Privacy Notice

1. Data Controller Details

  • Name: Miklos Matyas sole proprietor
  • Registered office: 23/A Kiralyhago Street, 8000 Szekesfehervar, Hungary
  • Tax number: 59255587-1-27
  • Email: miklos@matyaswebstudio.com

(hereinafter: the “Data Controller”)

2. Purpose of Data Processing

The Data Controller processes the personal data provided via the contact form on the website for the following purposes:

  • making contact
  • preparing quotes
  • project consultation
  • maintaining business communication

3. Categories of Personal Data Processed

Required data:

  • last name
  • first name
  • email address
  • message / project description

Optional data:

  • phone number
  • company name
  • website URL

Providing optional data is not a condition for making contact.

The legal basis for data processing is:

the voluntary consent of the data subject
(GDPR Article 6(1)(a))

Consent is given by submitting the form and ticking the checkbox.

5. Duration of Data Processing

The Data Controller processes personal data:

  • for a maximum of 12 months, or
  • until the communication is closed, or
  • until the data subject requests deletion

6. Method of Data Processing

The data provided in the form:

  • are entered into a system operated by the Data Controller
  • are stored and processed in an internal customer relationship management (CRM) system

The CRM system:

  • is open-source software (Twenty CRM)
  • runs on a server rented by the Data Controller
  • is not accessible to third parties

7. Data Processors

7.1 Hosting Provider

The Data Controller uses a hosting provider for operating the website:

  • Hetzner (cloud hosting provider)

Its tasks:

  • providing server infrastructure
  • storing data

8. Server Logging (Processing of IP Addresses)

During the operation of the website, the system may automatically record the following data:

  • IP address
  • time of visit
  • pages visited
  • browser and device data

Purpose of processing:

  • ensuring system security
  • preventing misuse

legitimate interest (GDPR Article 6(1)(f))

Retention period:

maximum 30 days

9. Data Security

The Data Controller and the data processor apply appropriate technical and organisational measures, in particular:

  • access protection (password protection, permission management)
  • secure server configuration
  • regular software updates
  • daily backups
  • retention of backups for 30 days
  • protection against unauthorised access

10. Data Transfers

The Data Controller does not transfer personal data to third parties, except:

  • where required by law

The data are stored within the European Union.

11. Rights of Data Subjects

The data subject has the right to:

  • request information about the processing
  • request access to their data
  • request rectification
  • request deletion
  • request restriction of processing
  • withdraw their consent

12. Remedies

The data subject may lodge a complaint with the supervisory authority:

  • Hungarian National Authority for Data Protection and Freedom of Information
  • https://naih.hu

13. Contact

For data protection related questions: