Privacy Policy

This Privacy Notice describes how [Company Name] (“Company”, “we”, “us”, “our”) processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”). This Notice applies solely to data collected through our website and, in particular, to information submitted via the contact form. We do not offer online purchasing, user registration, or other mechanisms for collecting personal data beyond what is detailed herein.

1. Data Controller

The data controller responsible for the processing of personal data is:

[Company Name]
[Registered Address]
Email: [Contact Email]
Telephone: [Phone Number]

2. Categories of Personal Data Processed

We process personal data voluntarily submitted by users acting on behalf of a business or other legal entity. Through our online contact form, we may collect and process the following categories of personal data:

  • Name
  • Email address
  • Telephone number
  • Country
  • Represented company or organization
  • Message content and any information voluntarily disclosed therein

We do not intentionally collect data from private individuals acting in a personal capacity.

3. Purposes and Legal Bases for Processing

Personal data submitted via the contact form is processed exclusively for the following purposes and corresponding legal bases under the GDPR:

3.1 Responding to Business Inquiries

To communicate with the representative of a business who has contacted us, including providing information about our services.
Legal basis: Article 6(1)(f) GDPR — legitimate interest in responding to inquiries and facilitating potential business relationships.

3.2 Preparing Business Offers or Continuing Correspondence

To evaluate inquiries, prepare proposals, and maintain communication necessary for pre-contractual or ongoing cooperation with the represented business.


Legal basis:

  • Article 6(1)(b) GDPR — processing necessary for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract; and/or
  • Article 6(1)(f) GDPR — legitimate interest in conducting business operations.

3.3 Record-Keeping for Administrative and Compliance Purposes

To maintain records of correspondence and potential transactions.
Legal basis: Article 6(1)(c) GDPR — compliance with legal obligations; and/or Article 6(1)(f) GDPR — legitimate interest in maintaining proper business administration.

We do not process personal data for automated decision-making or profiling under Article 22 GDPR.

4. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Unless a contract is established or legal obligations require longer storage, contact form submissions are retained for a maximum period of 12 months. If cooperation is initiated, data may be retained in accordance with applicable commercial, financial, and statutory retention requirements.

5. Data Sharing and Processors

Personal data may be shared only with:

  • IT and hosting service providers who support our website and email systems
  • Other third parties where disclosure is required by law or where necessary to establish, exercise, or defend legal claims

Such parties act as data processors under Article 28 GDPR and are bound by contractual obligations to ensure the protection of personal data.

We do not sell, lease, or otherwise commercially distribute personal data.

6. International Data Transfers

We do not routinely transfer personal data outside the European Economic Area (EEA).
If a transfer is necessary — for example, due to the use of certain IT or email service providers — such transfers will occur only where:

  • An adequacy decision under Article 45 GDPR applies, or
  • Appropriate safeguards in accordance with Article 46 GDPR are in place, such as Standard Contractual Clauses (SCCs), or
  • A derogation under Article 49 GDPR applies in exceptional cases.

Additional information regarding international transfers may be requested at any time via the contact details provided above.

7. Data Subject Rights

Data subjects have the following rights under the GDPR:

  • Right of access (Art. 15) – to obtain confirmation and a copy of personal data processed.
  • Right to rectification (Art. 16) – to correct inaccurate or incomplete data.
  • Right to erasure (Art. 17) – to request deletion of data under certain circumstances.
  • Right to restriction of processing (Art. 18).
  • Right to object (Art. 21) – to processing carried out on the basis of legitimate interests.
  • Right to data portability (Art. 20) – where processing is based on consent or contract and carried out by automated means.

Requests to exercise these rights may be submitted to [Contact Email].

Data subjects also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of their habitual residence, place of work, or place of the alleged infringement.
The competent authority in our jurisdiction is:

National Authority for Data Protection and Freedom of Information  (hereinafter “the Authority” or “the NAIH”): https://naih.hu/

8. Security Measures

We implement appropriate technical and organizational measures to safeguard personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Access to personal data is strictly limited to authorized personnel who require such access for operational purposes.

9. Updates to This Privacy Notice

We may update this Privacy Notice periodically to reflect changes in our data processing practices or legal requirements. The updated Notice will be published on this page together with the effective date.

EUmedra 2025 © All rights reserved.