Securicert
Kft.
Log in

Legal Information

Privacy Notice

We process personal data in accordance with the GDPR and applicable Hungarian legal requirements.

Data Controller

Securicert Kft.
Tax number: 32600551-2-13
Company registration number: 13-09-235047
E-mail: securicertkft@gmail.com

Legal Background

Securicert Kft. processes personal data under Regulation (EU) 2016/679 (GDPR), Hungarian privacy legislation and applicable civil, accounting, tax and information security rules.

The main principles are lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.

Categories of Processed Data

  • Contact messages: name, e-mail address, phone number, subject, message, consent statement, submission date, admin reply and reply date.
  • Offer requests: company name, contact person, e-mail address, phone number, service type, project description, deadline, budget range, consent, admin reply and workflow status.
  • Registration: login e-mail, hashed password, role, registration type and status, company data or private individual name, address data, contact data, provider tax/company/bank data, service scopes, operating areas, audit ratings and customer search access data.
  • Customer account and access: active profile, multi-profile selection, search access status and expiry, provider/customer search permissions, deletion or retention tokens.
  • Prequalification: provider identifier, company name, selected prequalification area, answers, points, weighted scores, category results, final score, rating and submission date.
  • Administration: admin e-mail addresses, hashed passwords, mandatory password change status, two-factor authentication secret, activity log and workflow events.

Purposes of Processing

  • Handling contact messages, replies and expert consultation preparation.
  • Processing offer requests and preparing pre-contractual communication.
  • Managing provider and customer registrations, permissions and customer-area access.
  • Tracking registration, payment, invoicing and confirmation workflows.
  • Providing provider lists and detailed search functions based on permission levels.
  • Providing informative provider prequalification and administering its templates and results.
  • Maintaining admin security, two-factor authentication, auditability and abuse prevention.

Legal Bases

  • GDPR Article 6(1)(a): consent for contact, offer request and certain registration statements.
  • GDPR Article 6(1)(b): preparation and performance of contracts in relation to offer requests, registration and customer relationships.
  • GDPR Article 6(1)(c): compliance with legal obligations, especially accounting, tax and authority obligations.
  • GDPR Article 6(1)(f): legitimate interest in system security, administration, logging, legal claims and abuse prevention.

Processors and Data Transfers

Website operation may involve hosting, database, e-mail sending and version control providers, including Vercel, Neon/PostgreSQL, Gmail/SMTP, Resend and GitHub. Processors may handle data only to the extent necessary to provide their services.

Data Subject Rights

You may request access, rectification, erasure, restriction of processing and data portability, and you may object to processing based on legitimate interest. Consent may be withdrawn at any time without affecting the lawfulness of processing before withdrawal. Requests may be sent to securicertkft@gmail.com.

You may lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH), and you may also turn to the courts.

Retention

  • Contact and offer request data: until the matter is closed, or until the end of the limitation period if legal claims may arise.
  • Registration and customer account data: while the registration exists, and after deletion for necessary verification and legal periods.
  • Prequalification submissions and templates: while needed for customer profile operation, auditability or administrator-controlled deletion.
  • Accounting and payment data: for the retention period required by accounting and tax laws.
  • Admin activity logs: for two months, calculated in the CET/Budapest time zone.

Data Security

Passwords are stored as hashes, not as plain text. Admin accounts may use two-factor authentication. Access is role-based and separates administrator, provider and customer permissions. Technical and organizational measures aim to prevent unauthorized access, modification, deletion or disclosure.

Automated Decision-Making

The system does not apply automated decision-making or profiling that would produce legal effects or similarly significant effects. Informative prequalification calculates points and A-E ratings from voluntary answers, but it is not a final audit rating and does not replace a full expert audit.