Privacy Policy

Below we inform you that the service provider SWTE Group Kft (registered seat: Hungary, 2161 Csomád, Kossuth Lajos u. 47., Company Registration Number: 13 09 188554) handles your personal data in the following ways and for the following purposes.

During data processing, we act in accordance with the relevant legislation – especially Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

This Privacy Policy covers the following website: https://musthaveplugins.com

We reserve the right to modify this Privacy Policy at any time, and any modifications become effective upon publication.

Data Controller

Name: SWTE Group Kft
Registered Seat: Hungary, 2161 Csomád, Kossuth Lajos u. 47.
E-mail: [email protected]

Legal Bases of Data Processing

Performance of a contract (GDPR Article 6(1)(b))
Compliance with a legal obligation (GDPR Article 6(1)(c))
Legitimate interests of the controller or a third party (GDPR Article 6(1)(f))
Consent of the data subject (GDPR Article 6(1)(a))
Public interest or exercise of official authority (GDPR Article 6(1)(e))
Fulfillment of accounting and tax obligations (e.g., GDPR Article 6(1)(c), other relevant national legislation)
Enforcement of legal claims or defenses (GDPR Article 6(1)(f))

Data Processed During Use of the Website:

Processed Data	Purpose of Processing
e-mail	fulfillment of orders, contact forms, newsletter, remarketing, analytics
name	fulfillment of orders, contact forms, newsletter, analytics
behavior	fulfillment of orders, remarketing, analytics
IP address	fulfillment of orders, contact forms, newsletter, remarketing, technical, analytics
phone number	fulfillment of orders, remarketing
address	fulfillment of orders, analytics
browser	fulfillment of orders, contact forms, remarketing, analytics
payment information	fulfillment of orders, analytics
purchase history	fulfillment of orders, remarketing
device	remarketing, analytics
search terms	remarketing
device fingerprint	analytics

Hosting Provider Information

The data is processed and stored by the following hosting provider for the operation of the service.

Provider Name: Hetzner Online GmbH
Address: Industriestr. 25 91710 Gunzenhausen, Germany
E-mail: [email protected]
Website: https://hetzner.com

Data Processors

We use external data processors to carry out certain data processing tasks. Data processors may only process the data in accordance with the contract concluded with us and the relevant legislation.

Cloudflare– Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA
Purpose: technical.
Range of processed data: IP address.
PayPal– PayPal Holdings, Inc., 2211 North First Street, San Jose, CA 95131, USA
Purpose: analytics.
Range of processed data: e-mail, name, device, behavior, IP address, address, browser, payment information, device fingerprint.
Stripe– Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA
Purpose: analytics.
Range of processed data: e-mail, name, device, behavior, IP address, address, browser, payment information, device fingerprint.

Remarketing Activities

In the scope of the service provider’s marketing activities, we may collaborate with external partners (e.g., displaying ads). We only transfer data to these partners with the data subject’s explicit consent.

Google Ads– 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”
Processed data: e-mail, device, behavior, IP address, phone number, browser, purchase history, search terms.
Facebook– 1 Hacker Way, Menlo Park, CA 94025, USA; “Meta Platforms, Inc.”
Processed data: e-mail, device, behavior, IP address, phone number, browser, purchase history.
YouTube Ads– 901 Cherry Ave, San Bruno, CA 94066, USA; “Google LLC”
Processed data: e-mail, device, behavior, IP address, phone number, browser, purchase history, search terms.

Cookies

While browsing the website, so-called cookies may be placed on the user’s computer. These cookies contain technical information, and their primary purpose is to ensure convenient, personalized browsing. However, the site may also use cookies for analytics, remarketing, or media elements.

Essential

Essential cookies and services enable basic functions and are necessary for the proper functioning of the website. These cookies and services do not require user permission according to GDPR.

Required

These cookies and services are necessary for the proper functioning of the website, but their use requires user consent. These may include, but are not limited to: payment gateways, captcha services, embedded booking services.

Analytics

Statistics cookies collect usage information, enabling us to gain insights into how our visitors interact with our website.

