Effective from: 26.05.2026
Trendalkotó Kereskedelmi és Szolgáltató Kft.
5310 Kisújszállás, Mohácsi utca 12., Hungary
E-mail: contact@tipsandbonus.com
Contact for Privacy & Legal: legal@trendalkoto.hu
No data protection officer is currently appointed.
This Privacy Policy applies to the website tipsandbonus.com, including all subpages and landing pages.
We process personal data only where necessary, on the basis of a lawful ground, and we provide transparent information about purposes, recipients and retention periods.
When you access our website, technical data is processed by the hosting provider (server log files), e.g.:
• IP address (possibly truncated), date/time, page or file accessed
• browser and device information (user agent), referrer URL
• status codes, transferred data volumes
Purposes: operation and delivery of the website, stability, security, error analysis.
Lawful basis: UK GDPR Article 6(1)(f) (legitimate interests in secure and stable operation).
Recipients/processors: Hetzner (hosting/servers).
Retention: typically up to 14 days, longer only in security‑relevant cases.
If you contact us by email, we process your details (e.g. email address, message content) to handle your enquiry.
Purposes: communication, handling enquiries, documentation.
Lawful basis: UK GDPR Article 6(1)(b) (pre‑contractual communication) and/or Article 6(1)(f).
Recipients: depending on the technical setup, sending/relay via our provider (e.g. Hetzner SMTP, if used).
We use Cloudflare for domain and DNS management. Depending on the functions used, technical metadata may be processed.
Purposes: stable availability, technical administration, security.
Lawful basis: UK GDPR Article 6(1)(f).
International processing note: Depending on the features used, processing outside the UK cannot be excluded. Where a restricted transfer occurs, we use appropriate safeguards (e.g. the UK IDTA or the UK Addendum to the EU SCCs) and carry out risk assessments where required.
We use security mechanisms/plugins to prevent unauthorised access. This may involve processing IP addresses, timestamps, login attempts and technical metadata.
Purposes: IT security, abuse and attack detection.
Lawful basis: UK GDPR Article 6(1)(f).
Retention: typically up to 30 days, depending on security events.
If you submit data via a form, we process this data to handle your enquiry and – where required for brokering – to forward it to providers/partners.
Data processed (typically): contact and communication data (e.g. name, email, phone number), possibly postcode/region, form content as well as technical metadata (timestamp, IP, consent status).
Purposes: handling and forwarding your enquiry, attribution, quality assurance and proof (opt‑in).
Lawful basis: UK GDPR Article 6(1)(a) (consent).
Recipients: depending on the offer, providers/partners (advertisers) and/or affiliate networks (see sections 12 and 13).
We use a consent management platform (CMP) Cookiebot™ by Usercentrics (provider: Usercentrics A/S, Denmark), integrated via the Cookiebot WordPress plugin and/or script on our website.
Purposes: obtaining, managing and documenting consent; technical control of scripts/tags according to opt‑in/opt‑out.
Legal basis for cookies/technologies: Under PECR, consent is required for non‑essential cookies or similar technologies. For associated personal data processing, the lawful basis is UK GDPR Article 6(1)(a) (consent).
Legal basis for consent records: UK GDPR Article 6(1)(c) (legal obligation) and/or Article 6(1)(f) (legitimate interests in documenting consent).
Data processed (typically): consent choice/consent state, timestamps, consent ID/key, accessed URL, browser/device information (user agent) and the IP address in anonymised form (possibly including coarse geo information for serving the appropriate banner by jurisdiction).
Storage: consent decisions are stored client‑side in a first‑party cookie (e.g. “CookieConsent”) so that your choice is respected on subsequent visits. In addition, consents are logged server‑side in Cookiebot’s consent log and can be exported via the Cookiebot manager as proof. We use these consent data exclusively for consent management and proof of consent, not for profiling by the CMP.
External web fonts and icon libraries (Google Fonts / Font Awesome): Where we load fonts or icon libraries from external providers (e.g. Google Fonts via fonts.googleapis.com / fonts.gstatic.com or Font Awesome via CDN domains), your browser connects to the respective provider’s servers. In the process, your IP address and certain technical data (e.g. browser/device information) may be transmitted.
