Privacy Policy
Effective: March 2, 2026
1. Data Controller's Details
Senaya Group Kft.
1053 Budapest, Ferenciek tere 2., Hungary
Tax Number: 32852301-2-41
Service Location: 1146 Budapest, Thököly út 64.
E-mail: reservation@senaya.hu
Phone: +36 (20) 545 9070
The Data Controller is responsible for the lawfulness of data processing and complies with the provisions of GDPR and national data protection regulations.
2. Principles of Data Processing
The Data Controller processes data lawfully, fairly, and transparently; only for specific purposes and only for as long as necessary.
Legal Bases:
– performance of a contract (e.g., booking an appointment)
– consent (e.g., newsletter)
– legal obligation (e.g., accounting)
3. Categories of Processed Data, Purpose, and Legal Basis
3.1 Appointment Booking – SimplyBook.me
Processed data: name, email, phone number
Purpose: fulfilling appointment bookings, providing information, communication ×
Legal basis: performance of a contract (GDPR 6(1)(b))
Data Processor: SimplyBook.me Ltd, Cyprus
Storage location / transfers: data is processed on the Data Processor's servers, which are not exclusively located in EU/EEA data centers. SimplyBook.me provides a GDPR-compliant DPA, applying Standard Contractual Clauses for non-EEA transfers.
3.2 Newsletter – MailerLite
Processed data: first name, email
Purpose: information, marketing communication
Legal basis: consent (GDPR 6(1)(a))
Subscription is done via a dual opt-in system. Consent can be withdrawn at any time.
Data Processor: MailerLite (GDPR-compliant, according to data processing agreement)
3.3 Website Technical Data – Google Analytics, Search Console
Processed data: IP addresses, page view data, device information
Purpose: website usage analysis, development
Legal basis: consent (cookie banner / cookie management)
This data is processed by Google, in accordance with Google's data processing terms and agreement.
We provide a clear choice in the cookie banner to accept or reject analytics.
4. Data Processors
| Data Processor | Service | GDPR Status |
|---|---|---|
| SimplyBook.me Ltd | online appointment booking | GDPR-compliant, DPA available, transfers regulated (simplybook.me) |
| MailerLite | newsletter sending | GDPR-compliant |
| Google LLC | Analytics/Search Console | GDPR-compliant, data sharing by agreement |
5. Data Storage Period
– Appointment booking data: up to 2 years after service completion
– Newsletter database: until withdrawal of consent
– Analytical logs: up to 12 months
6. Under 18s
Senaya's services are exclusively available to individuals aged 18 and over. The website is not targeted at visitors under 18.
7. Data Subject Rights
Every data subject is entitled to:
– access
– rectification
– erasure
– restriction of processing
– objection
– data portability
Request by email: reservation@senaya.hu
The Data Controller will fulfill the request within 30 days.
8. Legal Remedy
If you believe that data processing is unlawful:
NAIH - National Authority for Data Protection and Freedom of Information (www.naih.hu)
9. Data Security
We implement technical and organizational measures to protect against data misuse (e.g., SSL, authorization control, access logs).
