Loading legal document…
Effective: 26 November 2025 • Last Updated: 26 November 2025
József Juhász (Hungarian private entrepreneur)
Katona József utca 14., Kecskemét, Hungary
Email: privacy@multicomply.com
This Privacy Notice explains how József Juhász ("we", "us", "our") collects, uses, stores, and protects your personal data when you use the MultiComply GDPR compliance platform ("Service").
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and Hungarian data protection laws.
This Notice applies to:
Data Controller:
József Juhász
Private Entrepreneur (Egyéni vállalkozó)
Katona József utca 14.
Kecskemét, Hungary
Contact for privacy inquiries:
Email: privacy@multicomply.com
Phone: +36 [Your phone number]
József Juhász holds professional DPO certification. However, under GDPR Article 37, a formal DPO appointment is not required because we do not engage in:
When you create an account, we collect:
| Data Category | Specific Data | Purpose | Legal Basis |
|---|---|---|---|
| Identity | Full name, job title, role | Account management, access control | Contract (Art. 6(1)(b)) |
| Contact | Business email, phone | Communication, account recovery | Contract (Art. 6(1)(b)) |
| Company | Company name, address, registration number, industry | Service provisioning, conflict checks | Contract (Art. 6(1)(b)) |
| Authentication | Password (hashed), login timestamp, IP | Security, fraud prevention | Contract (Art. 6(1)(b)) |
Note: We do NOT store full credit card numbers. Stripe handles all payment card data securely.
When you use the Service, we collect:
IMPORTANT: We do NOT send your document content to any AI service. Document generation is purely template-based with mail-merge technology.
| Cookie Name | Type | Purpose | Duration |
|---|---|---|---|
sb-access-token | Essential | Authentication (Supabase) | Session |
sb-refresh-token | Essential | Session persistence | 7 days |
language-preference | Functional | Remember language choice | 1 year |
_ga, _gid | Analytics (optional) | Google Analytics (if you consent) | 2 years / 24 hours |
Cookie Consent: We will ask for your consent before setting non-essential cookies. You can manage cookie preferences at any time via our Cookie Settings.
We process your personal data under the following legal bases:
| Processing Activity | Legal Basis (GDPR Article 6) |
|---|---|
| Account management, service delivery | Contract performance (Art. 6(1)(b)) |
| Billing, invoicing, payment | Contract performance + Legal obligation (Art. 6(1)(c)) |
| Security monitoring, fraud prevention | Legitimate interests (Art. 6(1)(f)) |
| Service improvement, analytics | Legitimate interests (Art. 6(1)(f)) |
| Marketing emails (newsletters) | Consent (Art. 6(1)(a)) |
| International data transfers | Consent (Art. 6(1)(a)) + SCCs |
We use your personal data to:
We engage the following third-party processors to help deliver the Service:
Current full processor list: multicomply.eu/subprocessors
Changes to processors: We will notify you 30 days before adding new processors. You may object to new processors, and if we proceed despite your objection, you may terminate your subscription without penalty.
✅ No AI services
We do NOT send your data to Anthropic Claude, OpenAI, or any other AI service for document generation. All documents are created using template-based mail-merge technology.
Supabase US Backup: While Supabase's primary servers are in the EU, backup replication occurs on US servers. This constitutes an international data transfer under GDPR Chapter V.
Safeguards in place:
Legal basis: Your consent (GDPR Article 49(1)(a)) + SCCs
You may:
We retain personal data only as long as necessary for the purposes set out in this Notice:
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Account data | 2 years after last login | Legitimate interests (reactivation) |
| Billing records | 8 years after invoice date | Legal obligation (Hungarian Accounting Act, Sztv. 169.§) |
| Generated documents | Until deletion OR 30 days after account closure | Contract performance |
| Activity logs | 3 years | Legitimate interests (security audits) |
| DSAR submissions | 3 years after completion | Legal obligation (GDPR accountability) |
| Support tickets | 2 years after closure | Legitimate interests |
| Marketing consent | Until consent withdrawn | Consent |
We may retain data longer if:
We implement the following technical and organisational measures to protect your data (GDPR Article 32):
Encryption:
Access Controls:
Infrastructure:
No system is 100% secure. While we implement industry-standard security measures, we cannot guarantee absolute security. You acknowledge and accept the inherent risks of internet-based data transmission.
Your responsibilities:
As a data subject, you have the following rights:
We do NOT conduct automated decision-making with legal effects or profiling. Template generation is automated but does NOT produce legal effects or significantly affect you, as documents must be reviewed by a lawyer before use.
Email: privacy@multicomply.com
Subject Line: [Type of Request] (e.g., "Data Access Request")
Include: Your full name, email address registered with Service, description of request, proof of identity (if we cannot verify your account)
Response time: 30 days (may extend to 60 days for complex requests; we will notify you)
Refusal: If we refuse your request, we will explain why and inform you of your right to complain to NAIH.
If you believe we have violated your data protection rights, you have the right to lodge a complaint with the supervisory authority:
Hungarian Supervisory Authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
National Authority for Data Protection and Freedom of Information
Address: Szilágyi Erzsébet fasor 22/C, H-1125 Budapest, Hungary
Phone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Website: naih.hu
When to complain:
We encourage you to contact us first so we can attempt to resolve the issue directly. However, you have the right to complain to NAIH at any time.
If we discover a personal data breach, we will:
We may NOT notify you if:
If you become aware of a potential data breach involving MultiComply or wish to report a security incident, please notify us immediately:
Reports are treated confidentially and help us protect all users.
Age restriction: The Service is NOT intended for children under 16 years old (14 in Hungary under Act CXII of 2011).
No knowing collection: We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact privacy@multicomply.com and we will delete it immediately.
Parental consent: If processing children's data is necessary for your business (e.g., school records), YOU are responsible for obtaining valid parental consent under GDPR Article 8.
Some browsers offer "Do Not Track" (DNT) signals. We do not currently respond to DNT signals because there is no industry-wide standard for interpretation.
If you do not want to be tracked:
We may update this Privacy Notice to reflect:
You may:
Version history: multicomply.eu/privacy/changelog
Questions about this Privacy Notice or your data?
Email: privacy@multicomply.com
Subject: "Privacy Inquiry"
Email: privacy@multicomply.com
Subject: [Request Type]
(e.g., "Data Access Request")
József Juhász
Katona József utca 14.
Kecskemét, Hungary
info@multicomply.com
BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY NOTICE AND AGREE TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA AS DESCRIBED HEREIN.
Document ID: MCOMPLY-PRIVACY-2026-01-01
Version: 1.0
Effective Date: 26 November 2025
Last Updated: 26 November 2025
GDPR Compliance: Articles 12-14 (Transparency), Articles 15-22 (Data Subject Rights), Article 32 (Security), Articles 33-34 (Breach Notification)