DATA PROTECTION POLICY
Jógaház Mandala Restaurant & Service Social Cooperative
Last update: December 2025
1. INTRODUCTION AND GENERAL PROVISIONS
The Jógaház Mandala Restaurant & Service Social Cooperative, i.e. the Mandala Restaurant (hereinafter: "& Restaurant," "we," "us" or "data controller") is the legal basis necessary for the protection and processing of personal data, in particular the provisions of the European Union Regulation 2016/679 (GDPR) and the Hungarian Infotv. (Act CXII of 2011), in full compliance with the provisions of the European Union Regulation 2016/679 (GDPR) and the Hungarian Infotv. (Act CXII of 2011).
This data protection policy explains:
- What personal data we collect and process
- For what purposes and on what legal basis we use it
- How we protect and store it
- What rights we grant to data subjects
- How we handle cookies
This policy applies to the mandalaetterem.hu website (hereinafter: "Website" ) and all data processing carried out by the Restaurant.
2. IDENTIFICATION OF THE DATA CONTROLLER
Name: Jógaház Mandala Restaurant & Service Social Cooperative
Registered office: 7621 Pécs, Perczel Miklós utca 26, FSZT 1
Email: info.mandalaetterem@gmail.com
Phone: +36306402357
Data Protection Officer (DPO): The Restaurant is not required to appoint a Data Protection Officer, but in data protection matters, the Restaurant reserves the right to respond via one of the contact details listed.
Hosting provider
ErdSoft doo
Headquarters: 24000 Subotica, Somborski put 33a, Serbia
Phone number: +38169606794
Email: office@erdsoft.com
Website: erdsoft.com
3. TYPES OF PERSONAL DATA PROCESSED AND PURPOSES OF PROCESSING
3.1. Website visits and technical data
Processed data:
- IP address
- Browser type and version
- Operating system
- Date and duration of website visit
- Page(s) visited and clicks
- Referrer (previous page)
- Technical device information
Legal basis for processing: Legitimate interest (GDPR Article 6(1)(f))
Purpose of processing:
- Ensuring the functioning of the Website
- Security and cybersecurity purposes
- Analyzing and optimizing website usage
- Diagnosing and resolving technical problems
Data retention period: Maximum 13 months (server logs)
3.2. Cookies
The Restaurant and the Website use cookies to improve the user experience. Cookies are small text files that your browser stores on your device.
3.2.1. Necessary (Technical) Cookies
Type: Necessary/Technical
Description: These cookies are necessary for the basic functioning of the Website (e.g., login data, security tokens, storage of cookiebot consent). .
Legal basis: Article 6(1)(b) of the GDPR (processing necessary for the performance of a contract)
Retention period: Until the end of the session or 12 months
Controller: the Website hosting provider
Specific cookies:
mandala_session: Session identifier (retention period: until the end of the session)cookie_consent: Cookiebot consent (retention period: 1 year)_secure_token: Security token (retention period: until the end of the session)
3.2.2. Analytical Cookies
Type: Analytical/Statistical
Description: The Restaurant collects anonymous statistics about the use of the Website with the help of Google Analytics 4 (GA4) to understand how visitors use the Website.
Legal basis: Article 6(1)(f) of the GDPR (legitimate interest – the Restaurant's legitimate interest in improving the Website)
Consent required: Yes, explicit consent is required
Retention period: Maximum 14 months
Processor: Google LLC (Google Analytics)
Specific cookies:
_ga: User ID_ga_*: Campaign data and session information_gid: Session identifier
3.2.3. Marketing/Tracking Cookies
Type: Marketing/Tracking
Description: These cookies are related to the restaurant's marketing activities and tracking (e.g., advertising). restaurant's marketing activities and tracking (e.g., retargeting on advertising platforms).
Legal basis: GDPR Article 6(1)(a) (explicit consent)
Necessity of consent: Yes, explicit consent is required
Retention period: 3-12 months (varies by platform)
Processor: Facebook Pixel, Google Ads
3.2.4. Cookie settings
Users have the following cookie settings as needed:
- Necessary cookies – Automatically enabled, cannot be disabled
- Analytical cookies – Express consent required for enabling
- Marketing cookies – Express consent required for authorization
Cookie management:
- Browser settings: Most browsers offer the option to completely disable or restrict cookies. Cookiebot banner: The cookiebot banner at the top of the Website allows you to manage individual cookie categories.
