typically retained for 26 months.

  • You can request deletion sooner where legally possible.

9. Your Privacy Rights

Under GDPR (EU/EEA users) you have the right to:

  • Access – know what data we hold.

  • Rectification – correct inaccurate data.

  • Erasure – request deletion when legally possible.

  • Restriction – limit processing in certain cases.

  • Portability – receive a copy in a structured format.

  • Object – to certain processing (e.g. marketing).

  • Withdraw consent – at any time.

To exercise these rights, email info@mihalysafran.com.
You also have the right to lodge a complaint with your local data protection authority.

10. Rights for California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how we use it,

  • Request deletion of your data,

  • Opt-out of any “sale” of personal data (we do not sell personal data).

To exercise these rights, email info@mihalysafran.com with “CCPA Request” in the subject.

11. Rights for Brazilian Users (LGPD)

Brazilian users have similar rights, including access, correction, deletion, and data portability.
Requests can be made via info@mihalysafran.com.

12. Data Security

We use HTTPS encryption, secure servers, and limited access to protect your data.
No method of transmission over the internet is 100% secure, but we take reasonable measures to safeguard your information.

13. Third-Party Links

Our site may link to external websites (e.g. payment providers, social media).
We are not responsible for the privacy practices of those sites—please review their policies.

14. Updates to This Policy

We may update this Privacy Policy when needed (for example, to reflect new laws or services).
If changes are significant, we will post a notice on our site.
Continued use of our services after an update means you accept the new policy.

15. Contact Us

For any privacy concerns or to exercise your rights:
info@mihalysafran.com
Safran Mihaly Zoltan