Privacy Policy

Effective Date: 24/07/2025
Last Updated: 12/08/2025
Version: 1.0

1. Introduction

Lazlon Kft. ("we," "us," "our," or "Company") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website cakesanddays.com, use our mobile applications, or engage with our Cakes & Days service (collectively, the "Service").

This Privacy Policy is designed to comply with the European Union's General Data Protection Regulation (GDPR), Hungarian data protection laws, and other applicable privacy regulations. We are committed to transparency in our data processing practices and to providing you with meaningful control over your personal information.

By using our Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein. If you do not agree with the practices described in this Privacy Policy, please do not use our Service.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will notify you by email to the address associated with your account and through prominent notices on our Service. Your continued use of the Service after such modifications constitutes your acceptance of the updated Privacy Policy.

2. Data Controller Information

Data Controller: Lazlon Kft.
Company Registration Number: 01-09-325892
VAT Number: 26356174-2-41
Registered Address: Teve utca 7. 2.em. 1., Budapest, Hungary 1139
Email: hello@cakesanddays.com

For any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us using the information provided above. We are committed to responding to your inquiries promptly and addressing any privacy-related concerns you may have.

3. Personal Information We Collect

3.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us when you register for an account, use our Service, communicate with us, or otherwise interact with our platform. This information includes:

Account Information: When you create an account with us, we collect your name, email address, password, and any other information you choose to provide during the registration process. This information is necessary for account creation, authentication, and providing you with access to our Service.

Profile Information: You may choose to provide additional profile information, such as your date of birth, profile picture, time zone preferences, and other personal details that help us customize your experience and provide more relevant features.

Birthday and Anniversary Data: As the core function of our Service, we collect information about birthdays and anniversaries that you add to your calendars, including names, dates, relationships, and any notes or comments you associate with these entries. This information may include personal data about third parties (friends, family members, colleagues) that you choose to store in our system.

Communication Data: When you contact us through our customer support channels, feedback forms, or other communication methods, we collect the content of your communications, including any personal information you choose to share in your messages.

Payment Information: When you subscribe to our paid services, we collect billing information such as your name, billing address, and payment method details. However, sensitive payment information such as credit card numbers is processed and stored by our third-party payment processor, Stripe, Inc., and is not directly stored on our servers.

3.2 Information We Collect Automatically

When you use our Service, we automatically collect certain information about your device, usage patterns, and interactions with our platform:

Device Information: We collect information about the device you use to access our Service, including device type, operating system, browser type and version, screen resolution, and unique device identifiers. This information helps us optimize our Service for different devices and troubleshoot technical issues.

Usage Data: We collect information about how you use our Service, including pages visited, features used, time spent on different sections, click patterns, and other usage statistics. This data helps us understand user behavior, improve our Service, and develop new features that better meet user needs.

Log Data: Our servers automatically record certain information when you use our Service, including your IP address, browser type, referring/exit pages, date and time stamps, and other server log data. This information is used for security purposes, troubleshooting, and analyzing usage trends.

Location Information: We may collect general location information based on your IP address to provide location-appropriate features, such as time zone settings and localized content. We do not collect precise geolocation data unless you explicitly grant permission for such collection.

3.3 Information from Third Parties

We may receive personal information about you from third-party sources, including:

Social Media Platforms: If you choose to connect your social media accounts to our Service, we may receive certain profile information from those platforms in accordance with their privacy policies and your privacy settings.

Payment Processors: We receive transaction information from our payment processor, Stripe, Inc., including payment confirmation, billing details, and transaction history necessary for account management and customer support.

Analytics Providers: We use third-party analytics services that may provide us with aggregated and anonymized information about user behavior and Service performance.

4. Legal Basis for Processing

Under the GDPR, we must have a legal basis for processing your personal information. We rely on the following legal bases:

4.1 Contractual Necessity

We process your personal information when it is necessary for the performance of our contract with you, including:

• Creating and managing your user account
• Providing access to our Service features and functionality
• Processing subscription payments and managing billing
• Delivering customer support and technical assistance
• Fulfilling our obligations under our Terms and Conditions

4.2 Legitimate Interests

We process certain personal information based on our legitimate interests, including:

• Improving and optimizing our Service through usage analytics
• Ensuring the security and integrity of our platform
• Preventing fraud and abuse
• Conducting business operations and administration
• Marketing our services to existing customers
• Complying with legal obligations and protecting our legal rights

We have conducted balancing tests to ensure that our legitimate interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests at any time.