- Right of withdrawal: Previously given consent can be withdrawn at any time.
Further information about cookies:
3.3. Event booking and customer data
Processed data:
- Name
- Email address
- Phone number
- Event type
- Event date and time
- Number of guests
- Dietary requirements and special requests
- Additional messages or comments
Legal basis for processing:
- GDPR Article 6(1)(b) (necessary for the performance of a contract – event booking)
- GDPR Article 6(1)(a) (explicit consent – marketing communications)
Purpose of processing:
- Processing and confirming event reservations
- Communicating with the customer about the event
- Billing and payment processing
- Customer relationship management
- Compliance with legal requirements
- Submission and defense of legal claims
- Marketing communications (based on consent)
Data transfer:
- The processed data is stored in the restaurant's internal systems
- Data will not be transferred to third parties, except:
- Necessary service providers (e.g., email provider, hosting service provider)
- In cases where it is necessary to comply with legal obligations
- Based on the user's express consent
Data retention period:
- A maximum of 7 years after the event (in compliance with accounting regulations)
- In the case of marketing communications: until revoked
3.4. Email communication
Processed data:
- Email address
- Name
- Email content and metadata
- Opening and click data (if tracked)
Legal basis for processing:
- GDPR Article 6(1)(a) (consent – newsletter)
- GDPR Article 6(1)(b) (necessary for the performance of a contract – event booking tracking)
Purpose of processing:
- Customer communication
- Sending marketing information (based on consent)
- System alerts
Data retention period:
- In the case of newsletters: until revoked
- Event-specific communication: maximum 2 years after the event
Right to unsubscribe:
- All marketing emails include an unsubscribe option
- You can unsubscribe from the newsletter at any time by clicking on the unsubscribe link
4. INTERNATIONAL DATA TRANSFER
The Restaurant's data is primarily stored on servers located in member states of the European Economic Area (EEA). If the Restaurant uses suppliers outside the EEA (e.g., Google Analytics), we operate in accordance with the contractual guarantees and EDPB decisions (e.g., Standard Data Protection Clauses).
5. DATA PROTECTION AND SECURITY
The Restaurant takes a number of measures to protect your personal data:
- Encryption: The Website uses HTTPS encryption during data transmission.
- Access restriction: Only authorized employees have access to the data.
- Physical security: Servers are located in secure data centers.
- Regular security updates: All software and systems are kept up to date.
- Backup and recovery: Regular security copies of data are made.
However, no Internet communication is completely secure. The Restaurant cannot guarantee absolute security, and you carry out all your internet activities at your own risk.
6. THIRD PARTIES AND DATA PROCESSORS
The Restaurant may transfer personal data to the following third parties:
6.1. Website Hosting Service Provider
- Name: ErdSoft doo
- Legal basis: Processing necessary for the performance of a contract
- Data processing agreement: Concluded
6.2. Email Provider
- Name: ErdSoft doo
- Legal basis: Processing necessary for the performance of a contract
- Data processing agreement: Concluded
6.3. Analytical Services
- Name: Google LLC (Google Analytics 4)
- Legal basis: Legitimate interest
- Data processing agreement: Signed
6.4. Marketing Platforms
- Name: Facebook Ireland Ltd. (Facebook Pixel), Google Ireland Ltd. (Google Ads)
- Legal basis: Consent
- Data processing agreement: Concluded
The Restaurant works with all third parties on the basis of the EDPB recommendations and DATA PROCESSING AGREEMENTS.
7. YOUR RIGHTS
Under the GDPR, you have the following rights:
7.1. Right of Access (GDPR Article 15)
You have the right to know what personal data we process about you.
7.2. Right to rectification (GDPR Article 16)
You have the right to request that we rectify incomplete or inaccurate data at your request.
