Privacy Policy

PRIVACY POLICY

MARKET 1897 kitchen & wine

I. Purpose, Scope, and Applicable Laws of the Data Processing Notice

1. WINECOURT Kft. (hereinafter: “the Company”), as an entity subject to the applicable Hungarian legal system and, within that, corporate law, in accordance with European Union law, and in particular Regulation (EU) 2016/679 adopted by the European Parliament and the Council on April 27, 2016, has set as its objective to ensure, through this privacy policy, the protection of personal data relating to natural persons; and to respect the fundamental rights of natural persons as part of a uniform EU-wide data protection framework.

2. The scope of this Privacy Policy covers data processing related to the market1897.com website (hereinafter: “Website”) and the restaurant (hereinafter: “Restaurant”). This Privacy Policy remains in effect until revoked.

3. The purpose of this Privacy Policy is to inform data subjects, in accordance with EU and national law, about the processing of their personal data, in particular, but not exclusively, regarding the legal basis, scope, and duration of such processing.

4. The following laws govern data processing:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR), (hereinafter: “GDPR”)
• Act CXII of 2010 – on the Right to Informational Self-Determination and Freedom of Information (hereinafter: “Infotv”)
• Act V of 2010 – Civil Code (hereinafter: “Ptk”)
• Act C of 2000 on Accounting
• Act CL of 2017 on the Rules of Taxation
• Act CXXXIII of 2005 on the Rules Governing Personal and Property Protection and Private Investigation Activities

II. Basic Concepts

– “Personal data”: any information relating to an identified or identifiable natural person (“data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifiers, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

– “data processing”: any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;

– “controller”: the natural or legal person, public authority, agency, or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or Member State law, Union or Member State law may also determine the controller or specific criteria for designating the controller;

– “third party”: a natural or legal person, public authority, agency, or any other body that is not the data subject, the data controller, the data processor, or any person authorized to process personal data under the direct authority of the data controller or data processor;

– “representative”: a natural or legal person established in the Union and designated in writing by the controller or processor pursuant to Article 27, who represents the controller or processor with regard to the obligations incumbent upon the controller or processor under this Regulation

– “undertaking”: a natural or legal person engaged in economic activities, regardless of its legal form, including partnerships and associations engaged in regular economic activities.

III. Details and contact information of the data controller

IV. Principles of Data Processing

5. Pursuant to Article 5(1) and (2) of the GDPR, personal data:

• must be processed lawfully, fairly, and in a transparent manner in relation to the data subject (“lawfulness, fairness, and transparency”);
• be collected only for specified, explicit, and legitimate purposes and not processed in a manner incompatible with those purposes; in accordance with Article 89(1), further processing for archiving in the public interest, scientific or historical research purposes, or statistical purposes shall not be considered incompatible with the original purpose (“purpose limitation”);
• the purposes of the data processing must be appropriate and relevant to the purposes of the data processing and must be limited to what is necessary (“data minimization”);
• they must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes of the processing, are erased or rectified without delay (“accuracy”);
• Personal data must be stored in a form that allows for the identification of data subjects only for as long as is necessary to achieve the purposes of the processing; personal data may be stored for a longer period only if the processing is carried out for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, subject to the implementation of appropriate technical and organizational measures required by this Regulation to protect the rights and freedoms of data subjects (“limited storage”);
• processing must be carried out in such a manner that appropriate technical or organizational measures ensure the adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage (“integrity and confidentiality”).
• The data controller is responsible for compliance with the above and must be able to demonstrate such compliance (“accountability”).

V. Purpose of Data Processing

6. Our Company’s data processing and the use of personal data are necessary for the performance of services required for the Company’s core business and operations, as well as for reasons of personal and property protection. In order to provide these services, it is essential that certain personal data of the data subjects be accessible. The Data Controller strives to process only such personal data as is essential for achieving the purpose of data processing and suitable for achieving that purpose. Personal data may be processed only to the extent and for the duration necessary to achieve the purpose.

VI. Data Processing

Data processing related to table reservations:

• Data Processing for Website Visitors

Cookie Policy

7. A cookie is a small text file that a website visited by the Data Subject stores on the Data Subject’s computer or other device used for browsing the internet. The Data Subject’s device stores the cookie for a specified period of time. This allows the visited website to “remember” certain data and settings (e.g., language, font size, and other display settings) for a specified period. Cookies themselves cannot identify the user; they are only capable of recognizing the visitor’s computer.
Technical/essential cookies: necessary for the website to function.
Functional cookies: improve the user experience.
Analytical cookies: used to measure performance.
Marketing cookies: used to analyze user behavior and deliver targeted advertising, and require consent.8. The purpose of cookies:

– collect information about visitors and their devices;

– remember visitors’ individual settings, which may be used, for example, during online interactions, so they do not have to be re-entered;

– they facilitate the use of the website;

– they ensure a high-quality user experience;

– they measure the website’s performance and provide data for usage statistics;

– they can distinguish between visitors to the website and their respective sessions.

