💡 律咖编者按
本文由律咖网社群读者 radish 投稿分享。
为了方便大家阅读,律咖网编辑 JingJing(微信:lvga2015)对原文进行了细致的逻辑润色与合规性整理。希望能给正在 匈牙利 创业路上的你带来真实的参考。

I never thought my little restaurant’s customer sign-up sheet would land me in legal gray zones.

I’m radish — yes, that’s my online handle, and yes, I’m 41, from Xinhua, Hunan, and I drink way too much coffee now. I moved to Kecskemét two years ago to test the market for a mid-range Chinese bistro serving Hunan-style dishes. My dream? To build something steady, not flashy. But in Hungary, “steady” doesn’t mean just good food and friendly service. It means understanding rules you didn’t know existed.

Like data privacy.

I started collecting emails and phone numbers from customers who wanted to join our weekly newsletter — “Hunan Flavor Club,” we called it. Free dumplings for the first 50 sign-ups. Simple, right? I thought so. I kept the list in a Google Sheet. No password. Just me, my tablet, and my hopeful heart.

Then, last November, I got a call from a local lawyer — not because I was in trouble, but because my neighbor, who owns a small bookstore, had mentioned me. “Your sign-up sheet,” she said, “you’re not using a consent checkbox, are you?”

I blinked. “What’s a consent checkbox?”

That’s when I realized: I had no idea how the EU’s General Data Protection Regulation (GDPR) applied to my tiny business. I thought GDPR was for tech giants, banks, hospitals — not for a Chinese restaurant in a city of 120,000 people.

I spent three days researching. I found that under GDPR, even collecting a name and phone number counts as “personal data.” And if you don’t have clear, active consent — not just a signature on a paper — you’re potentially violating Article 6 and Article 7. Even worse: if that data gets leaked or misused, the fines can be up to 4% of your annual turnover. I didn’t even have annual turnover yet. But the fear? Real.

I reached out to a local lawyer — not because I was scared, but because I wanted to do this right. Her name was Éva. She was warm, patient, and asked me three questions before even looking at my sheet:

  1. “Do you tell customers why you’re collecting their data?”
  2. “Do they know they can ask you to delete it anytime?”
  3. “Do you store it longer than necessary?”

I had answers for none of them.

I had assumed: “If they signed it, they agreed.”
That was my information asymmetry moment — I thought legal compliance was about paperwork. It’s not. It’s about transparency. About respect. About giving people control.

And that’s when I realized: this wasn’t just about avoiding fines. It was about building trust. And trust is the real currency in a place where you’re still seen as “the Chinese owner,” not yet “the neighbor who makes great stew.”

I redesigned everything.

I created a simple two-line consent form in Hungarian and Chinese, printed on recycled paper. It says:

“We collect your email and phone number only to send you weekly updates about our special dishes and events. You can ask us to delete this data anytime. No pressure. No hidden fees.”

I added a checkbox. I made sure every customer sees it. I don’t hand them the pen until they’ve read it aloud — slowly — with me.

I moved the list from Google Sheets to a password-protected, encrypted Google Form with auto-deletion after 12 months. I told my staff: “If someone asks, ‘Can you delete my number?’ — say yes. Immediately. No questions.”

I also learned that in Hungary, not every lawyer is trained in data privacy. I asked Éva: “How do I know if a lawyer is qualified to advise on GDPR?” She smiled and said:

“Look for ‘adatvédelmi szakértő’ — data protection expert — on their website. Or check the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).”

I checked NAIH’s public register. Found three lawyers in Kecskemét who listed GDPR as a specialty. One charges 8,000 HUF/hour. I didn’t hire them. But I saved their contact info.

I’m still learning.

I now think about time differently. Before, I thought time was spent cooking, cleaning, negotiating rent. Now I know: time is also spent reading laws, asking questions, undoing mistakes. And that time? It’s not wasted. It’s the cost of being seen as legitimate.

I used to think “compliance” meant bureaucracy. Now I see it as dignity.

