Privacy Policy
Effective from: 1 June 2016
1. Data controller name and contact details
| Company | Cégem 360 Kft. |
| Registered office | 1051 Budapest, Széchenyi István tér 7-8. |
| Company reg. no. | 01-09-303498 |
| Tax number | 14286249-2-43 |
| Privacy contact | Tóth Tamás |
| info@cegem360.hu | |
| Phone | +36 20 331 9550 |
| Website | https://cegem360.hu |
Privacy contact
Cégem 360 Kft. is not required to appoint a Data Protection Officer (DPO) under GDPR Article 37, as it does not carry out large-scale, regular, and systematic monitoring, and does not process special categories of data as a core activity.
For questions, requests, and complaints related to data protection, please contact us only at:
Tamás Tóth (privacy contact)
E-mail: tamas@cegem360.hu
Phone: +36 20 331 9550
2. Legal basis and scope of this notice
This Privacy Policy applies to all data processing activities of the https://cegem360.hu website and Cégem 360 Kft., including the website, newsletter sending, B2B marketing, invoicing, and customer record-keeping.
Legal bases of processing:
- Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
- Hungarian Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Infotv.)
- Hungarian Act CVIII of 2001 on Electronic Commerce Services (Eker. tv.)
- Hungarian Act XLVIII of 2008 on the Basic Conditions of Economic Advertising Activity (Grtv.)
- Hungarian Act C of 2000 on Accounting (Szt.)
3. Detailed presentation of data processing activities
3.1. Contact and quote-request form
| Data processed | Name, e-mail address, phone number, company name, message content |
| Purpose | Answering the inquiry, preparing a quote, preparing for contract conclusion |
| Legal basis | GDPR Article 6(1)(a) (consent) and (b) (pre-contractual measures) |
| Retention period | 5 years from case closure; in case of contract conclusion, 5 years from contract termination |
| System involved | Notion (CRM), e-mail |
3.2. Newsletter subscription (voluntary, for individuals)
| Data processed | Name, e-mail address, time of subscription, IP address (for technical purposes) |
| Purpose | Sending informational and promotional electronic messages |
| Legal basis | GDPR Article 6(1)(a) (voluntary, prior consent) in line with Article 6 of the Hungarian Advertising Act (Grtv.) |
| Retention period | Until unsubscribe; data is deleted immediately after unsubscribe |
| Unsubscribe | Via the unsubscribe link in every newsletter, free of charge at any time |
| System involved | Zoho Campaigns (see chapter 5) |
3.3. B2B direct marketing — corporate data sourced from a third party (OPTEN Kft.)
| Data processed | Corporate e-mail address (as listed in the Hungarian company registry or supplementary corporate information database) |
| Source of the data | OPTEN Kft. (1138 Budapest, Népfürdő utca 22., Duna Tower; tax no.: 12012187-2-41) — corporate marketing list containing publicly available or officially sourced contact data of Hungarian businesses. Our company holds a valid subscription to OPTEN's Marketing module and Email-address add-on services. |
| Purpose | B2B (business-to-business) marketing communications: tender opportunities, digitalization services, website development |
| Legal basis | GDPR Article 6(1)(f) — Legitimate interest: B2B marketing data processing, in line with GDPR Recital 47 and Section 6 of Hungarian Advertising Act (Grtv.). Processing only targets corporate contact details of businesses, not individuals. |
| Retention period | Until objection or unsubscribe; thereafter the e-mail address is deleted immediately |
| Objection / deletion | Every message contains an unsubscribe option (Unsubscribe link); upon written objection (info@cegem360.hu), data is deleted immediately |
| System involved | Zoho Campaigns; OPTEN database |
Please note that if you have any objection regarding the legal basis of this processing or the message received, you have the right to object (GDPR Art. 21) or request deletion (GDPR Art. 17) at info@cegem360.hu. We respond to objections within 30 days.