4.3 Consent

For certain types of processing, we rely on your explicit consent, including:

• Placing non-essential cookies on your device
• Sending marketing communications to prospects who are not existing customers
• Processing special categories of personal data (if applicable)
• Sharing your information with third parties for purposes not covered by other legal bases

You have the right to withdraw your consent at any time, and such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

4.4 Legal Obligations

We may process your personal information when necessary to comply with legal obligations, including:

• Responding to lawful requests from government authorities
• Complying with tax and accounting requirements
• Meeting data retention obligations
• Fulfilling regulatory reporting requirements

5. How We Use Your Personal Information

We use your personal information for the following purposes:

5.1 Service Provision and Account Management

We use your personal information to provide, maintain, and improve our Service, including creating and managing your account, authenticating your identity, processing your requests, and delivering the features and functionality you expect from our platform. This includes storing and organizing your birthday and anniversary data, sending customized reminders, generating personalized calendars, and facilitating collaboration with other users through shared calendars.

5.2 Communication and Customer Support

We use your contact information to communicate with you about your account, respond to your inquiries, provide customer support, and send important notices about our Service. This includes technical support, billing inquiries, account security notifications, and updates about changes to our Service or policies.

5.3 Payment Processing and Billing

We use your billing information to process subscription payments, manage your account billing, generate invoices, and handle refunds or disputes. While we do not store sensitive payment information directly, we work with our payment processor to ensure secure and reliable payment processing.

5.4 Service Improvement and Analytics

We analyze usage data and user feedback to understand how our Service is used, identify areas for improvement, develop new features, and optimize user experience. This includes analyzing user behavior patterns, feature adoption rates, and performance metrics to guide our product development decisions.

5.5 Security and Fraud Prevention

We use personal information to protect the security and integrity of our Service, prevent fraud and abuse, detect and investigate suspicious activities, and ensure compliance with our Terms and Conditions. This includes monitoring for unusual account activity, implementing security measures, and responding to security incidents.

5.6 Marketing and Promotional Communications

With your consent or where permitted by law, we may use your contact information to send you marketing communications about our Service, including information about new features, special offers, and other promotional content. You can opt out of marketing communications at any time using the unsubscribe links provided in our emails or by contacting us directly.

5.7 Legal Compliance and Protection of Rights

We may use your personal information to comply with applicable laws and regulations, respond to legal requests, protect our legal rights and interests, and enforce our Terms and Conditions. This includes cooperating with law enforcement investigations, responding to court orders, and protecting against legal liability.

6. How We Share Your Personal Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. However, we may share your personal information in the following circumstances:

6.1 Service Providers and Business Partners

We work with trusted third-party service providers who assist us in operating our Service, conducting our business, and providing services to you. These service providers have access to your personal information only to perform specific tasks on our behalf and are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.

Payment Processing: We share billing and payment information with Stripe, Inc., our payment processor, to facilitate subscription payments and billing management. Stripe processes this information in accordance with their privacy policy and industry-standard security practices.

Cloud Infrastructure: We use cloud hosting services to store and process your data. Our cloud service providers are contractually bound to implement appropriate security measures and use your data only as necessary to provide hosting services.

Analytics and Performance Monitoring: We share anonymized and aggregated usage data with analytics providers to help us understand Service performance and user behavior. These providers do not have access to personally identifiable information.

Customer Support Tools: We may share relevant account information with customer support platforms to provide efficient and effective customer service.

6.2 Shared Calendar Collaborators

When you choose to share calendars with other users, the birthday and anniversary information you include in those shared calendars will be accessible to the users you have invited to collaborate. You control which information is shared and with whom through your privacy settings and sharing preferences.

6.3 Legal Requirements and Protection of Rights

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the acquiring entity or successor organization. We will provide notice of any such transfer and any choices you may have regarding your personal information.