📌 FAQ

  • Step: Ask for explicit consent before collecting any personal data (name, phone, email, etc.).
  • Path: Use a clear checkbox (not pre-ticked) with a plain-language explanation.
  • Key Points:
    • State the purpose (e.g., “newsletter only”)
    • Mention right to withdraw or delete
    • Do not bundle consent with other terms
    • Keep records of consent (even a signed paper copy is acceptable)
    • Store data only as long as needed — set a retention period (e.g., 12 months)

Note: This may vary based on whether you’re acting as a data controller or processor. Always confirm with a local lawyer.

Q2: How do I find a qualified lawyer in Kecskemét for data privacy issues?

  • Step: Visit the official website of the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).
  • Path: Go to https://naih.hu → Click “Adatvédelmi szakértők” (Data Protection Experts) → Use the search filter for “Kecskemét”.
  • Key Points:
    • Look for lawyers who list “GDPR,” “adatvédelem,” or “adatkezelés” as specialties
    • Ask if they’ve advised small businesses (not just corporations)
    • Request a 30-minute consultation — many offer this for free or low cost
    • Avoid lawyers who say “I know GDPR” without naming specific articles or cases

Tip: Some Hungarian bar associations offer free legal clinics for small entrepreneurs. Ask at the Kecskemét Chamber of Commerce.

Q3: Can I use a Chinese app like WeChat to collect customer data for marketing?

  • Step: Do not store EU customer data on servers outside the EEA unless you have a valid transfer mechanism.
  • Path:
    1. Avoid using WeChat, Alipay, or other Chinese platforms to collect names/phones in Hungary.
    2. Use EU-based tools: Google Forms (with encryption), Mailchimp (GDPR-compliant version), or local services like Mailjet or Sendinblue.
    3. If you must use Chinese apps, ensure data is not stored in China and is encrypted end-to-end.
  • Key Points:
    • GDPR prohibits transfers to countries without “adequate protection” — China is not on the EU’s approved list
    • Even if you think “it’s just a few names,” the law doesn’t care about scale
    • A single complaint from a customer can trigger an investigation

If you’re unsure, use paper forms. They’re slower — but legally safer.

I still make mistakes. Last week, I accidentally emailed a customer who asked to be removed — I thought I deleted them, but the backup copy still had their info. I called them immediately. Apologized. Sent a handwritten note with a free dessert coupon. They laughed. Said, “You’re the only Chinese restaurant in town who actually listens.”

That meant more than any compliance certificate.

I’m not here to become a legal expert. I’m here to serve good food, build relationships, and learn slowly. But I’ve learned this: in Europe, trust isn’t given — it’s earned through small, visible acts of honesty.

If you’re in Kecskemét, or anywhere in Hungary, and you’re wondering whether your customer list is legal — don’t guess. Don’t assume. Don’t wait until someone complains.

Ask.

Talk to someone who’s been there.

If you’re curious about how other Chinese entrepreneurs in Hungary handle contracts, residency renewals, or even landlord disputes — I’ve been there too. I’ve made the mistakes. I’ve asked the dumb questions.

And I still do.

If you’d like to share your story, or just ask a quiet question — I highly recommend reaching out to JingJing at lvga2015 on WeChat. She doesn’t promise anything. She just listens. And sometimes, that’s all you need.

🔸 延伸阅读

🔸 EU to simplify visa process for Kazakhstan, fostering closer cooperation 🗞️ 来源: Euronews – 📅 2025-12-05
🔗 阅读原文

请知悉:律咖网(Lvga.com)是跨境创业公开信息与内容分享平台,不提供法律、税务、会计或合规服务。
本文内容基于公开资料,并由人工编辑与 AI 工具协助整理,仅供信息参考之用,不构成任何法律、投资、移民或商业决策建议。
政策可能随时间变化,请以官方渠道与当地持牌专业人士意见为准。
如内容有需要修订之处,欢迎随时与我联系。