3.4. Invoicing and accounting obligations
| Data processed | Billing name, address, tax number, e-mail address, ordered service, payment amount |
| Purpose | Fulfilling legal obligations: invoice issuance, accounting |
| Legal basis | GDPR Article 6(1)(c) — legal obligation (Hungarian VAT Act, Accounting Act) |
| Retention period | 8 years (Section 169 of the Hungarian Accounting Act) |
| System involved | Billingo (see chapter 5) |
3.5. Customer relationship management (CRM)
| Data processed | Name, e-mail address, phone number, company name, project communication, quotes, contractual data |
| Purpose | Recording customers and prospects, project tracking, communication |
| Legal basis | GDPR Article 6(1)(b) (contract performance) and (f) (legitimate interest: customer relationship management) |
| Retention period | 5 years from termination of the business relationship |
| System involved | Notion (see chapter 5) |
3.6. Cookies and web analytics
Detailed information on the cookies and analytics tools used on the website is available in our Cookie Policy.
| Technical (session) cookies | Legal basis: legitimate interest (GDPR Art. 6(f)); no consent required |
| Google Analytics (_ga, _ga_*) | Legal basis: consent (GDPR Art. 6(a)); transfer: Google LLC (under EU–US Data Privacy Framework and SCCs) |
| Google Ads conversion tracking (_gcl_au) | Legal basis: consent; transfer: Google LLC |
| Meta pixel (_fbp) | Legal basis: consent; transfer: Meta Platforms Ireland Ltd. |
3.7. LinkedIn social media
| Data processed | Publicly available LinkedIn profile data (if contact is initiated) |
| Purpose | B2B networking, business communication |
| Legal basis | GDPR Article 6(1)(f) (legitimate interest); LinkedIn's own data processing terms also apply |
| Note | Data processing on our LinkedIn pages is governed by LinkedIn Ireland Unlimited Company's own privacy policy |
4. Rights of data subjects
Under the GDPR, you may exercise the following rights regarding the processing of your data:
| Access (Article 15) | You may request information on what personal data Cégem 360 Kft. processes about you, the purposes and legal bases, recipients, and retention period |
| Rectification (Article 16) | You may request rectification of inaccurate or incomplete personal data |
| Erasure (Article 17) | You may request deletion of personal data if processing purpose has ended, consent is withdrawn, or your objection was successful |
| Restriction (Article 18) | You may request suspension of processing, e.g., when accuracy is contested |
| Data portability (Article 20) | In the case of consent-based or contract-based processing, you may request your data in machine-readable format |
| Objection (Article 21) | You may object at any time to processing based on legitimate interest (e.g., B2B marketing); upon objection we cease processing unless compelling legitimate grounds exist |
| Withdrawal of consent | For consent-based processing (e.g., newsletter), consent can be withdrawn at any time; withdrawal does not affect lawfulness of prior processing |
Submitting requests: To exercise your rights, contact us at tamas@cegem360.hu. We respond to incoming requests within 30 days at the latest; in justified cases this may be extended to 60 days, of which we will notify you.
5. Data processors and third parties
We share your personal data with the following processors only for the indicated purpose, to the extent necessary:
5.1. Hosting provider
| Company | Tárhely.Eu Szolgáltató Korlátolt Felelősségű Társaság |
| Registered office | 1144 Budapest, Ormánság utca 4. X. em. 241. |
| Company reg. no. | 01-09-909968 |
| Tax number | 14571332-2-42 |
| Website | https://tarhely.eu |
| Processing purpose | Hosting service for the website and e-mail infrastructure; the processor acts under a GDPR Article 28 data processing agreement |
| Data processed | All data stored on the web server (visitor log files, uploaded content, e-mail traffic) |
| Storage country | Hungary (EU) |
5.2. Invoicing software
| Company | Billingo Technologies Zártkörűen Működő Részvénytársaság |
| Registered office | 1031 Budapest, Záhony utca 7. |
| Company reg. no. | 01-10-140802 |
| Tax number | 27926309-2-41 |
| Website | https://billingo.hu |
| Processing purpose | Issuance and storage of electronic invoices to fulfill accounting law obligations |
| Data processed | Billing name, address, tax number, e-mail address, ordered service, amount |
| Storage country | EU (Amazon Web Services EMEA SARL, Luxembourg) |
5.3. Newsletter sending system
| Company | Zoho Corporation BV |
| Registered office (EU representative) | Beneluxlaan 4B, 3527 HT Utrecht, Netherlands |
| Website | https://www.zoho.com/campaigns/ |
| DPO contact | dpo@zohocorp.com |