Marketing

Marketing services are used by third-party advertisers or publishers to display personalized ads. They do this by tracking visitors across websites.

Media

These cookies and services are necessary to display certain media elements, such as embedded videos, maps, social media posts, etc.

Other services

This category includes all cookies, domains, and services that do not fall into the other specified categories or have not been explicitly categorized.

Cookies Used on This Website

Cookie Name	Purpose
mhcookie	essential
sbjs_current	analytics
sbjs_udata	analytics
sbjs_session	analytics
__stripe_mid	essential
wordpress_test_cookie	essential
sbjs_migrations	analytics
sbjs_current_add	analytics
sbjs_first_add	analytics
sbjs_first	analytics
wp_lang	essential
wp-settings-*	essential
wp-settings-time-*	essential
woocommerce_items_in_cart	essential
woocommerce_cart_hash	essential
bmsession	essential
bm_redirects	essential
wp_woocommerce_session_*	essential
__stripe_sid	essential
sessionId	essential
userId	analytics
affwp_ref	analytics
affwp_ref_visit_id	analytics
_fbp	marketing
_fbc	marketing
affwp_campaign	analytics
TSVB_UID	unknown

Users can regulate or disable the use of cookies in their browser settings; however, this may affect certain functions of the site.

Data of Minors

Our service is not specifically directed at minors under the age of 16. If we do collect and process data of minors, we do so only if the law prescribes consent or parental/guardian authorization.

Parents and guardians may request the modification or deletion of any recorded data about themselves or the minors under their supervision at any time.

Contact Forms

The forms on the website record the data voluntarily provided by the user, which we use for contact or case handling.

e-mail
name
IP address
browser

Newsletter and Marketing Communications

By subscribing to our newsletter or other marketing communications, you consent to receiving notifications (promotions, news, etc.) at the provided contact details. You can unsubscribe or withdraw your consent at any time.

Data processed in case of newsletter subscription

e-mail
name
IP address

Data Retention Periods

We only store data for the necessary period or for the deadlines prescribed by the relevant legislation. After that, the data is deleted or anonymized.

Data Transfer to Third Parties

We only transfer your data to third parties if you have explicitly consented to this, or if it is required by law or an authority order.

Automated Decision-Making, Profiling

In some cases, the service provider may use automated decision-making systems or profiling (e.g., for marketing purposes, risk analysis). The essence of such procedures is to draw certain conclusions without human intervention, but you have the right to challenge or supplement this at any time.

SWTE Group Kft – Purpose: Spam detection.
PayPal Holdings, Inc. – Purpose: Fraud prevention.
Stripe, Inc. – Purpose: Fraud prevention.

If you believe that the automated decision leads to an incorrect result, you have the right to request human intervention and to object to the decision.

Data Security Measures

During data processing, both the data controller and the data processor employ organizational and technical protection measures that take into account modern technological possibilities and the nature of data processing (purpose, scope, circumstances), as well as the varying degrees of risk faced by natural persons. These safeguards aim to maintain data protection proportionate to the risks continuously.

These measures may include data encryption, maintaining the availability, confidentiality, and integrity of systems and services, and ensuring sufficient resilience. We pay particular attention to restoring the availability of and access to data as soon as possible in the event of any physical or technical incident.

By regularly reviewing and testing security measures, we ensure that the guarantees provided are not merely theoretical but actually provide an adequate level of protection in practice. We store data so that unauthorized persons cannot access it; for this purpose, paper-based documents are kept in a closed, secure environment, while electronic data is accessible only to persons with properly regulated access rights.

We also ensure that data can be deleted in a way that makes it impossible to restore once the retention period has ended or for any other reason that makes deletion necessary. In the case of paper-based documents, destruction is carried out using a specialized shredder or by involving an external partner specializing in this. When decommissioning or scrapping electronic media, we also ensure that data is irretrievably removed.

