PRIVACY POLICY

Sophia Ventis  |  www.sophiaventis.com

Last updated: March 2026

⚠  IMPORTANT NOTICE – TEST ENVIRONMENT: This website is currently operating as a test page only. No real personal data is actively collected or processed for commercial purposes at this stage. This notice will be removed when the site goes live.

Your privacy matters to us. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have under the General Data Protection Regulation (GDPR). Please read it carefully.

1. Data Controller

The data controller responsible for your personal data is:

Until formal company registration is completed, the operator of Sophia Ventis acts as the data controller in their personal capacity. References to “we”, “us”, or “our” in this Policy refer to Sophia Ventis and its operator.

For any privacy-related enquiries, including requests to exercise your rights, please contact us at: sophia@sophiaventis.com

2. Personal Data We Collect

We collect the following categories of personal data, depending on how you interact with us:

2.1 Data You Provide Directly

  • Name and email address – when you register an account or contact us

  • Account credentials – username and password (stored in encrypted form)

  • Purchase information – products ordered, order history, billing details

  • Marketing preferences – whether you have subscribed to our newsletter

  • Communications – messages you send us via email or contact forms

2.2 Data Collected Automatically

  • Technical data – IP address, browser type and version, operating system

  • Usage data – pages visited, time spent on pages, referring URLs, click behaviour

  • Cookie data – session identifiers and tracking data as described in Section 6

2.3 Data from Third Parties

  • Payment data – transaction confirmation and status from payment processors (Stripe, PayPal); we do not receive or store full card numbers

  • Analytics data – aggregated behavioural data from analytics services

3. Purposes and Legal Bases for Processing

We process personal data only when we have a lawful basis to do so under the GDPR. The table below sets out our purposes and the corresponding legal basis for each:

Purpose: Account creation and management

Legal basis: Performance of a contract (Article 6(1)(b) GDPR)

Details: To create and maintain your user account, authenticate your identity, and provide access to purchased Digital Products.

Purpose: Processing orders and delivering Digital Products

Legal basis: Performance of a contract (Article 6(1)(b) GDPR)

Details: To process your purchase, send order confirmations, and deliver access to your Digital Products.

Purpose: Customer support and communications

Legal basis: Performance of a contract / Legitimate interests (Article 6(1)(b) and (f) GDPR)

Details: To respond to your enquiries, resolve disputes, and provide technical support.

Purpose: Sending the newsletter and marketing emails

Legal basis: Consent (Article 6(1)(a) GDPR)

Details: To send you promotional content, product updates, and coaching resources. You may withdraw consent at any time.

Purpose: Analytics and Site improvement

Legal basis: Legitimate interests (Article 6(1)(f) GDPR)

Details: To understand how visitors use the Site, identify issues, and improve content and user experience.

Purpose: Security and fraud prevention

Legal basis: Legitimate interests (Article 6(1)(f) GDPR)

Details: To detect, prevent, and respond to fraud, abuse, and security threats.

Purpose: Legal compliance

Legal basis: Legal obligation (Article 6(1)(c) GDPR)

Details: To comply with applicable laws, including Hungarian accounting obligations requiring retention of transaction records.

4. Sharing Your Personal Data

We do not sell your personal data. We share it only in the following limited circumstances:

4.1 Payment Processors

When you make a purchase, your payment details are processed by our third-party payment providers: Stripe (Stripe, Inc.) and/or PayPal (PayPal Holdings, Inc.). These providers process payment data on our behalf and are bound by their own privacy policies and GDPR-compliant data processing agreements. We receive only confirmation of transaction status and do not store your full card details.

4.2 Email Service Providers

To send transactional and marketing emails, we use a third-party email service provider. Your email address and name are shared with this provider solely for the purpose of delivering our communications to you.

4.3 Analytics Providers

We may use analytics tools (such as Google Analytics) that collect anonymised usage data. These tools operate under data processing agreements and, where applicable, use IP anonymisation to protect your privacy.

4.4 Legal Requirements

We may disclose your personal data if required to do so by law, court order, or at the request of a competent public authority, or where necessary to protect our legal rights or the safety of others.