| Processing purpose | Sending and managing e-mail newsletter campaigns (voluntary subscribers and B2B marketing lists) |
| Data processed | E-mail address, name, open and click statistics |
| Transfer guarantee | EU–Zoho data processing takes place under EU Standard Contractual Clauses (SCC); Zoho operates an EU data center (GDPR DPA available at legal@zohocorp.com) |
5.4. Source of B2B marketing list
| Company | OPTEN Informatikai Korlátolt Felelősségű Társaság |
| Registered office | 1138 Budapest, Népfürdő utca 22., Duna Tower, 'B' tower, 11th floor |
| Tax number | 12012187-2-41 |
| Website | https://opten.hu |
| Role | OPTEN Kft. provides a B2B marketing list based on the corporate registry and supplementary data of Hungarian businesses. OPTEN acts as an independent controller for its own activities; Cégem 360 Kft. uses the data only for B2B marketing. |
| Legal basis | GDPR Article 6(1)(f) (legitimate interest — B2B direct marketing) |
5.5. CRM — Customer record-keeping
| Company | Notion Labs, Inc. |
| Registered office | 2300 Harrison Street, San Francisco, CA 94110, USA |
| Website | https://www.notion.so/privacy |
| Processing purpose | Recording customers and projects for internal CRM purposes |
| Data processed | Customer data: name, e-mail, phone number, company name, project notes |
| Transfer guarantee | Notion ensures GDPR compliance under EU Standard Contractual Clauses (SCC); Notion GDPR DPA available at: notion.so/gdpr-dpa |
5.6. Web analytics and advertising systems
| Provider | Purpose | Basis of transfer |
|---|---|---|
| Google LLC (USA) | Google Analytics (visitor stats), Google Ads (conversion tracking) | EU–US Data Privacy Framework (DPF) and Standard Contractual Clauses |
| Meta Platforms Ireland Ltd. (Ireland / USA) | Meta pixel (ad effectiveness measurement) | Standard Contractual Clauses |
| LinkedIn Ireland Unlimited Company (Ireland) | LinkedIn company page management | EU member-state controller; LinkedIn's own privacy policy applies |
5.7. Legal representation
| Law firm | Bangó Ügyvédi Iroda |
| Lead attorney | Dr. Bangó Zoltán |
| Registered office | 1052 Budapest, Szervita tér 8. |
| Phone | +36 30 910 5293 |
| Website | https://www.bango-lawfirm.com |
| Note | The law firm accesses personal data under attorney-client privilege, only to the extent necessary for legal representation |
6. Data security
Under GDPR Article 32, Cégem 360 Kft. applies appropriate technical and organizational measures to protect personal data, including:
- SSL/TLS encryption on the website and in e-mail communication
- Access control: only authorized employees may access personal data
- Regular security backups
- Strong password management and two-factor authentication on the relevant systems
- Data processing agreements with processors (GDPR Article 28)
In case of a personal data breach, our company notifies the NAIH within 72 hours under GDPR Article 33, where the breach is likely to result in a risk to the rights and freedoms of natural persons.
7. Data transfer to third countries
Some processors (Google, Meta, Notion, Zoho) may store or process data outside the European Economic Area (EEA), particularly in the United States. Our company ensures the lawfulness of such transfers through the following mechanisms:
- EU Standard Contractual Clauses (SCC) — contractual safeguards approved by the EU Commission (Zoho, Notion)
- EU–US Data Privacy Framework (DPF) — for Google and Meta, which are certified participants of the framework
8. Remedies
If you believe your rights have been infringed in connection with the processing of your personal data, or your request has not been fulfilled adequately, the following options are available:
Supervisory authority
| Authority name | Hungarian National Authority for Data Protection and Freedom of Information (NAIH) |
| Postal address | 1363 Budapest, Pf. 9. |
| Visiting address | 1055 Budapest, Falk Miksa utca 9–11. |
| Phone | +36 1 391 1400 |
| ugyfelszolgalat@naih.hu | |
| Website | https://naih.hu |
Judicial remedy
You may also turn to court against the controller under Section 22 of the Hungarian Infotv. and the Civil Code. The action may also be brought before the regional court competent at your place of residence or stay.
Our legal representation
You may submit your legal claims directly to Bangó Ügyvédi Iroda (1052 Budapest, Szervita tér 8.; phone: +36 30 910 5293; bango-lawfirm.com).
9. Amendments to this notice
Cégem 360 Kft. reserves the right to amend this notice at any time. The amended notice enters into force on publication on the website. In the case of significant amendments, newsletter subscribers will be notified by e-mail.
Earlier versions: archived versions are available on request at info@cegem360.hu.
© 2026 Cégem 360 Kft. | Effective: 1 June 2016 | Imprint | Cookie Policy | General Terms and Conditions