Where enabled, we load such external resources only after your consent via “Cookie Settings” (consent management). The legal basis is your consent (PECR for device access/storage and UK GDPR Article 6(1)(a)). Without consent, we use locally provided fallback fonts/icons where possible. If data is transferred to third countries (e.g. the United States) in individual cases, this is based on appropriate safeguards (e.g. the UK IDTA/UK Addendum), where required.
We use cookies and similar technologies. Some are technically necessary; others (analytics/marketing) are used only with your consent.
• Necessary technologies: required for operation and security
• Analytics technologies: reach measurement and optimisation (opt‑in only)
• Marketing technologies: remarketing, conversion and attribution (opt‑in only)
Cookie settings: You can change or withdraw your choice at any time via “Cookie Settings” on the website.
We use FunnelFlux for campaign analysis, attribution and troubleshooting in performance marketing. FunnelFlux provides a Data Processing Addendum (DPA).
Data processed (typically): click and event data, pseudonymous IDs, technical metadata (e.g. IP address, user agent, referrer), timestamps, campaign parameters.
Lawful basis: UK GDPR Article 6(1)(a) (consent) where classified as marketing/tracking.
For attribution of campaigns and conversions we may use an affiliate network. This may set cookies/tracking IDs and process events.
Role: typically an independent controller / third‑party (depending on the arrangement).
Lawful basis: UK GDPR Article 6(1)(a) (consent).
With consent, Meta technologies (e.g. pixel) may be used to measure conversions and create audiences.
Lawful basis: UK GDPR Article 6(1)(a) (consent).
With consent, Google services may be used to measure campaign success and optimise (e.g. Ads conversion tracking).
Lawful basis: UK GDPR Article 6(1)(a) (consent).
We disclose data only where necessary (e.g. hosting, security, consent management, tracking with consent) or where you have explicitly consented (forwarding leads to providers/partners).
For some service providers, processing outside the UK cannot be excluded. In such cases, we use appropriate safeguards (e.g. UK IDTA or UK Addendum) or rely on relevant mechanisms of the providers.
We store personal data only as long as necessary for the purposes and/or as required by statutory retention obligations.
• Server logs: typically up to 14 days
• Security logs: typically up to 30 days
• Leads/enquiries: until handled and for documentation; maximum 24 months unless longer retention is required by law or justified reasons
• Consent proofs (CMP): up to 3 years (typical limitation periods) or longer where required for legal defence
Under UK GDPR, you have rights including access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent.
You can withdraw consent at any time with effect for the future (e.g. via Cookie Settings or by email to legal@trendalkoto.hu).
You have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO), or with another competent authority depending on your circumstances.
Providing personal data is generally voluntary. However, without certain details (e.g. contact details) we may not be able to process enquiries or forward them to providers/partners.
We do not carry out automated decision‑making including profiling within the meaning of UK GDPR Article 22. Third parties may perform profiling within marketing/tracking technologies if you have consented (see sections 12 and 13).
If you subscribe to our newsletter, we process personal data to send you periodic emails containing editorial content (e.g. blog summaries) and information about current offers and marketing recommendations.
Purposes of processing:
• sending newsletters with editorial content (e.g. blog summaries)
• information about current offers, promotions and marketing recommendations
• measuring and optimising newsletter performance (open and click rates, link tracking), in particular via MailerLite
Lawful basis: processing is based on your consent (UK GDPR Article 6(1)(a)). We generally use a double opt‑in procedure.
Categories of personal data:
• email address
• optional: first name
• timestamp of subscription and confirmation (double opt‑in)
• source of subscription (e.g. page/URL)
• newsletter interaction data (opens/clicks) where tracking is enabled
• technical evidence (e.g. IP address and user agent) where required to document consent
Recipients/processors: we use MailerLite as newsletter service provider. MailerLite processes data on our behalf under a DPA (UK GDPR Article 28 equivalent). Where newsletter tracking is enabled, MailerLite may record open and click data and link interactions.
Retention: we store your data until you withdraw consent (unsubscribe) or the newsletter service is discontinued. After unsubscribing, proof of consent (e.g. double opt‑in logs) may be retained for an appropriate period (typically up to 3 years) to defend legal claims.
Withdrawal / unsubscribe: you can withdraw consent at any time. Each newsletter contains a one‑click unsubscribe link. Alternatively, you can contact us at news@tipsandbonus.com .
We update this Privacy Policy if laws, services or processing activities change.