Google Analytics Service

We use the Google Analytics service to analyze and measure website traffic, visitor data, and performance. Information collected from the website is automatically transmitted to Google; however, this information does not contain any personal data. The information collected and transmitted consists solely of statistical data suitable for distinguishing between sessions, not for identifying website visitors. For more information on Google Analytics data processing, click on Analytics Tools & Solutions for Your Business – Google Analytics.

9. To provide a personalized service, third-party providers place and read small data packets, known as cookies, on the user’s computer. If the browser sends back a previously saved cookie, the service providers managing it can link the user’s current visit to previous ones, but only in relation to their own content.

No so-called web beacons are used on the website.

• Data processing related to the electronic surveillance system (CCTV):

Recorded footage may be viewed, restricted, or used for the purpose of investigating and proving the facts in cases of suspected administrative violations, criminal offenses, breaches of labor law obligations, damage, workplace accidents, or other compelling reasons, as well as upon request by the data subject.

The deletion or modification of personal data may be requested in the following ways:

by mail at 1093 Budapest, Csarnok tér 5, Ground Floor,
electronically at the email address info@market1897.com.

VII. Data Transfer

10. The Data Controller shall only transfer personal data to a third party if the data subject has unambiguously consented to such transfer—with knowledge of the scope of the data being transferred and the recipient of the transfer—or if the transfer is authorized by law. The Data Controller documents all data transfers and maintains a record of such transfers.

VIII. Data Processing

11. The Data Controller may engage a data processor authorized to perform its activities. Data processors do not make independent decisions; they are authorized to act solely in accordance with the contract concluded with the Data Controller and the instructions received. The Data Controller supervises the work of the data processors. Data processors are authorized to engage additional data processors only with the consent of the Data Controller.

Data Processor:

IX. Rights of the Data Subject

• Please be advised that you have the right to object to the processing of your personal data. If the Company determines that the objection is justified, it will cease processing the data—including further data collection and transfer—and will block the data; and will notify all parties to whom the personal data subject to the objection was previously transferred, and who are required to take action to enforce the right to object, of the objection and the measures taken in response.
• Please be advised that you have the right to request that the Company provide you with your personal data and information related to its processing. You may request a copy of your personal data, provided that such a request does not adversely affect the rights and freedoms of others. The first request for copies is free of charge; for any additional copies, the Company may charge a fee based on administrative costs.
• Please be advised that you may request the clarification, correction, or supplementation of your personal data by submitting a statement if the data is inaccurate, incorrect, or incomplete.
• Please be advised that, upon your request, the Company will restrict data processing if you dispute the accuracy of the data; furthermore, in the event that the data processing is unlawful, but you request the restriction of the data rather than its erasure, or if the purpose of the data processing has ceased to exist, but you require the data to assert, exercise, or defend a legal claim; as well as if you have objected to the data processing and the assessment of the objection is pending. If the Company lifts the restriction on data processing, it will notify you in advance.
• Please be advised that you may request the erasure of your personal data if:
• the processing is unlawful;
• the purpose of the data processing has ceased to exist, or further processing of the data is no longer necessary to achieve that purpose;
• the period permitted by law for storing the data has expired;
• the erasure of the data has been ordered by law, an authority, or a court.

You may submit a request regarding your personal data—including objections, requests for access, clarification, correction, supplementation, restriction, or deletion—at any time using the following contact information:

by mail: 1093 Budapest, Csarnok tér 5, Ground Floor
by email: info@market1897.com,
by phone: at +36 30 240 9020, providing your name and address,
in person: at 1093 Budapest, Csarnok tér 5, Ground Floor.

Please be advised that you may claim compensation for damages or a penalty for violation of privacy rights resulting from unlawful data processing.

X. Legal Remedies

12. If you believe that your rights have been infringed in connection with the processing of your personal data, you may initiate an investigation with the National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11., ugyfelszolgalat@naih.hu, +36-1-3911400, naih.hu, mailing address: 1363 Budapest, P.O. Box 9), or may turn to the competent court. The court with jurisdiction over the lawsuit is the regional court competent for the data controller’s registered office, provided that the lawsuit may also be initiated—at the Data Subject’s discretion—before the regional court competent for the Data Subject’s place of residence or place of stay.

13. The Data Subject is only entitled to consent to data processing by the Data Controller if they have become acquainted with the data protection and data processing provisions set forth above and are aware of their rights and obligations regarding the processing of their personal data.

Budapest, March 6, 2026

WINECOURT Limited Liability Company
Data Controller