Effective date: 21 February 2026
Website: morewoodmore.com

1) Summary (plain-language)

• We sell physical products in Hungary and the EU via our WooCommerce store.

• We process your data to fulfil orders, provide accounts, reply to messages, keep our site secure, and (if you allow it) to measure website usage with analytics.

• We use CookieYes to manage cookie consent. Non-essential cookies (e.g., analytics/marketing) are used only if you consent.

• We currently have a Google Ads account, but we are not running ads. If we enable advertising/remarketing later, we will do so only with consent where required.

• You can contact us at info@morewoodmore.com to exercise your GDPR rights.

2) Who we are (Data Controller)

The data controller for the processing described in this policy is:

• Controller: Winklhofer Emília

• Location: Hungary, Csongrád-Csanád county

• Address: 6786 Ruzsa tanya 708

• Email: info@morewoodmore.com

Data Protection Officer (DPO): We have not appointed a DPO, as we are not required to do so for our activities.

3) Scope of this policy

This Privacy Policy explains how we collect and use personal data when you:

• browse our website,

• create or use an account,

• place orders,

• contact us,

• interact with cookies/analytics tools.

This policy applies to online processing performed through morewoodmore.com.

4) Definitions

• Personal data: any information relating to an identified or identifiable person (e.g., name, email, address, IP).

• Processing: any operation performed on personal data (e.g., collection, storage, use).

• Controller: the entity that decides why/how data is processed (us).

• Processor: a service provider that processes data on our behalf (e.g., hosting, analytics, security services).

• EEA: European Economic Area.

5) What data we collect

A) Data you provide directly

Account data (if you create an account):

• name (if provided), username

• email address

• password (stored in hashed form by WordPress/WooCommerce)

• account preferences

Order and checkout data:

• billing name and billing address

• shipping name and shipping address

• email address, phone number (if provided)

• ordered products, quantities, prices

• order notes (if you add any)

• invoice/transaction references for bank transfer (e.g., payment reference/identifier)

Customer support / communications:

• messages you send us (email or contact forms)

• attachments you provide (if any)

• our correspondence with you

B) Data collected automatically

Device and usage data (depending on settings/consent):

• IP address

• browser type/version, device type, operating system

• pages visited, time spent, approximate location (derived from IP)

• referral source (how you arrived at our site)

Cookies and similar technologies:

• cookie identifiers and preferences

• consent status stored by CookieYes

• analytics identifiers (only if you consent to analytics cookies)

C) Security and anti-bot data

To protect our website and customers we may process:

• IP address, request data, and technical logs (Wordfence)

• signals used to distinguish humans from bots (hCaptcha), which may include IP address and browser/device characteristics

6) Why we use your data (purposes and legal bases)

Below, “GDPR Art. 6(1)” refers to the legal basis for processing.

6.1 Creating and managing customer accounts

• Purpose: allow you to register, log in, and manage your account.

• Data: account data, log-in data, technical identifiers (e.g., session cookies).

• Legal basis: Contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)) to operate the website securely.

6.2 Processing and fulfilling orders (WooCommerce)

• Purpose: take orders, manage checkout, confirm orders, prepare shipment, handle returns.

• Data: billing/shipping details, order details, communication records.

• Legal basis: Contract (Art. 6(1)(b)).

6.3 Bank transfer payment handling

• Purpose: reconcile incoming transfers, confirm payment status, prevent payment disputes.

• Data: payment reference/identifier, payer name shown in bank transfer details (as available), order reference.

• Legal basis: Contract (Art. 6(1)(b)) and legal obligation (Art. 6(1)(c)) where accounting/tax rules apply.

6.4 Accounting, invoicing, and legal compliance

• Purpose: comply with applicable accounting and tax obligations.

• Data: invoice data, order data, customer billing data.

• Legal basis: Legal obligation (Art. 6(1)(c)).

6.5 Customer support and communications

• Purpose: respond to inquiries, complaints, warranty/returns, service messages.

• Data: email, message content, order references if relevant.

• Legal basis: Legitimate interests (Art. 6(1)(f)) (providing support and improving service) and/or contract (Art. 6(1)(b)) where it relates to an order.

6.6 Website security (Wordfence) and fraud/abuse prevention

• Purpose: detect malicious activity, prevent unauthorized access, protect users and the site.

• Data: IP address, request logs, device/browser data, security event logs.

• Legal basis: Legitimate interests (Art. 6(1)(f)) (security of our systems and users).

6.7 Bot/spam protection (hCaptcha)

• Purpose: protect forms and checkout from automated abuse and spam.

• Data: IP address and technical signals used to validate human interaction.

• Legal basis: Legitimate interests (Art. 6(1)(f)) (security/anti-abuse).
  Where cookies or similar technologies are used beyond what is strictly necessary, we rely on consent (Art. 6(1)(a)) via CookieYes.

6.8 Analytics (Google Analytics 4)

• Purpose: understand how visitors use the website and improve it.

• Data: online identifiers (cookies/IDs), IP address (typically truncated/handled by Google systems), page interactions, device info.

• Legal basis: Consent (Art. 6(1)(a)) for analytics cookies and related tracking (via CookieYes).

6.9 Advertising / remarketing (Google Ads) — currently not active

• Current status: We have a Google Ads account, but we are not running ads and we do not intentionally deploy marketing/remarketing cookies for campaigns at this time.

• If enabled in the future: marketing/remarketing tags and cookies will be used only with consent where required (Art. 6(1)(a)), and we will update this policy accordingly.

7) Cookies and consent (CookieYes)

7.1 What are cookies?

Cookies are small text files stored on your device. We also use similar technologies (e.g., local storage) where applicable.

7.2 Cookie categories we may use

• Necessary (essential): required for core site functions (e.g., cart, checkout, session security). These cannot be switched off in the cookie banner.

