We use cookies to improve your experience on our site. By using our site, you consent to the use of cookies. Rejecting cookies will prevent non-essential cookies from loading. Learn more
Privacy Policy
Effective date: 24 February 2026 Valid until: withdrawal or amendment
1. Data Controller Details
Data Controller: Kajuha Olivér József (sole trader / sole proprietor) Registered address: 3700 Kazincbarcika, Kikelet köz 5. 4/4., Hungary Tax number: 91465597-1-25 Phone: +36 70 537 7368 Email:[email protected]
This Privacy Policy (the “Policy”) explains how Kajuha Olivér József (the “Data Controller”) collects and processes personal data in connection with enquiries submitted through the website questionnaire / lead form, contact requests, and related consultation or follow-up communication.
The Data Controller processes personal data in accordance with applicable data protection laws, including Regulation (EU) 2016/679 (GDPR).
This Policy explains:
what personal data is collected,
why it is collected,
the legal basis for processing,
how long data is kept,
who data may be shared with,
and what rights individuals have under the GDPR.
3. Definitions
Terms used in this Policy (including but not limited to personal data, processing, data controller, data processor, data subject, and personal data breach) have the meanings set out in the GDPR.
4. Principles of Data Processing
The Data Controller processes personal data in accordance with the following GDPR principles:
Lawfulness, fairness and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability
Personal data is only processed to the extent necessary for the relevant purpose and only for as long as necessary.
5. What Personal Data We Process
5.1 Service enquiry, contact request and consultation scheduling (via questionnaire / form)
Who this applies to This applies to natural persons (including business representatives) who complete the website questionnaire or form to request contact, enquire about services, or arrange a consultation / call.
Purpose of processing
communication and follow-up,
assessing needs and eligibility,
presenting services and preparing an offer,
arranging a consultation or call,
taking steps at the request of the data subject prior to entering into a contract.
Categories of personal data processed (as applicable)
whether the person is the owner/manager of a roofing company,
capacity-related answers (e.g. ability to take on more jobs),
current client acquisition sources (e.g. online ads, referrals, SEO, other),
advertising budget-related response,
openness to new ideas,
form submission timestamp
technical/log data (such as IP address), where recorded by the systems used
Legal basis for processing
Article 6(1)(b) GDPR – processing is necessary to take steps at the request of the data subject prior to entering into a contract (e.g. enquiry, consultation request, service discussion)
Article 6(1)(f) GDPR – legitimate interests of the Data Controller (e.g. system security, misuse prevention, technical logging)
Article 6(1)(a) GDPR – consent, where a specific processing activity is based on consent
Nature of data provision Providing personal data is voluntary. However, if required fields are not completed, the Data Controller may be unable (or only partially able) to respond to the enquiry or contact the data subject.
Retention period
enquiry/contact data: up to 12 months from the date of contact where no contract is concluded;
if a contract is concluded, relevant data may be retained for as long as necessary for contract performance and compliance with legal obligations;
where processing is based on consent, data is processed until consent is withdrawn or the purpose no longer exists (whichever occurs first).
Processing workflow (summary) The data subject submits information through the website questionnaire/form. The Data Controller reviews the submission, uses it to assess the enquiry, and contacts the data subject to discuss services and/or arrange a consultation.
6. Data Security
The Data Controller implements appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, destruction, accidental loss or damage.
Such measures may include, where appropriate:
access control and authorisation management,
password protection and account security measures,
logging and monitoring,
use of trusted service providers,
incident handling procedures.
Access to personal data is limited to persons who need it to perform their tasks.
7. Data Sharing, Transfers and Recipients
The Data Controller may transfer or make available personal data only to the partners / processors specified in this section, and to courts or authorities where required by law or upon a lawful request.
The Data Controller enters into written agreements with processors involved in data processing, covering the required data protection obligations in accordance with applicable law.
7.1 Processors / contractual partners involved in data processing
The Data Controller uses the following service providers/processors in connection with website/funnel operation, lead collection, contact management and related processes:
The Data Controller may use HighLevel Inc. to collect questionnaire submissions, store lead/contact details, manage follow-up communication and support consultation/contact workflows.
