Privacy Policy

Last updated: 30 May 2026

1. Data Controller

The controller of personal data processed through The Last Door on the Internet project is:

Golden Nature Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság
Short company name: Golden Nature Kft.
Registered office: 7355 Nagymányok, Petőfi Sándor utca 45., Hungary

Privacy contact: info@lastdoorontheinternet.com

2. Scope of this Privacy Policy

This Privacy Policy explains how personal data are processed when visitors access the website, purchase or activate one or more numbered digital keys, use an individual digital key page, optionally provide public engraving information, or contact the operator.

This Privacy Policy applies only to the operator’s own processing activities. Payment providers and other independent service providers may also process personal data under their own privacy terms when their services are used.

3. Personal Data We May Process

Website and Technical Data

When the website is accessed, limited technical information may be processed for security, operation and troubleshooting purposes, including:

• IP address;
• date and time of access;
• browser type, device type and operating system information;
• requested pages and basic technical log information;
• security and error information where relevant.

Purchase and Order Data

When a purchaser buys one or more digital keys, we may process:

• name and billing information where requested during checkout;
• email address;
• country and other information required for tax, payment or invoicing purposes;
• order number;
• number of digital keys purchased;
• price, currency, payment status and transaction reference information;
• refund, reversal, chargeback or cancellation information where relevant.

Digital Key Data

When a digital key is successfully activated, we may process:

• the assigned sequential key number;
• the order connected to the key;
• the activation status of the key;
• the date and time of activation;
• the public key-page information associated with that key.

Optional Public Engraving Data

Following activation of a key, the key holder may be offered the option to voluntarily provide public engraving information, such as:

• a display name or nickname;
• a country selected for public display.

Providing public engraving information is optional. A key may remain associated only with the description Anonymous Keyholder.

Correspondence and Support Data

If a person contacts the operator, we may process the information included in that communication, such as the sender’s email address, name, message content, order reference and any information necessary to respond to the request.

4. Purposes and Legal Bases of Processing

Processing Purchases and Delivering Digital Keys

We process order, contact, payment-status and digital-key information in order to complete purchases, activate numbered digital keys, allocate key numbers, provide key pages and communicate transaction-related information.

Legal basis: performance of a contract or steps requested before entering into a contract.

Accounting, Tax and Consumer-Law Obligations

We process and retain order, transaction, invoicing, complaint and related information where necessary to comply with applicable accounting, tax, consumer-protection and other legal obligations.

Legal basis: compliance with legal obligations.

Website Security and Fraud Prevention

We may process technical, transaction and security-related information to protect the website, prevent fraudulent or unauthorised transactions, detect misuse, defend legal claims and maintain the integrity of the Project.

Legal basis: the operator’s legitimate interests in operating a secure and reliable website and protecting the Project, customers and the operator against fraud, misuse and legal risk.

Optional Public Engraving

If a key holder voluntarily submits a display name, nickname or country for public display, that information is processed and displayed only for the purpose of associating it publicly with the relevant numbered digital key.

Legal basis: the key holder’s consent.

Responding to Communications

Information submitted in questions, complaints or support requests is processed in order to respond, resolve issues and maintain records where necessary.

Legal basis: performance of the relevant contract, compliance with legal obligations and/or the operator’s legitimate interest in handling communications and disputes, depending on the nature of the request.

5. Public Digital Key Pages

Each successfully activated digital key may be connected to a public digital key page.

A public digital key page may display:

• the key number;
• the status that the key has been turned;
• the number of keys remaining before the Door may open;
• optional public engraving information voluntarily supplied by the key holder.

Payment information, private billing details, email addresses and legal names provided only for checkout or payment purposes are not displayed publicly merely because a key has been purchased.

Before submitting optional public engraving information, the key holder should understand that public information may be viewed and shared by other internet users.

6. Payments

Payment methods available during checkout may include payment processing services provided by Stripe and Viva.com, where enabled and selected by the purchaser.

When a purchaser chooses a payment method, the relevant payment provider may process payment-related personal data required to authorise, complete, prevent fraud in, refund or otherwise administer the transaction in accordance with its own privacy information and legal obligations.

The operator may receive information necessary to administer the order, including payment confirmation, transaction identifier, payment status, refund status and limited payment-method information. The operator does not intend to store full payment card credentials on the website.

7. Hosting and Website Operation

The website is hosted using hosting services provided by Hostinger.

The website uses WordPress and WooCommerce technology to display content, process orders and manage purchases of digital keys.

Hosting and website-operation services may process technical and operational data necessary to deliver the website, maintain security, store website content and manage orders.

8. Transactional Emails

The operator may send transactional emails relating to:

• order confirmation;
• payment confirmation or failure;
• digital key activation;
• access to a digital key page;
• refunds, reversals, complaints or support requests;
• legally required information relating to a purchase.

Transactional emails are sent because they are necessary to perform or administer a purchase or respond to a request. They are not marketing newsletters.

