Privacy Policy

Publication of the Policy

This Policy is effective from January 1, 2026.

Designation of the Data Controller (hereinafter: Service Provider)

• Credo Digital Kft.
• Credo Digital Korlátolt Felelősségű Társaság
• E-mail: hello@credodigital.hu
• Tax Number: 33040792-2-06
• Company Registration Number: 06-09-031232
• Seat and Mailing Address: 6721 Szeged, Tímár utca 7.
• Statistical Code: 33040792-7311-113-06

Effective Legislation Related to Data Protection:

• Act CXII of 2011 on the Right to Informational Self-Determination and on Freedom of Information (hereinafter: Infotv.).
• Act CVIII of 2001 on certain issues of electronic commerce services and information society services (specifically Section 13/A).
• Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices against Consumers.
• Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Online Advertising Activity (specifically Section 6).
• Act XC of 2005 on Freedom of Information by Electronic Means.
• Act C of 2003 on Electronic Communications (specifically Section 155).
• Opinion 16/2011 on EASA/IAB recommendations regarding best practices for behavioral online advertising.

Anyone who accepts these contractual terms and recognizes them as binding upon themselves may be a Participant. Providing personal data is necessary for the use of the www.credodigital.hu website. The purpose of the data processing conducted on the website is the identification and registration of Participants, fulfillment of services, provision of discounts, documentation of purchases and payments, fulfillment of accounting obligations, communication, analysis of Participant habits, sending email newsletters containing economic advertisements to interested parties, and providing information about current news and offers.

The Participant must provide their name, phone number, email address, the subject of the inquiry, the body text, and, in the case of an invoice request, their billing data, which are indispensable for the order. None of the data provided by the Participant may be seen by any other Participant.

The Participant is obliged to verify the accuracy of the data and information provided during application and to signal any changes to the Service Provider before the start of the assignment, as the Service Provider cannot take responsibility for damages resulting from incorrect data. The Participant has the right to correct their data and to request the correction of incorrectly stated data that they cannot correct themselves from the Service Provider. The Participant may request information about the processing of their data.

The legal basis for data processing in all cases is the consent of the data subject. The Service Provider declares that it uses the information and data provided during application exclusively for its own internal tracking and administrative purposes and does not disclose it to other companies or third parties—unless required by law—and, if separate authorization was not given by the applicant during application, does not use it for marketing purposes.

In certain cases, especially regarding data mandatorily provided on the data sheet, data processing is a condition for using the site's services. If the Participant has consented to this during the purchase, the Service Provider is entitled to send electronic letters or advertisements for promotional purposes related to the purchase to the provided email address. If the Participant requests the deletion of their data via email, the Service Provider will delete the data from its system within 3 (three) business days.

The Service Provider makes processed data accessible to third parties only with the express consent of the data subject or based on a legal provision. The Service Provider reserves the right to utilize a data processor for certain technical operations.

The Service Provider takes all reasonably expected and necessary measures for the security of the data and ensures an appropriate level of protection against, in particular, unauthorized access, modification, transmission, disclosure, deletion, or destruction, as well as against accidental destruction and damage. The Participant may not engage in any activity that jeopardizes the IT security of the site or is directed toward the advertising of any product or service.

The Participant may not engage in any activity that jeopardizes the IT security of the site or is directed toward the advertising of any product or service.

Participants may turn directly to the Service Provider with their complaints and objections regarding data processing and the use of the site, which will do everything in its power to terminate and remedy eventual legal infringements.

The Service Provider strives for cooperation with Participants and the peaceful settlement of disputes.

The Service Provider does not guarantee the uninterrupted continuity of the service and cannot be held responsible for the suspension or termination of the service. During the operation of the site, the Service Provider strives to eliminate eventual disruptions or operational problems but cannot be held responsible for them. The Service Provider assumes no responsibility for the conduct of Participants.

The exclusion of liability under this point does not affect the Service Provider's liability arising from purchases, as it is based on civil law and rules regarding consumer protection.

If the Participant utilizes the Service Provider's service and purchases through the commercial page, a civil law relationship is established. In this case, the rules of civil law—especially those regarding warranty and the enforcement of claims—are also applicable to the processing of data.

