GDPR / PRIVACY

Privacy Policy

This notice explains how we handle your personal data when you visit lunda.nortinia.com or use the contact form. Processing is governed by the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and the Hungarian Information Act (Act CXII of 2011). If anything is unclear, write to [email protected] — you'll get a plain-language answer.

Last updated: 20 May 2026

011. Data controller

The data controller is Nortinia Kft. This company decides what data we collect about visitors, for what purpose, and how long we keep it. Full corporate identification is on the Imprint page.

Legal nameNortinia Kft.
Registered seat1125 Budapest, Városkúti út 17/B., Hungary
Tax number22958451-2-43
Company number01-09-390508
Privacy contact[email protected]

022. What we collect and why

We only collect data that's genuinely needed to run the site and respond to your inquiry. We do not sell data to third parties and we do not profile visitors for advertising.

Server logs (IP, User-Agent, request time, status)Operational security, debugging, abuse prevention
Contact form (name, email, company, message)Processing your inquiry, scheduling a Lunda demo
Selected language and theme (cookie)User-experience personalisation
Anonymous analytics (opt-in)Only if you consent: page-performance measurement

033. Legal basis (GDPR Article 6)

The legal basis for processing depends on what you do on the site. The table below lays it out unambiguously.

Server logsGDPR 6(1)(f) — legitimate interest (operational security)
Contact formGDPR 6(1)(b) — pre-contractual steps / GDPR 6(1)(a) — consent
Functional cookies (language, theme)GDPR 6(1)(f) — strictly necessary, legitimate interest
Analytics cookiesGDPR 6(1)(a) — explicit consent (opt-in)
Invoicing (if you become a customer)GDPR 6(1)(c) — legal obligation (HU Accounting Act)

044. Retention period

We keep data only as long as it serves its purpose. After that we delete it automatically or in a quarterly audit cycle.

Server logs30 days (rotated)
Contact-form messages12 months after the inquiry is closed, or immediately upon deletion request
Customer contractual data5 years after contract termination (legal obligation)
Invoicing records8 years (Accounting Act § 169(2))
Cookie consent state12 months, then we ask again

055. Data processors

A few technical partners have access to visitor data so that they can deliver their service to us, but each is a contractual data processor and may only handle data on our instructions. None of them resells data for their own commercial purposes.

Cloudflare, Inc. (CDN, DDoS protection, TLS)USA / EU region — Standard Contractual Clauses
Sentry (error logging, optional)EU region
Email provider (contact-form delivery)EU region
Nortinia NIP Platform (self-hosted Kubernetes, hosting)Budapest, Hungary

066. Transfers to third countries

Where transfer to a third country (e.g. the USA) may occur — typically via the Cloudflare CDN — we rely on the appropriate safeguard under GDPR Article 46 (Standard Contractual Clauses). Personal data received through the contact form is NOT transferred outside the EEA.

077. Your rights (GDPR Articles 12-22)

You have the following rights regarding your data. Exercising each is free of charge. Write to [email protected] and we'll respond within 30 days at the latest.

Right of access (Art. 15)Ask us what data we hold about you.
Right to rectification (Art. 16)Ask us to correct inaccurate data.
Right to erasure (Art. 17, 'right to be forgotten')Ask us to delete your data unless legally retained.
Right to restriction (Art. 18)Ask us to pause processing while a dispute is open.
Right to portability (Art. 20)Receive your data in a structured form (JSON / CSV).
Right to object (Art. 21)Object to processing based on legitimate interest.
Right to withdraw consentIf consent-based, you may withdraw it at any time.

088. Filing a complaint

If you believe our handling violates your rights, you can file a complaint with the Hungarian National Authority for Data Protection (NAIH, 1055 Budapest, Falk Miksa utca 9-11., [email protected], naih.hu). Before going there, please reach out to us — 90%+ of complaints get resolved with a single email exchange.

099. Security measures

Your data is protected in transit with TLS 1.3 encryption, contact-form messages are stored encrypted at rest, access is gated by two-factor authentication, and the entire infrastructure is managed by an auditable GitOps pipeline. In the event of a personal-data breach we will notify affected data subjects and NAIH within 72 hours where the breach poses a high risk.

1010. Contact

For any privacy-related question reach out at [email protected] or by phone at +36 20 492 5378. By post: Nortinia Kft., 1125 Budapest, Városkúti út 17/B., Hungary.

← Back to home