Privacy

Privacy Policy

Note: this is a draft carefully tailored to our actual data processing. A final, legally reviewed version will follow. Services marked "planned" are not yet active.

Protecting your data matters to us. This policy summarises which personal data we process, for what purpose and on what legal basis, and what rights you have under the GDPR.

1. Controller

Controller: Manasi Import and Export Kft. (CESARIES), 1106 Budapest, Gyakorló utca 4/D fsz. 3., Hungary. Contact: info@cesaries.com.

2. General

We process personal data only insofar as necessary to provide a functional website and our content and services, on the basis of the GDPR.

3. Hosting (Vercel)

This website is hosted by Vercel Inc. (USA). On access, technically necessary data (IP address, time, page requested, browser user-agent) is processed. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure provision). Third-country transfers safeguarded via Standard Contractual Clauses / the EU-U.S. Data Privacy Framework.

4. Backend (Medusa / AWS)

Shop functions run via our own backend on Amazon Web Services (AWS) servers in Frankfurt/EU. Legal basis: Art. 6(1)(b) GDPR (contract) and (f) (technical operation).

5. Orders and contract processing

When you order, we process: name, billing and delivery address, email, phone, company name and VAT ID if applicable, and order/configuration data. Legal basis: Art. 6(1)(b) GDPR. Stored for the duration of processing and statutory retention periods.

6. Order confirmation email (Resend)

We use Resend, Inc. (USA) for order confirmations, processing your email address and order content. Legal basis: Art. 6(1)(b) GDPR. Third-country transfer safeguarded via Standard Contractual Clauses.

7. Contact

If you contact us by email, we process your details to handle the enquiry. Reception is handled via Cloudflare Email Routing (USA) with forwarding to our mailbox. Legal basis: Art. 6(1)(b) or (f) GDPR.

8. VAT number check (VIES)

If business customers provide an EU VAT ID, it is validated against the European Commission’s official VIES system. The VAT ID and returned company data are stored for evidence. Legal basis: Art. 6(1)(c) and (f) GDPR.

9. Shipping (DHL)

To deliver your order we pass the required data (name, delivery address, and possibly phone/email for tracking) to DHL. Legal basis: Art. 6(1)(b) GDPR.

10. Analytics (Cloudflare Web Analytics)

We use Cloudflare Web Analytics — cookie-free, with no browser storage and no personal profiling. As no device information under § 25 TDDDG is stored, no consent (cookie banner) is required. Legal basis: Art. 6(1)(f) GDPR.

11. Payment processing (planned: Stripe)

Payment processing via Stripe (Stripe Payments Europe Ltd., Ireland) is planned, processing payment-related data (name, email, payment/card data, transaction data). This section applies once Stripe is activated. Legal basis: Art. 6(1)(b) and (f) GDPR.

12. Invoicing (planned: Billingo)

Invoicing via Billingo (Hungary) is planned, processing the data required for the invoice (name, address, VAT ID if any, line items). This section applies once Billingo is activated. Legal basis: Art. 6(1)(c) GDPR.

13. Your rights

You have the rights to access, rectification, erasure, restriction, data portability and objection, and to withdraw consent. Contact info@cesaries.com. You may also lodge a complaint with a supervisory authority (in Hungary: NAIH; EU customers also with the authority of their residence).

14. Currency

As our website and services develop, or due to changed legal requirements, this policy may need to be updated.