Privacy notice
1. The data controller
The data controller (hereinafter: Controller) is identified on the Imprint page.
2. Data processed and purpose
2.1 Contact form (lead form)
| Data processed | name, email address, company name (optional), inquiry topic, message, current website URL (if provided), IP address, submission timestamp |
|---|---|
| Purpose | contact, providing a quote, preparing for contract conclusion |
| Legal basis | GDPR Art. 6(1)(b), pre-contractual steps; and (f), legitimate interest (responding to customer inquiries) |
| Retention period | 5 years from responding to the inquiry (Hungarian Civil Code limitation period); if a contract is concluded, 8 years per the Accounting Act |
2.2 AI mini-audit feature
| Data processed | URL submitted by the user, IP address, audit scores, technical signals (e.g. response_ms, page_size_kb) |
|---|---|
| Purpose | providing the website audit service, abuse prevention (rate-limit), service improvement |
| Legal basis | GDPR Art. 6(1)(f), legitimate interest |
| Retention period | 12 months |
2.3 Iris chatbot
| Data processed | user messages, conversation history (client-side), IP address, timestamp |
|---|---|
| Purpose | operating the chatbot service, improving customer experience |
| Legal basis | GDPR Art. 6(1)(f), legitimate interest |
| Retention period | technical log: 30 days; content: not stored persistently server-side (the conversation lives in your browser) |
2.4 Server logs (independent of cookies)
| Data processed | IP address, browser identifier (User-Agent), request timestamp, request URL |
|---|---|
| Purpose | operations, security, troubleshooting |
| Legal basis | GDPR Art. 6(1)(f), legitimate interest |
| Retention period | 30 days |
3. Data processors
The Controller uses the following data processors:
| Hosting provider | tárhely.eu, server operations |
|---|---|
| Groq Inc. | USA, AI inference (chatbot, audit). Data transfer is based on GDPR Art. 49(1)(b), performance of a contract. Groq does not persistently store requests. |
| Email service | the confirmation email is sent through the hosting provider's SMTP |
4. Cookies
The site uses the minimum cookies required for operation (Laravel session cookie, CSRF token cookie). See details on the Cookie policy page.
5. Data subject rights (GDPR Art. 12-22)
- Right to information, you may request detailed information about our processing.
- Right of access, you may request a copy of the data we hold about you.
- Right to rectification, you may request correction of inaccurate data.
- Right to erasure ("right to be forgotten"), you may request deletion of your data if we have no legal basis to process it.
- Right to restriction, you may request temporary restriction of processing.
- Right to data portability, you may request the data you provided in a structured, machine-readable format.
- Right to object, you may object to processing based on legitimate interest.
- Right to withdraw consent, if consent is the legal basis, you may withdraw it at any time.
To exercise your rights, write to hello@riydesign.eu. We respond to requests within 30 days.
6. Remedies
If you believe our processing violates your rights, you may lodge a complaint with the supervisory authority:
| Authority | Hungarian National Authority for Data Protection and Freedom of Information (NAIH) |
|---|---|
| Address | Falk Miksa utca 9-11, 1055 Budapest, Hungary |
| Mailing address | P.O. Box 9, 1363 Budapest, Hungary |
| ugyfelszolgalat@naih.hu | |
| Web | naih.hu |
7. Data security
The Controller protects data with appropriate technical and organizational measures: HTTPS encryption, access control, regular backups, logging, and the hosting provider's security solutions.
8. Changes
The Controller may modify this notice unilaterally. Changes are published on the website; in the case of material changes, we also send a separate notice to those with a registered inquiry.