The Participant may enforce their rights related to data processing before a court based on Act LXIII of 1992 on the Protection of Personal Data and the Publicity of Data of Public Interest, as well as the Civil Code, and may turn to the Hungarian Data Protection Commissioner with their complaint.

The Service Provider reserves the right to change this information at any time and will send written notification of eventual changes in a timely manner.

Hosting Provider:

• Data Controller: BlazeArts Kft.
• Website: www.forpsi.hu
• Address: 1096 Budapest, Thaly Kálmán utca 39.
• Data Processing Information: https://www.forpsi.hu/agreements
• Scope of Data: Contractual terms and policies.

Newsletter Software Provider:

Our newsletter is realized through the services of www.klaviyo.com. Therefore, it is important to familiarize yourself with the provider's privacy policy: https://privacy.klaviyo.com/policies/en

Klaviyo is committed to complying with the GDPR and has therefore updated several of its practices and data processing agreements to meet GDPR requirements.

• Data Controller: Klaviyo, Inc.
• Website: https://www.klaviyo.com
• Address: 125 Summer Street, Floor 6, Boston, MA 02111, USA
• Data Processing Technology: Information system.
• Scope of Data: Customers' usage data, name, email address.
• Legal Basis (GDPR reference): https://www.klaviyo.com/legal/data-processing-agreement

Subscription Terms

Initiating a subscription on the www.credodigital.hu website constitutes express acceptance of these subscription terms, meaning that by downloading free content and/or subscribing to the newsletter, the data subject gives express prior consent to receive electronic letters from the www.credodigital.hu website. These may contain information, aids, requests for opinions, notifications regarding website content, and in some cases, advertisements for the products and services of the operator and occasionally its business partners. Subscriptions initiated with a non-existent email address, email addresses of the newsletter-collecting type, or false data will be deleted from the database without warning and excluded from the circle of the website's newsletter readers.

Scope of Processed Data and Purpose of Data Processing

Scope of processed data: The name and email address provided by the data subject. The newsletter software also records the IP address and time of subscription upon subscribing. Purpose of data processing: Managing the email address provided upon subscription for the purpose of sending newsletters.

Legal Basis for Data Processing: Consent of the Data Subject

Subscription is voluntary. Personal data received upon subscription is handled confidentially and will not be disclosed to third parties under any circumstances. The subscription may be terminated at any time by clicking on the unsubscribe link found in any sent electronic letter.

Duration of Data Processing

From the voluntary provision of data until voluntary unsubscription by the data subject. The data subject may automatically withdraw their consent at any time by clicking on the "Unsubscribe" link found at the bottom of any sent newsletter.

Rights of the Data Subject Related to Data Processing

Right to Request Information, Correction, and Deletion

In every sent letter, there is a link for data modification and unsubscription. By clicking on the data modification link, the user can receive information about the personal data held about them without a separate request, which they can independently modify or correct. In every sent letter, there is an unsubscription link, through which the user can independently delete the personal data held about them without a separate request. Information, correction, or deletion can also be requested at the hello@credodigital.hu email address; the data controller will fulfill the request within 30 (thirty) days at the latest.

Right to Object

The data subject may object to data processing at the hello@credodigital.hu email address.

Legal Enforcement Opportunity Related to Data Processing

Complaint at the data controller: The data subject may describe in a letter of complaint sent to the hello@credodigital.hu email address if they believe a misuse of their data provided on the credodigital.hu website has occurred. The Data Controller will investigate the complaint within 30 (thirty) days at the latest. If the data subject does not agree with this, they have the right to turn to the National Authority for Data Protection and Freedom of Information.

• Name: Nemzeti Adatvédelmi és Információs Hatóság
• Seat: 1125 Budapest Szilágyi Erzsébet fasor 22/c.
• Mailing Address: 1530 Budapest, Pf.: 5.
• Phone: +36 (1) 391-1400
• Fax: +36 (1) 391-1410
• Website: https://naih.hu

Management of Cookies

The function of cookies is to collect information about visitors and their devices; they remember visitors' individual settings, which may be used, for example, when making online contact, so they do not have to be re-entered; they facilitate the use of the website and ensure a quality user experience. In the interest of customized service, a small data package, a so-called cookie, is placed on the user's computer and read back during later visits. If the browser returns a previously saved cookie, the cookie-managing provider has the opportunity to connect the user's current visit with previous ones, but exclusively regarding its own content.