4.5 International Transfers

Some of our third-party providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, such as the EU Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission.

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by applicable law. Our key retention periods are:

  • Account data: retained for the duration of your account, plus 30 days after deletion to allow recovery

  • Transaction and order records: retained for 5 years in accordance with Hungarian accounting regulations

  • Marketing consent records: retained until you withdraw consent, plus 1 year thereafter as proof of consent

  • Customer support communications: retained for 2 years after the issue is resolved

  • Cookie and analytics data: retained for up to 26 months, depending on the tool

When data is no longer required, it is securely deleted or anonymised.

6. Cookies and Tracking Technologies

We use cookies and similar technologies on our Site. A cookie is a small text file stored on your device when you visit a website. We use the following types:

6.1 Strictly Necessary Cookies

These cookies are essential for the Site to function and cannot be disabled. They include session cookies for account login and shopping cart functionality. No consent is required for these cookies.

6.2 Analytical / Performance Cookies

These cookies help us understand how visitors interact with the Site by collecting anonymised information such as page views, time on page, and error reports. We use this data to improve Site performance. These require your consent.

6.3 Marketing Cookies

These cookies track your browsing activity to help us deliver relevant advertising and measure the effectiveness of campaigns. These require your explicit consent.

6.4 Managing Cookies

When you first visit the Site, a cookie consent banner will ask for your preferences. You may accept all, accept only necessary, or customise your choices. You can change your preferences at any time through the cookie settings on the Site, or by adjusting your browser settings to refuse cookies. Note that disabling some cookies may affect the functionality of the Site.

7. Your Rights Under the GDPR

As a data subject under the GDPR, you have the following rights. These rights may be subject to certain limitations under applicable law.

7.1 Right of Access (Article 15 GDPR)

You have the right to request a copy of the personal data we hold about you and information about how it is processed.

7.2 Right to Rectification (Article 16 GDPR)

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

7.3 Right to Erasure (Article 17 GDPR)

You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis for processing.

7.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while the accuracy of data is contested.

7.5 Right to Data Portability (Article 20 GDPR)

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.

7.6 Right to Object (Article 21 GDPR)

You have the right to object to processing of your personal data where it is based on legitimate interests, including profiling. You may also object at any time to processing for direct marketing purposes.

7.7 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

7.8 How to Exercise Your Rights

To exercise any of the above rights, please send a request to: sophia@sophiaventis.com

We will respond within 30 days of receiving your request. We may ask you to verify your identity before processing your request. There is no charge for exercising your rights, unless requests are manifestly unfounded or excessive.

7.9 Right to Lodge a Complaint

You have the right to lodge a complaint with your national data protection supervisory authority. In Hungary, this is:

  • Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)

  • Website: www.naih.hu

  • Address: 1055 Budapest, Falk Miksa utca 9–11., Hungary

  • Email: ugyfelszolgalat@naih.hu

You may also contact the supervisory authority in your country of residence or place of work.

8. Children’s Privacy

Our Site and Digital Products are not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe that a child has provided us with personal data without parental consent, please contact us at sophia@sophiaventis.com and we will take steps to delete the data promptly.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration, or disclosure. These include:

  • Encryption of passwords and sensitive data at rest

  • HTTPS encryption for all data transmitted between your browser and our Site

  • Access controls limiting who can view personal data internally

  • Regular review of our data handling practices

While we take every precaution, no method of transmission over the internet is completely secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform affected individuals without undue delay.

10. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects for you as described under Article 22 GDPR.

11. Links to Other Websites

Our Site may contain links to external websites. This Privacy Policy applies only to www.sophiaventis.com. We are not responsible for the privacy practices of third-party sites and encourage you to read their privacy policies before providing any personal data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will update the “Last updated” date at the top of this document.

If changes are material, we will notify registered users by email or via a prominent notice on the Site. We encourage you to review this Policy periodically. Your continued use of the Site after any changes constitutes your acceptance of the revised Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

We aim to respond to all privacy-related enquiries within 5 business days.

© 2026 Sophia Ventis. All rights reserved.