Protection of Paper-Based Documents

We provide physical protection for printed data to ensure secure, dry storage and adequately lockable rooms. Only authorized personnel have access to these documents. If the paper-based documents are also digitized, the rules for digital processing apply to them. Anyone handling data must not leave the work area without ensuring that the materials entrusted to them are locked and protected from unauthorized access.

The building and rooms where paper-based records are located have adequate fire and property protection systems, thus reducing the possibility of physical damage.

IT Protection

The computers and mobile devices involved in data processing are equipped with appropriate antivirus protection and access control. To secure the electronically stored information, we apply up-to-date backups and archiving solutions, ensuring these backups are accessible if needed.

Only authorized individuals with defined authorization levels can connect to the central server. The computers used for work and the data stored on them are protected by passwords and other access-protection measures against unauthorized access.

Management and Reporting of Data Protection Incidents

If an event occurs that threatens personal data with unauthorized access, damage, or loss, we immediately take steps to further protect the affected data and mitigate damages. If the situation suggests that the incident poses a significant risk to individuals’ rights or freedoms, we notify the affected individuals without undue delay, explaining the nature of the incident in understandable terms, as well as the measures we have taken or plan to take to address it.

We may omit notifying the affected individuals if we have previously implemented security solutions (e.g., encryption) that render the personal data unintelligible to unauthorized persons, or if further measures significantly reduce the probability of risk. In some cases, public disclosure may suffice instead of direct notification if individual notification would involve disproportionate effort.

In accordance with applicable regulations, if a data protection incident occurs that is likely to result in a risk to the rights and freedoms of natural persons, the data controller reports it to the competent supervisory authority within 72 hours of becoming aware of it. If the notification is made beyond this period, the reasons for the delay must also be provided.

User Rights

As a data subject (user), you have the following rights regarding the processing of your personal data:

Right of access (GDPR Article 15)
You can find out whether we store information about you, and if so, what details, and you can request information about the purpose, legal basis, and other relevant circumstances of data processing.
Right to rectification (GDPR Article 16)
You have the right to request the correction or completion of inaccurate or incomplete data.
Right to erasure (“right to be forgotten”) (GDPR Article 17)
If the data is no longer needed or if the legal conditions for erasure are met, you can request that it be deleted as soon as possible.
Right to restriction of processing (GDPR Article 18)
In certain cases, you can request that we only store the data and not use it otherwise (for example, if you dispute the accuracy of the data but do not want them to be deleted immediately).
Right to data portability (GDPR Article 20)
You have the right to receive the data we hold about you in a machine-readable format, or to request that we transfer it to another service provider if technically feasible.
Right to object (GDPR Article 21)
You may object to the further processing of your personal data if you believe that our legitimate interests (or any other legal basis) do not sufficiently justify such processing.
Exemption from automated decision-making (GDPR Article 22)
You may request that decisions about you not be made solely by automated systems (including profiling) and that you have the opportunity to seek human intervention in such procedures.

To exercise these rights, please contact us (e-mail: [email protected]). We strive to respond to incoming requests as quickly as possible. Typically, we will respond within one month of receiving your request, but if necessary—e.g., if the request is complex—this period may be extended by a further two months. We will inform you of the reasons for the extension within that initial one-month period.

If we cannot fulfill your request, we will also inform you of this and the reasons why within the above deadline. In this case, you have the right to lodge a complaint with the supervisory authority or seek judicial remedy.

Complaints and Remedies

If you believe there has been an abuse of your personal data, you can make an official report at the following contact details:

E-mail: [email protected]
By post: Hungary, 2161 Csomád, Kossuth Lajos u. 47.

We thoroughly investigate incoming complaints and inform you about the results of our investigation and any measures taken. If there is no specific time period prescribed by law for handling complaints, then at least once every three years, we review how the investigation of complaints and our process meet the purpose of data processing and the applicable legal requirements.

You are also entitled to file a complaint with the competent data protection authority:

Authority Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Address: 1055 Budapest, Falk Miksa utca 9-11.
Phone: +36-1-391-1400
E-mail: [email protected]

Date of last update: March 26, 2025