Privacy Policy

Version: 30 May 2025
Data Controller: EvolvingDesk Kft
Principal Place of Business: Ady Endre út 376, 3663 Arló, Hungary
Value Added Tax Registration Number: HU32333093
Electronic Correspondence: [email protected]

  1. Introduction and Purpose of Document
    This document, hereinafter referred to as the “Privacy Policy”, sets forth the principles, legal bases, categories, purposes, and procedural mechanisms pertaining to the acquisition, registration, storage, transfer, and other forms of processing of personal data conducted by EvolvingDesk Kft (also referred to as the “Controller”, “Provider”, or “We”), in the context of the commercial offering known under the designation “Internet in Hungary”, which encompasses the provision of internet connectivity services and associated operational procedures. This Privacy Policy is implemented in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council, commonly referred to as the General Data Protection Regulation (“GDPR”), and applicable Hungarian legislation, and is binding upon all data subjects, whether such subjects have entered into a service contract or have merely interacted with the Provider’s digital assets.

  1. Scope of Personal Data Collected and Processed
    The Controller processes the following categories of personal data, including but not limited to:
    i. Identity and contact data voluntarily submitted by the data subject in the course of registration, subscription initiation, order placement, or customer support requests, such as name, residential and billing address, email address, telephone number, and any other identifying information provided via form fields, email correspondence, telephonic communication, or otherwise;
    ii. Technical data automatically captured by the Controller’s or third-party systems, including internet protocol (IP) addresses, HTTP headers, browser identification strings, cookies, session data, interaction timestamps, device characteristics, referring URLs, and behavioral metrics;
    iii. Information submitted during incomplete or abandoned checkout processes, such data being retained for the purposes delineated in section 4 herein, regardless of order completion status;
    iv. Customer support interaction records, including written and recorded communications, diagnostic logs, timestamps, internal notes, and metadata pertaining to the inquiry handling process.

  1. Lawful Basis for Processing Operations
    The Provider undertakes processing operations on the basis of one or more of the following legal grounds as stipulated in Article 6(1) of the GDPR:
    a. The necessity of processing for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into such a contract;
    b. The necessity of processing for compliance with a legal obligation to which the Controller is subject, including but not limited to obligations concerning financial records, telecommunications regulations, and consumer rights;
    c. The pursuit of legitimate interests of the Controller or a third party, including but not limited to operational efficiency, fraud prevention, customer relationship management, analytics, security assurance, and marketing strategy optimization;
    d. The express, specific, informed, and unambiguous consent of the data subject, where such consent is required by law and applicable to the particular processing activity.

  1. Processing Objectives and Use of Data
    The categories of personal data enumerated in section 2 above are processed for one or more of the following purposes:
    – Execution, fulfilment, administration, and enforcement of contracts entered into with the Customer, including but not limited to the provision of wired internet access, billing arrangements, customer authentication, and technical troubleshooting;
    – Internal administrative functions, including the generation of invoices, processing of recurring payments, debt recovery operations, and compliance reporting;
    – Enhancement and refinement of service quality, user experience, and product offerings through behavioral analysis, service usage statistics, and trend forecasting;
    – Direct and indirect marketing initiatives, including retargeting campaigns and conversion tracking, where permitted by applicable law or with the data subject’s consent;
    – Pre-contractual engagement, wherein data voluntarily submitted prior to formal subscription is used to assess service eligibility, initiate personalized communications, or propose alternative configurations;
    – Legal compliance, including data retention obligations and cooperation with competent authorities pursuant to valid legal requests.

  1. Disclosure and Data Recipients
    The Controller discloses data to third parties strictly under the terms of Article 28 GDPR (processors) and Article 44 et seq. GDPR (international transfers, where applicable). Data may be made accessible to the following entities, each of whom is contractually obligated to safeguard the data under data processing agreements:
    a. Magyar Telekom, acting as infrastructure provider and last-mile integrator for purposes of service provisioning, maintenance, and incident resolution;
    b. Stripe Payments Europe, Ltd., and affiliated entities involved in processing financial transactions, managing direct debit agreements, issuing payment receipts, and verifying payment authenticity;
    c. Google LLC, as operator of Google Analytics, used for monitoring anonymized user behavior, website performance, and aggregated statistical trends;
    d. Microsoft Corporation, specifically through the use of Microsoft Clarity, for session recording and interface interaction analysis.

    Where data is transferred outside the European Economic Area, the Controller ensures that such transfers are governed by the European Commission’s Standard Contractual Clauses (SCCs) or equivalent safeguards deemed legally adequate by relevant regulatory authorities.

  1. Cookies, Trackers, and Similar Technologies
    The Provider’s websites and web applications utilize first-party and third-party cookies, pixels, beacons, and other technologies to track, store, and retrieve information about browsing behavior and technical configurations. These technologies may be used for session management, feature personalization, performance optimization, and marketing attribution. The end user may exercise limited control over such technologies via browser settings; however, disabling such functions may impair service usability or accessibility.

  2. Data Retention Periods
    The Controller retains personal data no longer than is necessary for the realization of the purposes for which the data was collected, or for compliance with statutory obligations. The following retention periods are applied as general policy:
    – Data pertaining to active customers: retained for the duration of the contractual relationship and for up to two (2) years thereafter;
    – Data entered during incomplete checkout sessions: retained for up to sixty (60) calendar days following the most recent session activity;
    – Web analytics data and cookie-generated identifiers: retained for a period not exceeding twenty-six (26) months, unless regulatory exceptions apply.
    Deviations from these durations may occur in circumstances involving ongoing disputes, enforcement of legal claims, or as mandated by authorities.

  1. Rights of the Data Subject
    The data subject, subject to identification and the absence of overriding legal exceptions, has the following rights under Chapter III of the GDPR:
    – The right to obtain confirmation as to whether or not personal data concerning them is being processed;
    – The right to request access to such data and information regarding its origin, purpose, and recipients;
    – The right to request rectification or supplementation of inaccurate or incomplete data;
    – The right to request erasure of data, under the conditions laid down in Article 17 GDPR;
    – The right to restrict processing where accuracy is contested or legal disputes are pending;
    – The right to data portability, subject to technical feasibility and lawful basis;
    – The right to object to processing activities carried out under Article 6(1)(f) GDPR;
    – The right to withdraw consent at any time, without affecting the lawfulness of prior processing;
    – The right to lodge a complaint with the Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) or any other competent supervisory authority.

    All rights requests must be submitted in writing via the contact email stated above. A response will be provided within thirty (30) calendar days, unless extension is warranted under Article 12(3) GDPR.

  1. Data Security and Integrity
    The Controller implements appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data, including encryption, role-based access controls, physical security of server infrastructure, and continuous monitoring of system integrity. No method of transmission or storage is infallible, and residual risk remains despite best efforts.

  2. Revisions to the Policy
    This Privacy Policy may be amended, supplemented, or replaced at any time at the sole discretion of the Controller, without prior notification to the data subject. The most recent version of the policy will be accessible via the official website of the Provider. Continued use of the services shall constitute tacit acceptance of any modifications made.

  3. Governing Law and Jurisdiction
    This Privacy Policy and all associated data protection matters shall be governed exclusively by the laws of Hungary. Jurisdiction shall rest with the competent courts and data protection authorities of Hungary, unless otherwise required under overriding EU provisions.

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.