1. Introduction

Webtech Solutions ("we", "our", or "us") operates Cards Forge, a marketplace platform for physical collectible cards. We are committed to protecting your privacy and personal data in accordance with the General Data Protection Regulation (GDPR) and Hungarian data protection laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Platform. By accessing or using Cards Forge, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein.

If you do not agree with this Privacy Policy, please do not use the Platform.

2. Information We Collect

2.1 Personal Information

When you register for an account, we collect:

• Name: Your full name for account identification
• Email Address: For account verification, notifications, and communication
• Password: Encrypted and securely stored
• Avatar Image: Optional profile picture

2.2 Card Listing Information

When you create card listings, we collect:

• Card details (title, set, language, edition, condition)
• Pricing information
• Card images you upload
• Description and additional notes

2.3 Automatically Collected Information

• Login Activity: Date and time of logins/logouts
• Session Data: Your active sessions and device information
• IP Address: For security and fraud prevention
• Browser Information: User agent and browser type

3. Legal Basis and Purpose of Data Processing

Under GDPR Article 6, we process your personal data based on the following legal grounds:

• Contractual Necessity (Art. 6(1)(b)): To create and manage your account, process marketplace transactions, and fulfill our obligations under the Terms and Conditions
• Legitimate Interest (Art. 6(1)(f)): To detect and prevent fraud, ensure platform security, improve our services, and send service-related notifications
• Legal Obligation (Art. 6(1)(c)): To comply with applicable EU and Hungarian laws, including data retention requirements and responding to legal requests
• Consent (Art. 6(1)(a)): For optional features such as marketing communications (where applicable)

We use your personal data for the following purposes:

• Account Management: Creating and managing your user account
• Email Verification: Confirming your email address as required for account activation
• Account Approval: Supervisor review of new registrations to prevent fraud and abuse
• Marketplace Operations: Processing and displaying card listings, facilitating user-to-user transactions
• Notifications: Sending essential updates about your listings, account status, and Platform changes
• Security and Fraud Prevention: Detecting and preventing unauthorized access, fraudulent activities, and abuse
• Analytics: Understanding platform usage patterns to improve our services (anonymized where possible)
• Compliance: Meeting legal and regulatory requirements under Hungarian and EU law

4. Data Storage, Security, and Retention

We implement appropriate technical and organizational security measures in accordance with GDPR Article 32 to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage:

• Encryption: Passwords are encrypted using industry-standard bcrypt hashing algorithms
• Secure Storage: Personal data is stored on secure servers within the European Union
• Access Control: Strict access limitations ensuring only authorized personnel can access personal information
• Regular Backups: Automated backup systems to prevent data loss
• SSL/TLS Encryption: All communication between your browser and our servers is encrypted using TLS 1.2 or higher
• Regular Security Audits: Periodic reviews of our security practices and infrastructure

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

Data Retention: We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• User account data: Retained while your account is active and for 90 days after account deletion (for legal and fraud prevention purposes)
• Activity logs: Automatically deleted after 20 days
• Transaction records: Retained for 5 years in accordance with Hungarian accounting and tax laws
• Card listings: Retained until you delete them or your account is terminated

5. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights regarding your personal data:

• Right of Access (Art. 15): You have the right to request a copy of the personal data we hold about you and information about how we process it
• Right to Rectification (Art. 16): You can update or correct inaccurate or incomplete personal information directly through your profile settings or by contacting us
• Right to Erasure / "Right to be Forgotten" (Art. 17): You may request deletion of your personal data, subject to legal retention requirements (e.g., accounting obligations)
• Right to Restriction of Processing (Art. 18): You can request that we limit the processing of your personal data under certain circumstances
• Right to Data Portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., JSON, CSV) and transmit it to another controller
• Right to Object (Art. 21): You may object to processing based on legitimate interests or for direct marketing purposes
• Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you have the right to withdraw your consent at any time
• Right to Lodge a Complaint (Art. 77): You have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) or your local supervisory authority

To exercise any of these rights, please contact us at info@webtech-solutions.hu. We will respond to your request within 30 days as required by GDPR Article 12(3).

6. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

• Supervisors: Platform supervisors can view user activity and card listings for moderation and approval purposes
• Public Listings: Card listings you create are visible to other registered users on the marketplace
• Legal Requirements: When required by Hungarian or EU law, court order, or to protect our rights and property
• Service Providers: We may use third-party service providers (e.g., email delivery services) who process data on our behalf under strict data processing agreements compliant with GDPR Article 28

All third-party service providers are located within the European Union or have adequate data protection safeguards in place. We do not transfer personal data outside the EU/EEA without appropriate safeguards.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to maintain your login session and improve your user experience. By using our Platform, you consent to our use of cookies as described below:

• Essential Cookies: Required for authentication and session management (cannot be disabled)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand platform usage to improve our services

You can configure your browser to refuse cookies, but this may limit some functionality of the Platform. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

8. Children's Privacy

Our Platform is not intended for users under the age of 16 in accordance with GDPR Article 8. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take immediate steps to delete that information.

If you believe we have inadvertently collected information from a child, please contact us immediately at info@webtech-solutions.hu.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Platform features. When we make material changes, we will notify you via email or by posting a prominent notice on the Platform at least 30 days before the changes take effect.

The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of the Platform after changes become effective constitutes acceptance of the updated Privacy Policy.

10. Contact Information and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Webtech Solutions
Email: info@webtech-solutions.hu
Website: https://cardsforge.eu

Supervisory Authority:
If you are not satisfied with our response or believe we are processing your data unlawfully, you have the right to lodge a complaint with:

Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9-11, Hungary
Website: https://naih.hu
Email: ugyfelszolgalat@naih.hu