If a separate email-delivery provider is used to deliver transactional emails, that provider may process the recipient’s email address and technical delivery information solely as necessary to deliver and monitor those emails.

9. Marketing Communications

The website does not automatically subscribe purchasers to marketing newsletters merely because they purchase a digital key.

If optional marketing communications are introduced in the future, they will be sent only where permitted by applicable law and, where required, based on the recipient’s separate consent. This Privacy Policy will be updated before such functionality is introduced.

10. Cookies and Similar Technologies

The website may use cookies or similar technical storage mechanisms that are necessary for the functioning, security, checkout and payment flow of the website.

Necessary cookies may be required, for example, to maintain a checkout session, protect the website against abuse, process payment steps or ensure that pages function correctly.

Analytics, advertising or other non-essential tracking technologies are not intentionally activated as part of the initial Project setup unless they are separately introduced, disclosed and, where required by applicable law, operated only after appropriate consent has been obtained.

If analytics, advertising or additional non-essential cookie-based services are introduced later, this Privacy Policy and any applicable cookie-consent interface will be updated before those services are used.

11. Recipients and Service Provider Categories

Personal data may be shared only where necessary and appropriate with the following recipients or categories of recipients:

• hosting and website infrastructure providers used to operate the website;
• payment providers selected during checkout, including Stripe and Viva.com where enabled;
• email-delivery providers used to deliver transactional communications;
• accountants, tax advisers, legal advisers or other professional advisers where necessary for lawful business operations or claims;
• competent authorities, tax authorities, courts or other public bodies where disclosure is required by law or necessary to establish, exercise or defend legal claims.

The operator does not sell purchasers’ personal data.

12. International Data Transfers

Some service providers used in connection with hosting, payment processing, security or email delivery may process personal data outside Hungary or, where applicable, outside the European Economic Area.

Where personal data are transferred outside the European Economic Area and such transfer requires safeguards under applicable data-protection law, the transfer will be carried out using an applicable lawful transfer mechanism and appropriate safeguards provided by the relevant service provider or required by law.

13. Data Retention

Personal data are retained only for as long as necessary for the purposes described in this Privacy Policy, subject to mandatory legal retention obligations and the nature of the Project.

• Order, payment-status, invoicing and accounting data: retained for the period required by applicable accounting, tax and consumer-protection laws, and where necessary for the establishment, exercise or defence of legal claims.
• Digital key number and activation record: retained for the operation and historical integrity of the Project, including recording which numbered keys turned the Door.
• Optional public engraving information: displayed until the key holder withdraws consent, requests removal or anonymisation, or the operator removes the information in accordance with applicable law or the Terms.
• Support and complaint correspondence: retained for as long as necessary to respond to the matter and, where relevant, to meet legal requirements or defend claims.
• Technical and security logs: retained only for as long as reasonably necessary for website operation, security, fraud prevention, troubleshooting or legal claims.

14. Optional Public Engraving and Withdrawal of Consent

A key holder who voluntarily provided public engraving information may withdraw consent for the public display of that information.

Following a valid request, the operator may remove or anonymise the optional public engraving information associated with the relevant key.

Withdrawal of consent relating to optional public engraving does not invalidate the underlying purchase or require deletion of the numbered digital key record where retention of that record is necessary for the integrity of the Project, contractual records, legal obligations or legal claims.

15. Data Subject Rights

Subject to the conditions and limitations of applicable data-protection law, individuals may have the right to:

• request access to their personal data;
• request correction of inaccurate personal data;
• request deletion of personal data;
• request restriction of processing;
• object to processing based on legitimate interests;
• receive personal data in a portable format where applicable;
• withdraw consent at any time where processing is based on consent;
• lodge a complaint with a competent data-protection supervisory authority.

A request relating to personal data may be sent to:

info@lastdoorontheinternet.com

Before completing a request, the operator may take reasonable steps to verify the identity of the person making the request and to protect personal data against unauthorised disclosure or alteration.

16. Supervisory Authority

Individuals may lodge a complaint with the Hungarian supervisory authority:

Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
1055 Budapest, Falk Miksa utca 9-11.
Hungary

Individuals residing elsewhere in the European Union may also have the right to contact the data-protection supervisory authority in their country of residence.

17. Security

The operator takes reasonable technical and organisational steps intended to protect personal data against unauthorised access, loss, alteration, misuse or disclosure.

No online system can be guaranteed to be completely secure. Users should take appropriate care when choosing information to provide publicly on a digital key page.

18. Automated Decision-Making

The operator does not use personal data for automated decision-making that produces legal effects or similarly significant effects concerning purchasers.

Payment or security providers may carry out automated fraud-prevention or payment-authorisation checks under their own legal responsibilities and privacy information.

19. Changes to this Privacy Policy

The operator may update this Privacy Policy where necessary due to changes in the Project, website functionality, payment providers, email services, analytics or cookie technologies, legal requirements or data-processing practices.

The current version will be published on this website together with its update date.

20. Contact

Questions concerning this Privacy Policy or the processing of personal data may be sent to:

info@lastdoorontheinternet.com