Last updated: 2026-07-12
Privacy Policy
This policy explains what this site processes, why that processing happens, who may receive the data, how long it may be kept, and what rights visitors may have.
Who controls the data
Mihaly Kertesz operates this site as a private individual in Hungary and is the controller for personal data processed directly through the site.
Privacy contact: km@kerteszmihaly.com
This site is currently an informational personal and professional website. It does not currently provide account registration, checkout, or a user dashboard.
Scope of this policy
This policy applies to personal data processed through this website, the contact form, related analytics, direct outreach initiated through the published contact details, and basic technical records needed to operate the site.
This policy does not control third-party websites, services, or platforms linked from this site. Those services operate under their own privacy terms.
Categories of data this site may process
| Category | Details |
|---|---|
| Technical usage data | IP-derived location at a coarse level, browser/device data, pages visited, referrer data, timestamps, interaction events, heatmap data, and masked session replay data collected through configured analytics tools only after analytics consent. |
| Consent records | Your cookie preference, the time it was recorded, and the related local storage or cookie values used to remember that choice. |
| Direct contact data | Any information you choose to include through the contact form or when contacting Mihaly by email, phone, LinkedIn, or another direct channel linked from the site. |
| Operational records | Basic hosting, security, or server-side logs that may be generated by the hosting platform, CDN, or infrastructure providers to keep the site available and secure. |
Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Operating the site and remembering consent preferences | Legitimate interests in running a functioning website and, where relevant, compliance with consent obligations for optional tracking. |
| Optional analytics | Consent. Analytics loads only after the visitor has opted in. |
| Handling direct enquiries | Steps requested before a possible contract under GDPR Article 6(1)(b) when you ask about consulting, a quote, or a possible engagement. Legitimate interests under Article 6(1)(f) apply to other relevant enquiries and correspondence management. |
| Security, abuse prevention, and availability | Legitimate interests in protecting the site, diagnosing failures, and preventing misuse. |
Contact form enquiries
The contact form collects the information needed to understand and reply to an enquiry. Name, email address, request type, urgency, and project summary are required. Company or project name, phone number, and budget range are optional.
The required fields are needed to identify the sender, understand the request, and send a useful reply. An enquiry submitted without them cannot be processed through the form.
Contact details are used to reply, clarify scope, discuss a possible engagement, and manage related follow-up. They are not added to a newsletter or used for direct marketing through this form.
Submitting the contact form does not enable optional analytics. Analytics and cookie preferences remain a separate consent choice.
Analytics and related recipients
This site may use Google Analytics 4 and Microsoft Clarity for optional measurement. If analytics consent is rejected, these analytics scripts should not load from the site's own measurement layer.
Analytics is used to understand page visits, high-level traffic patterns, outbound-link clicks, contact-related interactions, heatmaps, scroll behavior, and masked session replay. Contact form and booking areas are marked for Clarity masking so submitted contact details are not readable in recordings.
Depending on service configuration and applicable law, Google and Microsoft may act as processors, independent controllers, or both for parts of those services.
- No ad retargeting pixels are active on the site.
- No newsletter platform, checkout system, or on-site account database is part of the public site.
- The site does not use the Microsoft Clarity Identify API or send custom visitor IDs to Clarity.
- If a new third-party tool is added, this policy will be updated before that tool becomes part of normal public operation.
Sources of personal data
Personal data processed through this site generally comes from one of three sources: directly from the visitor, automatically from browser or device interaction, or from infrastructure/service providers involved in site delivery.
- Directly from you when you submit the contact form, send a message, or choose a cookie setting.
- Automatically from browser interaction when optional analytics is enabled or when hosting/security systems log site activity.
- From third-party platforms you choose to use, such as LinkedIn or email providers, when you contact Mihaly through those channels.
Retention periods
Data is kept only for as long as it remains reasonably necessary for the purpose for which it was collected, or for as long as retention is required to protect legitimate interests, resolve disputes, or meet legal obligations.
| Data type | Retention approach |
|---|---|
| Consent records | Up to 12 months unless cleared earlier by the visitor, replaced by a newer preference record, or expired automatically. |
| Analytics data | Subject to Google Analytics and Microsoft Clarity property settings and product configuration. Cookie lifetimes and analytics data retention are also affected by those providers' service behavior. |
| Unsuccessful contact enquiries | Up to 12 months after the last substantive communication, then deleted unless a longer period is needed for a legal claim, abuse investigation, or another legal obligation. |
| Enquiries that become an engagement | Relevant correspondence may move into contractual, accounting, legal-obligation, or legal-claims records and follow the retention period that applies to those records. |
| Operational/security logs | For the period reasonably required by the hosting, CDN, or security layer to maintain availability, investigate incidents, and protect the service. |
International transfers
Because analytics, hosting, CDN, or email-related services may operate internationally, personal data may be processed outside the visitor's home country, including in jurisdictions that do not provide the same level of data protection as the visitor's own jurisdiction.
Where transfers occur, they rely on the transfer tools, contractual measures, or service-provider safeguards made available by the relevant provider, subject to the legal limits of those mechanisms.
Legal claims and record preservation
Where reasonably necessary, relevant records may be retained or disclosed to establish, exercise, or defend legal claims, enforce agreements, respond to official requests, or investigate misuse affecting the site or its operator.
Automated decision-making
This site does not use personal data processed through its own public pages for automated decision-making or profiling that produces legal effects or similarly significant effects on visitors.
Recipients and service providers
- Hosting, infrastructure, CDN, and security providers used to publish and protect the site.
- Google, where analytics consent has been granted and Google Analytics is enabled.
- Microsoft, where analytics consent has been granted and Microsoft Clarity is enabled.
- Email delivery providers used to send contact-form notifications and replies.
- Email, telecom, or professional communication providers used when a visitor contacts Mihaly directly.
- Professional advisers, insurers, or authorities where disclosure is reasonably necessary to protect legal rights, respond to claims, or comply with law.
Visitor rights
Depending on the processing and applicable law, rights may include access, rectification, erasure, restriction, objection, portability, and complaint to a supervisory authority. Where processing relies on legitimate interests, you may object based on your particular situation.
Requests related to this site or direct communications can be sent to km@kerteszmihaly.com. A request may need enough detail to verify what records it relates to before action can be taken.
Consent applies to optional analytics, not to handling contact-form enquiries. Analytics consent can be withdrawn or changed at any time from the footer cookie-settings control without affecting processing that took place before the change.
You may lodge a complaint with Hungary's National Authority for Data Protection and Freedom of Information. See the official NAIH complaint and contact page.
Children and sensitive data
This site is not intended for children and is not designed to knowingly collect personal data from minors.
Please do not send special category data, highly confidential information, or regulated personal data through public contact channels unless a separate secure arrangement has first been agreed.
Security
Reasonable technical and organizational steps are taken to reduce common security risks, but no internet-facing site, email route, or third-party platform can guarantee absolute security.
Visitors should avoid sending secrets, credentials, or unnecessary sensitive material through normal contact channels unless a secure method has been agreed first.
Changes to this policy
This policy may be updated from time to time to reflect changes in the site, providers, analytics setup, legal requirements, or business operations.
The date at the top of the page shows the latest update point. Material changes should be reflected here before they become part of normal site operation.