6.5 Consent-Based Sharing

We may share your personal information with third parties when you have given us explicit consent to do so. You can withdraw such consent at any time by contacting us or updating your privacy preferences.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Account Data Retention

We retain your account information and associated data for as long as your account remains active. If you choose to delete your account, we will delete your personal information within 30 days, except where we are required to retain certain information for legal, regulatory, or legitimate business purposes.

7.2 Birthday and Anniversary Data

The birthday and anniversary information you store in our Service is retained for as long as your account remains active or until you choose to delete specific entries. This data is central to our Service functionality and is retained to ensure continuity of service and reminder delivery.

7.3 Communication Records

We retain records of your communications with us, including customer support interactions, for up to three years to provide ongoing support and resolve any issues that may arise.

7.4 Payment and Billing Information

We retain billing and payment information for as long as required for accounting, tax, and legal compliance purposes, typically seven years from the date of the last transaction.

7.5 Legal and Regulatory Retention

We may retain certain personal information for longer periods when required by applicable laws, regulations, or legal proceedings. This includes information that may be subject to litigation holds or regulatory investigations.

7.6 Anonymized Data

We may retain anonymized and aggregated data indefinitely for analytical and research purposes, as such data cannot be used to identify individual users.

8. Your Rights Under GDPR

As a data subject under the GDPR, you have several rights regarding your personal information. We are committed to facilitating the exercise of these rights and will respond to your requests in accordance with applicable law.

8.1 Right of Access

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and if so, to access that personal data along with specific information about the processing. You can access much of your personal information directly through your account settings, or you can contact us to request a comprehensive copy of your personal data.

8.2 Right to Rectification

You have the right to have inaccurate personal data corrected and to have incomplete personal data completed. You can update most of your personal information directly through your account settings, or you can contact us to request corrections to information you cannot modify yourself.

8.3 Right to Erasure (Right to be Forgotten)

You have the right to request the deletion of your personal data under certain circumstances, including when the personal data is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when the personal data has been unlawfully processed. You can delete your account and associated data through your account settings, or you can contact us to request specific data deletion.

8.4 Right to Restrict Processing

You have the right to request the restriction of processing of your personal data under certain circumstances, such as when you contest the accuracy of the data or when processing is unlawful but you prefer restriction over deletion. When processing is restricted, we may store your personal data but will not process it further without your consent.

8.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance. This right applies when processing is based on consent or contract and is carried out by automated means.

8.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests, including profiling based on those provisions. You also have the right to object to processing for direct marketing purposes, including profiling related to such marketing.

8.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates the GDPR. In Hungary, the competent supervisory authority is the National Authority for Data Protection and Freedom of Information (NAIH).

8.9 Exercising Your Rights

To exercise any of these rights, please contact us using the contact information provided in this Privacy Policy. We will respond to your request within one month, though this period may be extended by two additional months in complex cases. We may request additional information to verify your identity before processing your request.

9. Cookies and Similar Technologies

We use cookies and similar tracking technologies to enhance your experience with our Service, analyze usage patterns, and provide personalized content and features.

9.1 What Are Cookies

Cookies are small text files that are stored on your device when you visit our website. They contain information that is transferred to your device's hard drive and allow us to recognize your device and remember certain information about your preferences and usage patterns.

9.2 Types of Cookies We Use

Strictly Necessary Cookies: These cookies are essential for the operation of our Service and cannot be disabled. They enable core functionality such as security, network management, and accessibility. Without these cookies, services you have asked for cannot be provided.

Performance and Analytics Cookies: These cookies collect information about how you use our Service, including which pages you visit most often and any error messages you receive. This information is used to improve how our Service works and to understand user behavior patterns.

Functionality Cookies: These cookies allow our Service to remember choices you make and provide enhanced, more personal features. They may be set by us or by third-party providers whose services we have added to our pages.

Targeting and Advertising Cookies: These cookies are used to deliver advertisements that are more relevant to you and your interests. They may be set by us or by third-party advertising networks with our permission.