• Preferences: remember choices (e.g., language, display settings), if implemented.

• Analytics: measure website usage (GA4) — only with consent.

• Marketing: ads/remarketing cookies — only with consent (not currently used for active campaigns).

7.3 How CookieYes consent works

• On your first visit, CookieYes shows a banner where you can accept, reject, or customize cookies.

• Your consent choice is stored so we can respect it on future visits.

• You can change or withdraw consent at any time using the CookieYes settings link/button on our site (if displayed), or by clearing cookies in your browser.

7.4 What happens if you reject cookies?

• Necessary cookies still run so the site can function (cart/checkout/security).

• Analytics/marketing features will not run, which may limit our ability to measure and improve performance, but does not prevent you from shopping.

8) WooCommerce and e-commerce specifics

8.1 Order processing

We use WooCommerce to manage orders, including:

• cart and checkout

• order confirmation and status updates

• returns and customer support

8.2 Shipping

We share the minimum necessary data (typically name, shipping address, contact details where needed, and order reference) with:

• [SHIPPING PROVIDERS]
  This sharing is necessary to deliver your order (contract, Art. 6(1)(b)).

8.3 Invoicing and accounting

We may share data with:

• [ACCOUNTANT/BOOKKEEPER]
  to comply with legal obligations (Art. 6(1)(c)).

9) Email communications (Hostinger SMTP)

We use Hostinger SMTP to send transactional emails, such as:

• order confirmations

• shipping and status updates

• password reset emails

• customer support replies

Legal basis: Contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)) for service communications.
We do not send newsletters by default. If we introduce marketing emails, we will describe the mechanism (e.g., opt-in) and legal basis (typically consent).

10) Who we share data with (processors and recipients)

We may share data with service providers that help us run the website and fulfil orders, including:

• Hosting / email delivery: Hostinger (SMTP)

• Analytics: Google Analytics 4 (Google) (only with consent)

• Advertising platform: Google Ads (Google) (no active campaigns; if enabled, consent-based where required)

• Cookie consent management: CookieYes

• Security: Wordfence

• Anti-bot / spam protection: hCaptcha

• Shipping providers: [SHIPPING PROVIDERS]

• Accounting: [ACCOUNTANT/BOOKKEEPER]

We share only what is necessary, and where required we have appropriate agreements in place (e.g., data processing agreements).

11) International data transfers

Some of our providers (notably Google, and potentially others) may process data outside the EEA (for example in the United States) or allow remote access from outside the EEA.

When international transfers occur, we rely on appropriate safeguards such as:

• the European Commission’s Standard Contractual Clauses (SCCs), and/or

• other transfer mechanisms recognized under GDPR, plus additional technical/organizational measures where needed.

You can contact us at info@morewoodmore.com to ask for more information about relevant safeguards for a specific provider.

12) Data retention (how long we keep data)

We keep personal data only as long as necessary for the purposes described above.

Typical retention periods (may vary depending on legal requirements and disputes):

• Orders, invoices, accounting records: kept for the legally required period under applicable Hungarian/EU accounting/tax rules (commonly up to 8 years, where applicable).

• Customer account data: kept until you delete your account or request deletion, unless we must keep certain data for legal claims/obligations.

• Customer support emails/messages: typically up to 1–3 years after the last interaction (unless needed for disputes or legal obligations).

• Security logs (Wordfence): typically days to months depending on configuration and security needs.

• Analytics data (GA4): retained according to our GA4 settings (commonly 2–14 months for certain event/user data settings), and only collected with consent.

Where we must keep data for legal claims, fraud prevention, or compliance, we may retain it longer, limited to what is necessary.

13) Security measures

We use reasonable technical and organizational measures, such as:

• HTTPS encryption in transit

• access controls and strong authentication for admin accounts

• security monitoring and firewall features (Wordfence)

• regular updates of WordPress, themes, and plugins

• backups and limited access to systems and data

No method of transmission or storage is 100% secure, but we work to protect your data.

14) Your rights under GDPR

Depending on circumstances, you have the right to:

• Access your data (Art. 15)

• Rectify inaccurate data (Art. 16)

• Erase your data (“right to be forgotten”) (Art. 17)

• Restrict processing (Art. 18)

• Data portability (Art. 20)

• Object to processing based on legitimate interests (Art. 21)

• Withdraw consent at any time (doesn’t affect past processing) (Art. 7(3))

• Lodge a complaint with a supervisory authority

Hungary supervisory authority (NAIH)

You can contact Hungary’s supervisory authority:

• National Authority for Data Protection and Freedom of Information (NAIH)

(You can find their current contact details on their official website.)

To exercise your rights, email us at info@morewoodmore.com. We may ask for information to verify your identity.

15) Children’s privacy

Our website and products are not intended for children. We do not knowingly collect personal data from children.

16) Automated decision-making and profiling

We do not use automated decision-making that produces legal or similarly significant effects about you.
If we enable advertising/remarketing features in the future, we will explain any relevant profiling and provide controls/consent options.

17) Changes to this policy

We may update this Privacy Policy from time to time (e.g., when adding services like advertising tags). The updated version will be published on this page with a new effective date.

Cookies Policy (Reusable Section / Template)

Cookies Policy (English)

A) Managing your cookie preferences

We use CookieYes to manage consent. You can:

• accept or reject non-essential cookies via the banner on first visit, and

• change/withdraw consent later using the CookieYes “cookie settings” link/button (if shown on the site), or by clearing cookies in your browser.

B) Cookie categories we use

• Necessary: required for site operation (cart, checkout, security).

• Preferences: remembers settings (if enabled).

• Analytics: GA4 measurement (only with consent).

• Marketing: advertising/remarketing cookies (only with consent; currently not active for campaigns).