7.3. Right to Erasure (GDPR Article 17 – "Right to be forgotten")
Under certain circumstances, you may have the right to have the Restaurant delete your personal data if:
- The data is no longer necessary for the purpose for which it was collected
- You have withdrawn your consent
- You have lodged an objection to the processing
- The data has been processed unlawfully
- Erasure is required by a legal obligation
7.4. Right to restriction of processing (GDPR Article 18)
You may request the restriction of data processing if:
- You contest the accuracy of the data
- The data processing is unlawful
- The Restaurant no longer needs the data, but you request that it be retained
- You have lodged an objection
7.5. Right to data portability (GDPR Article 20)
You have the right to receive your personal data in a structured, widely used, machine-readable format and to transmit those personal data to another controller.
7.6. Right to object (GDPR Article 21)
You may object to certain processing, in particular processing for marketing purposes.
7.7. Right to Object to Automated Decision-Making (GDPR Article 22)
You have the right not to be subject to decisions based solely on automated processing that have a significant effect on you.
7.8. Right to Withdraw Consent
You may withdraw your consent to processing at any time.
8. EXERCISING YOUR RIGHTS
To exercise your rights, you can contact the Restaurant in the following ways:
Email: info.mandalaetterem@gmail.com
Postal address: 7621 Pécs, Perczel Miklós utca 26.
Telephone number: +36306402357
The Restaurant will respond to all valid requests within 30 days. The response is free of charge, unless the request is clearly unfounded or excessive (in which case the Restaurant may charge a reasonable fee or refuse to respond).
9. LEGAL COMPLIANCE AND LEGAL BASIS
The Restaurant complies with the following regulations:
- EU Regulation 2016/679 (GDPR)
- Act CXII of 2011 (Infotv.)
- Act XLVIII of 2008 (on electronic commerce)
- Relevant Hungarian and EU data protection regulations
10. DATA PROTECTION INCIDENT
In the event of a personal data protection incident, the Restaurant shall proceed as follows:
- Investigation: The Restaurant will immediately launch an investigation to determine the nature and extent of the incident.
- Notification: Those affected will be notified of the incident if necessary (based on Articles 33 and 34 of the GDPR).
- Supervision: The incident will be reported to the Hungarian data protection authority, the National Authority for Data Protection and Freedom of Information (NAIH), if necessary.
11. CHILDREN'S DATA
The Website does not specifically collect personal data from children (under the age of 14). If the Restaurant becomes aware that it is processing personal data of children under the age of 14, the Restaurant will delete this data immediately. Personal data relating to events in which children participate may only be processed with the consent of their parents or guardians.
12. HOTEL OR EVENT DATA
When booking events, the restaurant may process special personal data (dietary requirements, health data). This data will only be used for the organization and execution of the event, and to ensure the safety and well-being of the customer.
13. DATA PROTECTION SUPERVISORY AUTHORITY
If you have a complaint about the data protection practices of the Restaurant, you have the right to contact the National Authority for Data Protection and Freedom of Information (NAIH):
National Authority for Data Protection and Freedom of Information (NAIH)
Address: 1055 Budapest, Balzac utca 9.
Phone: +36-1-391-1400
Email: ugyfelszolgalat@naih.hu
Website: naih.hu
14. MODIFICATION OF DATA PROCESSING STATEMENT
The Restaurant reserves the right to modify this data protection policy at any time. In the event of significant changes, the Restaurant will notify the data subjects by email or by posting a notice at the top of the Website. Restaurant will notify the data subjects by email or by a notice at the top of the Website.
Date of changes: According to the last update date indicated at the top of the page.
15. CONTACT AND FURTHER INFORMATION
For further data protection questions or to exercise your rights, please contact the restaurant:
Email: info.mandalaetterem@gmail.com
Phone: +36306402357
Postal address: 7621 Pécs, Perczel Miklós utca 26.
16. REGISTRATION AND ACCEPTANCE
This privacy policy has been approved by Mandala Restaurant and applies to all users.
Effective date: December 29, 2025.
Please note: This privacy policy is based on the restaurant's current data processing practices. The Restaurant reserves the right to modify the policy. Any modifications may take effect at any time.