9.3 Cookie Consent and Management

When you first visit our website, we will ask for your consent to use non-essential cookies. You can choose to accept all cookies, reject non-essential cookies, or customize your cookie preferences by category.

You can manage your cookie preferences at any time by:

• Using our cookie preference center accessible through our website
• Adjusting your browser settings to block or delete cookies
• Opting out of specific third-party cookies through their respective opt-out mechanisms

Please note that blocking or deleting certain cookies may impact the functionality and performance of our Service.

9.4 Third-Party Cookies

Our Service may contain cookies placed by third-party service providers, including analytics providers, advertising networks, and social media platforms. These third parties may collect information about your online activities across different websites and services. We do not control these third-party cookies, and their use is governed by the privacy policies of the respective third parties.

10. International Data Transfers

As a company based in Hungary within the European Economic Area (EEA), we primarily process your personal data within the EEA. However, some of our service providers and business partners may be located outside the EEA, which may result in international transfers of your personal data.

10.1 Adequacy Decisions

When we transfer personal data to countries outside the EEA, we ensure that such transfers are made only to countries that have been deemed by the European Commission to provide an adequate level of data protection.

10.2 Standard Contractual Clauses

For transfers to countries without adequacy decisions, we use Standard Contractual Clauses (SCCs) approved by the European Commission. These clauses provide appropriate safeguards for your personal data and ensure that your rights are protected even when your data is processed outside the EEA.

10.3 Additional Safeguards

We implement additional technical and organizational measures to ensure the security of international data transfers, including encryption, access controls, and regular security assessments of our service providers.

11. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

11.1 Technical Safeguards

Encryption: We use industry-standard encryption protocols to protect data in transit and at rest. All communications between your device and our servers are encrypted using TLS (Transport Layer Security) protocols.

Access Controls: We implement strict access controls to ensure that only authorized personnel have access to personal data, and such access is limited to what is necessary for their job functions.

Network Security: Our systems are protected by firewalls, intrusion detection systems, and other network security measures to prevent unauthorized access.

Regular Security Updates: We regularly update our systems and software to address security vulnerabilities and maintain the highest level of protection.

11.2 Organizational Safeguards

Employee Training: All employees who have access to personal data receive regular training on data protection principles and security best practices.

Data Processing Agreements: We have data processing agreements in place with all service providers who process personal data on our behalf.

Incident Response: We have established procedures for detecting, responding to, and reporting security incidents and data breaches.

Regular Audits: We conduct regular security audits and assessments to identify and address potential vulnerabilities.

11.3 Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

12. Children's Privacy

Our Service is not intended for children under the age of 16, and we do not knowingly collect personal information from children under 16. If you are under 16, please do not provide any personal information through our Service. If you are between 16 and 18 years of age, you may use our Service only with the involvement and consent of a parent or guardian.

12.1 Parental Consent

If we learn that we have collected personal information from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible. If you believe that we may have collected information from a child under 16, please contact us immediately using the contact information provided in this Privacy Policy.

12.2 Special Protections for Minors

For users between 16 and 18 years of age, we implement additional protections, including enhanced privacy settings by default and restrictions on certain data processing activities. We encourage parents and guardians to monitor their children's online activities and to help enforce this Privacy Policy.

13. Third-Party Links and Services

Our Service may contain links to third-party websites, applications, or services that are not owned or controlled by us. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices.

13.1 Third-Party Privacy Policies

We encourage you to review the privacy policies of any third-party services you choose to use in connection with our Service. These third parties may have different privacy practices and data collection policies than ours.

13.2 Social Media Integration

If you choose to connect your social media accounts to our Service, please be aware that information you share through social media platforms is governed by their respective privacy policies and terms of service. We encourage you to review these policies before connecting your accounts.

14. Data Protection Officer

While we are not required to appoint a Data Protection Officer (DPO) under current regulations, we have designated internal privacy contacts who are responsible for overseeing our data protection practices and serving as points of contact for privacy-related inquiries.

