Privacy

Privacy Policy

This notice explains how personal data is processed in connection with your use of the assistant.nortinia.com website and the Nortinia AI Assistant product line. It is provided in accordance with Regulation (EU) 2016/679 — the General Data Protection Regulation (GDPR).

Last updated: 20 May 2026

Data controller

The data controller is Nortinia Kft. — the Hungarian subsidiary of the Nortinia Ltd. group. Under GDPR, the controller's responsibility extends to all personal data we collect through the assistant.nortinia.com website, the contact form, and any product demo session of the Nortinia AI Assistant.

Data controller
Nortinia Kft.
Registered seat
1125 Budapest, Városkúti út 17/B., Hungary
Hungarian registration
01-09-390508
Hungarian tax number
22958451-2-43
Privacy contact
info@nortinia.hu
Phone
+36 20 492 5378

What we process and why

We only request the personal data that is genuinely needed for the specific purpose. The list below itemizes each data category, the purpose, the legal basis under GDPR Article 6, and the retention period.

  • Log data (IP address, User-Agent, request type, timestamp, response code) — for secure operation of the site and abuse detection. Legal basis: legitimate interest (GDPR Art. 6(1)(f) — service security). Retention: 90 days.
  • Contact form data (name, email, optional company name, message) — to reply to your inquiry and prepare offers. Legal basis: pre-contractual measures (GDPR Art. 6(1)(b)). Retention: 3 years, or for the duration of the contractual relationship, after which the record is archived.
  • Marketing subscription (only if you explicitly opt in) — to send newsletters and product updates. Legal basis: explicit consent (GDPR Art. 6(1)(a)). Retention: until withdrawal.
  • Cookie data — strictly necessary cookies to store your language preference and theme (dark/light). See the Cookie Notice for details. Legal basis: legitimate interest (for strictly necessary cookies) or consent (for everything else).
  • Product demo sessions (if you sign up for a demo) — we need your name, email, and company name to deliver the demo and follow-up. Legal basis: pre-contractual measures.

Retention

We retain personal data only for as long as the purpose justifies. The table below summarizes the main retention periods. Once the retention period expires, the data is either deleted or — where required by law — moved to an archival (locked) state.

Log data (IP, UA)
90 days
Contact form data
3 years (or until the contractual relationship ends)
Marketing subscription
Until withdrawal
Billing data
8 years (Hungarian Accounting Act § 169)
Cookie — strictly necessary
Session end, max. 12 months
Cookie — analytics (if active)
Max. 12 months

Processors

We rely on a small number of technology partners who act as processors on our behalf and on our instructions. We have signed Data Processing Agreements (DPAs) with each of them. The list below summarizes the data they handle and the purpose.

  • Cloudflare, Inc. (USA) — CDN and WAF service; transatlantic transfer is covered by the EU-U.S. Data Privacy Framework. Data: IP address, User-Agent, request type.
  • Functional Software, Inc. dba Sentry (USA) — error monitoring (when enabled). Data: stack traces, browser identifier, optionally IP address. Transfer basis: EU SCCs.
  • Email delivery provider (Resend / Postmark / SES depending on configuration) — for sending contact-form confirmations and proposal emails. Data: name, email, message body.
  • Nortinia Internal Platform (NIP) — our own Kubernetes infrastructure in Hungary. This is where application-level processing and storage takes place.

International data transfers

Some of the processors above conduct processing operations outside the European Union (in the United States). For these transfers, the legal basis is either an adequacy decision of the European Commission (Data Privacy Framework, where applicable) or the European Commission's Standard Contractual Clauses (SCCs). Specific safeguards can be requested at info@nortinia.hu.

Your rights

Under GDPR Articles 12-22 you have the following rights regarding your personal data. Requests to exercise any of these rights — free of charge — can be sent to info@nortinia.hu. We will provide a substantive response within 30 days.

  • Right of access — you may request information about which personal data of yours we process, for what purpose, and for how long.
  • Right to rectification — you may request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — you may request deletion of your personal data under certain conditions.
  • Right to restriction — you may request restriction of processing in certain cases.
  • Right to data portability — you may request that your data be provided to you, or to another controller, in a structured, machine-readable format.
  • Right to object — you may object to processing based on legitimate interest.
  • Right to withdraw consent — you may withdraw your consent at any time, where the processing was based on it.
  • Right to lodge a complaint — you may contact the Hungarian Data Protection Authority (NAIH): 1055 Budapest, Falk Miksa utca 9-11., ugyfelszolgalat@naih.hu, or pursue your rights through the courts.

Automated decision-making

On this website and in the contact process we do not carry out automated decision-making or profiling that produces legal effects or similarly significant effects concerning you. During an AI assistant demo we may log the conversation for service-quality purposes, but any consequential decision is made by a human team member.

Data security

We protect personal data with technical and organizational measures against unauthorized access, alteration, and loss. These include TLS 1.2+ encryption in transit, AES-256-GCM at rest, role-based access control (RBAC), audit logging, and periodic reviews of access rights. In the event of a personal-data breach we follow GDPR Articles 33-34 — notifying NAIH and, where required, the affected individuals within 72 hours.

Contact

For any privacy question, rights exercise or feedback, reach us through the channels below. Designation of a Data Protection Officer (DPO) is not mandatory for us under GDPR Article 37(1), but all inquiries are handled through the general privacy address.

Privacy contact
info@nortinia.hu
General email
info@nortinia.com
Phone
+36 20 492 5378
Postal address
Nortinia Kft. — 1125 Budapest, Városkúti út 17/B., Hungary