Meta Platforms Ireland Limited and/or Meta Platforms, Inc. (if Meta Pixel is used)
Where Meta Pixel is used, related tracking technologies and consent requirements are addressed in the separate Cookie Policy.
7.2 International data transfers (outside the EEA)
As certain service providers (including, where applicable, HighLevel Inc. and/or Meta group entities) may process personal data outside the European Economic Area (EEA), personal data may be transferred to a third country, including the United States.
Where such transfers occur, the Data Controller seeks to ensure that appropriate safeguards are in place in accordance with the GDPR (such as standard contractual clauses or other lawful transfer mechanisms, where applicable).
7.3 Disclosures to authorities
The Data Controller may disclose personal data to courts, supervisory authorities, law enforcement authorities or other public bodies if required by applicable law or a legally binding request.
8. Data Subject Rights
Data subjects have the following rights under the GDPR, subject to applicable legal conditions and limitations:
right to be informed
right of access
right to rectification
right to erasure
right to restriction of processing
right to data portability
right to object
right to withdraw consent (where processing is based on consent)
right to lodge a complaint with a supervisory authority
right to an effective judicial remedy
The Data Controller responds to requests without undue delay and, in any event, within one month of receiving the request. This period may be extended by up to two additional months where necessary, taking into account the complexity and number of requests.
8.1 Right to be informed
Data subjects have the right to receive clear, transparent and accessible information about how their personal data is processed.
8.2 Right of access
Data subjects have the right to obtain confirmation as to whether personal data concerning them is being processed and, where that is the case, to access that personal data and related information.
8.3 Right to rectification
Data subjects have the right to request correction of inaccurate personal data and completion of incomplete personal data.
8.4 Right to erasure (“right to be forgotten”)
Data subjects may request deletion of personal data where one of the GDPR grounds applies (for example, where the data is no longer needed, consent is withdrawn and no other legal basis exists, or the data has been unlawfully processed), subject to applicable legal exceptions.
8.5 Right to restriction of processing
Data subjects may request restriction of processing in certain circumstances, including where accuracy is contested, processing is unlawful but deletion is opposed, or an objection is pending verification.
8.6 Right to notification regarding rectification, erasure or restriction
Where applicable, the Data Controller will communicate rectification, erasure or restriction of processing to recipients to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
8.7 Right to data portability
Where processing is based on consent or contract and carried out by automated means, data subjects may request to receive their personal data in a structured, commonly used and machine-readable format and may request transmission to another controller where technically feasible.
8.8 Right to object
Where processing is based on legitimate interests, data subjects have the right to object at any time, on grounds relating to their particular situation.
Where personal data is processed for direct marketing purposes, data subjects have the right to object at any time to such processing (including related profiling). If they object, the personal data will no longer be processed for direct marketing purposes.
8.9 Automated decision-making and profiling
The Data Controller does not make decisions based solely on automated processing (including profiling) that produce legal effects concerning the data subject or similarly significantly affect them.
However, the website may use marketing/analytics tools (such as Meta Pixel) that may involve limited profiling or audience measurement for advertising performance purposes, subject to applicable consent requirements.
8.10 Right to be informed about a personal data breach
Where a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, affected data subjects will be informed without undue delay, in accordance with applicable legal requirements.
8.11 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement.
8.12 Right to an effective judicial remedy
Without prejudice to any available administrative or non-judicial remedy, data subjects have the right to an effective judicial remedy where they consider that their rights under the GDPR have been infringed.
9. Supervisory Authorities
Hungarian Supervisory Authority (NAIH)
National Authority for Data Protection and Freedom of Information (NAIH) Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary Postal address: 1363 Budapest, Pf. 9., Hungary Phone: +36 1 391 1400 Email: [email protected] Website: www.naih.hu
Irish Supervisory Authority (for users in Ireland)
Data Protection Commission (DPC), Ireland Website: www.dataprotection.ie
10. Contact for Privacy Requests
Requests relating to personal data processing and the exercise of data subject rights may be submitted:
By post: 3700 Kazincbarcika, Kikelet köz 5. 4/4., Hungary
By phone: +36 70 537 7368 (please note that privacy-related requests may require written confirmation/identification)
11. Changes to This Privacy Policy
The Data Controller reserves the right to amend this Privacy Policy at any time. The updated version becomes effective upon publication on the website.