14.1 Privacy Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact our privacy team at:

Email: privacy@lazlon.com
Address: Lazlon Kft., Teve utca 7. 2.em. 1., Budapest, Hungary 1139
Subject Line: Privacy Inquiry - [Your Name]

We are committed to responding to your privacy inquiries promptly and will acknowledge receipt of your request within 48 hours and provide a substantive response within 30 days.

15. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates applicable data protection laws.

15.1 Hungarian Supervisory Authority

In Hungary, the competent supervisory authority for data protection matters is:

National Authority for Data Protection and Freedom of Information (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9-11.
Phone: +36 1 391 1400
Email: ugyfelszolgalat@naih.hu
Website: https://www.naih.hu

15.2 Other EU Supervisory Authorities

If you are located in another EU member state, you may also contact the supervisory authority in your country of residence. A complete list of EU supervisory authorities is available on the European Data Protection Board website at https://edpb.europa.eu .

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will provide notice through our Service and via email to the address associated with your account.

16.1 Notification of Changes

We will provide at least 30 days' advance notice of any material changes to this Privacy Policy. During this notice period, you will have the opportunity to review the changes and decide whether to continue using our Service under the updated terms.

16.2 Continued Use

Your continued use of our Service after the effective date of any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the changes, you may terminate your account and discontinue use of our Service.

16.3 Version History

We maintain a version history of our Privacy Policy to provide transparency about changes over time. Previous versions of this Privacy Policy are available upon request.

17. Legal Framework and Compliance

This Privacy Policy is designed to comply with applicable data protection laws, including:

17.1 GDPR Compliance

We comply with the European Union's General Data Protection Regulation (GDPR) and have implemented appropriate technical and organizational measures to ensure the protection of personal data. Our processing activities are based on lawful grounds as defined in Article 6 of the GDPR, and we respect all rights granted to data subjects under the regulation.

17.2 Hungarian Data Protection Laws

We comply with Hungarian data protection legislation, including Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, as amended to implement the GDPR.

17.3 Other Applicable Laws

We also comply with other applicable privacy and data protection laws in jurisdictions where we operate or have users, including but not limited to the ePrivacy Directive and national implementations thereof.

18. Contact Information and Data Subject Requests

For any questions about this Privacy Policy, to exercise your data subject rights, or to make a complaint about our data processing practices, please contact us using the following information:

Data Controller: Lazlon Kft.
Email: hello@cakesanddays.com
Privacy Email: privacy@cakesanddays.com
Address: Teve utca 7. 2.em. 1., Budapest, Hungary 1139

18.1 Response Timeframes

We will acknowledge receipt of your inquiry within 48 hours and provide a substantive response within 30 days. In complex cases, we may extend this period by an additional 60 days, and we will inform you of any such extension and the reasons for the delay.

18.2 Identity Verification

To protect your privacy and security, we may request additional information to verify your identity before processing certain requests, particularly those involving access to or deletion of personal data.

18.3 No Fee Policy

We do not charge fees for processing data subject requests unless the requests are manifestly unfounded or excessive, particularly because of their repetitive character. In such cases, we may charge a reasonable fee based on administrative costs or refuse to act on the request.

19. Definitions

For the purposes of this Privacy Policy, the following definitions apply:

Personal Data: Any information relating to an identified or identifiable natural person, including but not limited to names, email addresses, IP addresses, and usage data.

Processing: Any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.

Data Controller: The entity that determines the purposes and means of processing personal data. In this case, Lazlon Kft. acts as the data controller.

Data Processor: An entity that processes personal data on behalf of the data controller. Our service providers act as data processors when they process your personal data on our behalf.

Data Subject: The individual to whom personal data relates. As a user of our Service, you are a data subject with respect to your personal data.

Consent: Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of personal data relating to them.

20. Effective Date and Acknowledgment

This Privacy Policy is effective as of 24/07/2025 and applies to all personal data processed by us from that date forward. By using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about our data processing practices and your rights. If you have any questions or concerns about this Privacy Policy or our data processing practices, please do not hesitate to contact us using the information provided above.

Last Updated: 12/08/2025
Effective Date:  24/07/2025
Version: 1.0

Appendix A: Cookie Categories and Purposes

Appendix B: Data Processing Activities Summary

Appendix C: Third-Party Service Providers