Privacy Policy

Effective: 25 May 2018.

1. Introduction
Datahouse Ltd. is committed to protecting the personal data of its clients and partners, and considers it particularly important to respect its clients’ right to informational self-determination. Personal data is handled confidentially, and all necessary security, technical and organizational measures are taken to ensure data security.

Datahouse Ltd., as data controller and data processor, acknowledges the contents of this legal notice as binding upon itself. It undertakes to ensure that all data processing related to its activities complies with the requirements set out in this policy and applicable legislation. Its data processing principles comply with applicable data protection laws, in particular:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR)
• Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information
• Act V of 2013 on the Civil Code
• Act CVIII of 2001 on Electronic Commerce Services
• Act C of 2003 on Electronic Communications
• Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising

Datahouse Ltd. reserves the right to amend this policy at any time. Users will be notified of any changes in due time.

Controller details:
Company name: DATAHOUSE Ltd.
Registered office: 1171 Budapest, Óvónő utca 52.
Site: 1171 Budapest, Óvónő utca 52.
Website: www.carinfo.hu, www.carinfoeu.com
Contact person: István Bisztriánszky
Phone: +36 1 253 0030
E-mail: data@datahouse.hu

2. Purpose, legal basis and duration of data processing
Datahouse Ltd. processes personal data for the following purposes and legal bases:

2.1. Users
The processed data is necessary for fulfilling contracts related to services, analyses and reports provided by Datahouse Ltd.
Scope of data:

• Contact details (name, email address, phone number, gender)
• Service-related identification data (position, role, field of expertise)

Legal basis: GDPR Article 6(1)(b) – performance of a contract
Retention period: 1 year after the last performance of the contract.

2.2. Contacts
Data is required for contracts, preparation, execution, invoicing and closing of services.
Scope of data:

• Contact details (name, email, phone, gender)
• Company relationship details (position, role, field, relationship type)

Legal basis: GDPR Article 6(1)(f) – legitimate interest
Retention: 8 years after contract completion.

2.3. Requests via email or forms
Data is used to provide information or test access. If unrelated to services, it is deleted immediately.
Services are not intended for persons under 16. If such data is collected, it will be deleted promptly.
Scope:

• Contact data (name, email, phone, position)

Legal basis: GDPR Article 6(1)(b)
Retention: 6 months after communication ends.

2.4. Billing and contract-related data
Primarily for legal entities; if personal data is involved:

• Invoice data (name, address, email)

Legal basis: GDPR Article 6(1)(c)
Retention: 8 years.

3. Other data processing
Additional processing will be communicated at the time of data collection. Authorities may request data where required by law. Only necessary data will be provided.

4. Data processing
Subcontractors may access user data for technical and operational purposes. Processing is governed by written contracts, and confidentiality is required.

5. Server logging
Web servers automatically log user activity.
Purpose: service monitoring, personalization, fraud prevention.
Data: ID, date, visited pages, IP address.

6. Cookie management
Cookies are small text files stored by websites.
They may be persistent or session-based.

Stored cookies:

Cookie name	Browser name	Description	Lifetime
Session support	CISESSION	Required for navigation and secure access.	Session
Google Analytics	__utma, etc.	Anonymous usage statistics.	See Google documentation
Cookie acceptance	ACCEPTED_COOKIES	Stores consent status.	1 year

7. Data security
We apply appropriate technical and organizational measures to protect personal data. Systems are protected against unauthorized access, data loss, and cyber threats.

8. Your rights

You have the right to:

• Request information about your data
• Request correction
• Request deletion
• Request restriction
• Object to processing

Requests are handled within 25 days.

9. Legal remedies
You may turn to a court or authority if your request is denied. You may also contact the Hungarian Data Protection Authority (NAIH).