The Website contains so-called remarketing tags for the purpose of building a remarketing list, so after their visit, third-party providers, including Google, may display advertisements on internet websites; these are so-called interest-based advertisements. Remarketing lists are not suitable for personal identification; they do not contain the visitor's personal data and only identify the browser software. Google uses cookies for remarketing tags. The Websites use so-called conversion tracking to measure the effectiveness of Google Adwords advertisements. The conversion tracking cookie only exists for a limited time; accepting it is not mandatory, and it does not record or use any personal information. The visitor may disable Google's cookie use in Google's Advertising Settings: https://www.google.com/settings/ads.

On the www.credodigital.hu website, buttons for Meta (Facebook, Instagram) and LinkedIn social media sites are accessible. These buttons also place cookies in the visitor's browser. Detailed information about Facebook's data processing guidelines can be found on the https://www.facebook.com/about/privacy website. The Website uses Facebook's so-called conversion tracking pixel to measure the effectiveness of Facebook advertisements. During conversion tracking, the visitor's personal data is not recorded. Disabling Google and Facebook cookies does not influence the use of the www.credodigital.hu website.

Strictly Necessary Session Cookies

The purpose of these cookies is to allow visitors to fully and smoothly browse the credodigital.hu website and use its functions and the services available there. The validity period of this type of cookie lasts until the end of the session (browsing), and upon closing the browser, these types of cookies are automatically deleted from the computer or other device used for browsing.

Third-Party Cookies (Analytics)

The anonymous visitor identifier (cookie) is a unique sequence of characters suitable for identification or storing profile information, which the web server places on the visitor's computer. Such a sequence of characters is not capable of identifying the visitor in itself; it is only suitable for recognizing the visitor's machine. It does not contain name, email address, or any other personal information. On the www.credodigital.hu website, Google Analytics is used as a third-party cookie. By using the Google Analytics statistical service, the website collects information regarding how visitors use the website. Acceptance of cookies is not necessary for browsing the Website, but the purchase (login) function does not work if the acceptance of cookies is disabled in the browser. Not only the Website sends a cookie to the visitor's browser, but a third-party, independent auditing service (Google Analytics) also measures the site's visitation with such a tool. Detailed information about the processing of measurement data can be found at the https://www.google.com/intl/hu/analytics website. The data is used for the purpose of developing the site and improving the user experience. These cookies also remain on the visitor's computer or other device used for browsing, in its browser, until their expiration or until the visitor deletes them.

Providing data – with the exception of promotional purposes – is necessary for the establishment of the contract and the provision of the service; without providing them, the provision of the service cannot be ensured.

Duration of Data Processing: In the case of data processed on the legal basis of fulfillment of a legal obligation, for the duration determined in the legislation serving as the basis for the obligation. In the case of data processing related to the fulfillment of the contract (including data processing based on legitimate interest), we store the data until the general civil limitation period expires after the termination of the contract. In the case of data processing occurring based on consent, until the withdrawal of consent, but at the latest until the termination of the contractual data processing (whichever comes first).

The legal basis for data processing based on legitimate interest is the legitimate interest of the data controller to improve the quality of its service and to have information regarding the actual use of the service in order to develop further products.

The data subjects (customers) have the right to access the data concerning them and to request the correction of eventually erroneously stored data. They have the right to withdraw the given consent (which does not affect the lawfulness of data processing before the withdrawal). The customer may request the withdrawal of consent at the customer service email address.

Furthermore, the data subject (customer) has the right to request the deletion of all personal data concerning them (or limited processing without deletion) in cases where the purpose of data processing has been fulfilled or its legal basis has ceased. Customers also have the right to object to data processing.

During data processing, profiling does not occur. The storage of data takes place within the EU throughout, except in the case of Klaviyo, who possess an active Privacy Shield certificate between the EU and the United States, so the activity is GDPR compatible: https://www.dataprivacyframework.gov/Program-Overview