SKUBI PRIVACY POLICY

Data Controller Identification

• Data Controller Name: Skubi Research Kft.
• Registration Number: 01-09-428731
• Registered Address: 1054 Budapest, Honvéd Street 8. 1st floor, door no. 2
• Email Contact: atti@skubi.io
• Representative: Attila Miklya, Managing Director

Newsletter Subscription

You have the option to subscribe to our newsletter service to receive updates on the products, services, events, and other news related to Skubi Research Kft. The newsletter is sent bi-monthly. We only process your name and email address for this purpose, and no other data is collected.

You may unsubscribe at any time during the data processing by emailing us at atti@skubi.io or by clicking the unsubscribe link included in the newsletter.

Website Visit Logging

During visits to the websites operated by Skubi Research Kft., the following data is automatically logged:

• Visitor's IP address
• Time of the visit
• URL of visited pages
• This information is used exclusively for technical purposes such as:
• Investigating errors
• Improving system security
• Identifying misuse

These data are automatically deleted within two months. No personally identifiable cookies are used on our websites.

Customer Registration and Orders

Use of our services is only possible after registration. The purpose of data processing includes:

• Fulfilling orders
• Providing services
• Maintaining contact with customers
• Complying with legal obligations
• Processed data:
• Username
• Password
• Full name
• Home address
• Phone number
• Email address
• In some cases: ID document number required for domain registration

Data retention:

• Up to 5 years for contractual data
• Up to 8 years for accounting documents

Newsletter Distribution

• Purpose: Regular email-based updates about Skubi Research Kft.'s services, products, events, and other relevant news.
• Processed Data: Name, email address
• Legal Basis for Processing:
• Voluntary consent of the data subject under Article 6(1)(a) of the GDPR
• Or legitimate interest under Section 6(5) of Act XLVIII of 2008
• Duration of Data Processing:
• Based on consent: Until the consent is withdrawn
• Based on legitimate interest: Until the data subject objects
• Data Storage Deadline: Until an unsubscribe request is made
• Storage Method: Electronically

You may withdraw your consent or exercise your right to object at any time by clicking the unsubscribe link in the newsletter or by emailing atti@skubi.io.

Customer Support Contact

During customer service activities, personal data submitted via email, phone, online forms, or chat will be recorded and stored for a maximum of 5 years. Purpose: handling inquiries and ensuring traceability.

Data processors

Please see detailed information on the data processors listed at each data control below.

DigitalOcean, LLC
Cloud Infrastructure Provider
Registered Address: 101 6th Ave, New York, NY 10013, USA

KBOSS.hu Kft. (Számlázz.hu)
Invoicing Provider
Registered Address: 7 Záhony Street, Budapest 1031, Hungary
Company Registration Number: 01-09-303201
Telephone: +36 30 35 44 789

Stripe, Inc.
Payment Provider
Registered Address: 510 Townsend St, San Francisco, CA 94103, USA

Paddle.com Market Limited
Merchant of Record
Registered Address: Judd House, 18-29 Mora Street, London, EC1V 8BT, UK

Hotjar Ltd.
Analytics and User Feedback
Registered Address: Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville, St Julian's STJ 3141, Malta

Crisp IM
Customer Messaging Platform
Registered Address: 2 Boulevard de Launay, Nantes 44100, France

Supabase Inc.
Backend-as-a-Service Provider
Registered Address: 3500 S. DuPont Highway, Dover, Kent 19901, Delaware, USA

HighLevel Inc.
Marketing Automation Platform
Registered Address: 400 North Saint Paul St., Suite 920, Dallas, Texas 75201, USA

Alphabet Inc.
Parent Company of Google
Registered Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data Subject Rights

Right to Information

You have the right to request information about how your personal data is processed, and to request correction or — except for data required by law — deletion of your personal data via the contact methods listed.

The company is required to forward your request or objection within 3 days to the organizational unit responsible for the matter.

The responsible unit must respond in writing within:

25 days from the request's receipt

15 days for objections

The response must be in plain language. If the issue is unclear, the responsible unit may request an opinion from the data protection officer within 3 days.

The information provided includes the details listed in Article 15(1) of the GDPR, except where restricted by law. The company ensures that all information referred to in Articles 13, 14, and 15-22 and 34 of the GDPR is provided in a concise, transparent, understandable, and accessible format.

Information may be given in writing or electronically. Verbal communication is allowed if the data subject's identity is verified.

By default, the information is provided free of charge. The company may only charge a fee in cases defined in Article 12(5)(a) of the GDPR.

Requests may only be refused under the conditions of Article 12(5)(b), and only with justification in writing.

Right to Rectification or Erasure ("Right to be Forgotten")

Inaccurate data will be corrected by the responsible unit, provided the necessary documents are submitted. Under Article 17 of the GDPR, personal data must be erased without undue delay when:

• The data is no longer needed for its original purpose
• The data subject withdraws consent and no other legal basis exists
• The data subject objects to the processing and no overriding legitimate grounds exist
• The data was processed unlawfully
• The data was collected in relation to services offered to children under 16

If the data was made public, reasonable steps will be taken to inform other controllers to delete links, copies, or reproductions of the data

Right to Object

You may object to the processing of your personal data at any time, especially if:

The data processing is solely for fulfilling the Data Controller's legal obligations or pursuing legitimate interests

The data is used for direct marketing, opinion polling, or scientific research

Upon receiving your objection, the Data Controller will suspend data processing for a maximum of 5 days to examine the case and will notify you of the decision per Article 19 of the GDPR.

If the objection is justified, processing (including further collection or transfer) will cease, data will be locked, and all recipients of the data will be informed to enforce your objection.

If you disagree with the decision, or if there is no response within the deadline, you may initiate court proceedings within 30 days.

If the data recipient requires the data that cannot be transferred due to your objection, they may bring the matter before court within 15 days.

The Data Controller cannot delete data where processing is legally mandated. However, the data cannot be transferred if the objection is upheld by the controller or a court.

Right to Restrict Processing

• You may request data processing to be restricted if:
• You contest the accuracy of the personal data (restriction lasts while verification is pending)
• Processing is unlawful but you oppose erasure and request restricted use instead
• The controller no longer needs the data but you require it for legal claims
• You objected to processing pending a decision on whether legitimate grounds override your rights

While restricted, data can only be stored and used with your consent or for legal claims, protecting others' rights, or for important public interest. You will be notified before the restriction is lifted.

Right to Data Portability

The data processing activities described in this privacy policy do not involve scenarios requiring data portability.

Automated Individual Decision-Making, Including Profiling

Skubi Research Kft. does not carry out automated decision-making, including profiling, during its data processing activities.

Right to Compensation for Unlawful Data Processing

If unlawful processing or security failures cause harm, the Data Controller or data processor must compensate the affected party for damages or violations of personality rights.

The controller is exempt from liability if the damage or violation was caused by an unavoidable external cause. No compensation is due if the damage was caused intentionally or by gross negligence on the part of the affected person.

Right to Legal Remedy

You may submit complaints or legal remedies directly to the company's data protection officer (Attila Miklya, atti@skubi.io), or to the:

National Authority for Data Protection and Freedom of Information (NAIH)

Address: 1055 Budapest, Falk Miksa Street 9-11

Mailing address: 1363 Budapest, P.O. Box 9

Alternatively, you may appeal to the competent court based on your residence or place of stay.

You may bring court proceedings against the Data Controller or, in the case of the processor's data handling, against the processor, if you believe your personal data has been processed in violation of applicable data protection regulations. The court must act in an expedited manner.