MKLast updated: 2026-04-13
Privacy Policy
This policy explains what this site processes, why that processing happens, who may receive the data, how long it may be kept, and what rights visitors may have.
Who controls the data
Mihaly Kertesz operates this site as an individual person.
Privacy contact: km@kerteszmihaly.com
This site is currently an informational personal and professional website. It does not currently provide account registration, checkout, or a user dashboard.
Scope of this policy
This policy applies to personal data processed through this website, related analytics, direct outreach initiated through the published contact details, and basic technical records needed to operate the site.
This policy does not control third-party websites, services, or platforms linked from this site. Those services operate under their own privacy terms.
Categories of data this site may process
| Category | Details |
|---|---|
| Technical usage data | IP-derived location at a coarse level, browser/device data, pages visited, referrer data, timestamps, and interaction events collected through Google Analytics only after analytics consent. |
| Consent records | Your cookie preference, the time it was recorded, and the related local storage or cookie values used to remember that choice. |
| Direct contact data | Any information you choose to include when contacting Mihaly by email, phone, LinkedIn, or another direct channel linked from the site. |
| Operational records | Basic hosting, security, or server-side logs that may be generated by the hosting platform, CDN, or infrastructure providers to keep the site available and secure. |
Purposes and legal bases
| Purpose | Legal basis |
|---|---|
| Operating the site and remembering consent preferences | Legitimate interests in running a functioning website and, where relevant, compliance with consent obligations for optional tracking. |
| Optional analytics | Consent. Analytics loads only after the visitor has opted in. |
| Handling direct enquiries | Legitimate interests in responding to relevant messages and, where applicable, taking steps at the request of the sender before a possible professional engagement. |
| Security, abuse prevention, and availability | Legitimate interests in protecting the site, diagnosing failures, and preventing misuse. |
Analytics and related recipients
This site uses Google Analytics 4 for optional measurement. If analytics consent is rejected, the analytics script should not load and analytics events should not be sent from the site's own measurement layer.
Analytics is used to understand page visits, high-level traffic patterns, outbound-link clicks, and contact-related interactions such as reveal or click actions tied to public contact details.
Depending on service configuration and applicable law, Google may act as a processor, independent controller, or both for parts of that service.
- No ad retargeting pixels are active on the site.
- No newsletter platform, checkout system, or on-site account database is part of the public site.
- If a new third-party tool is added, this policy will be updated before that tool becomes part of normal public operation.
Sources of personal data
Personal data processed through this site generally comes from one of three sources: directly from the visitor, automatically from browser or device interaction, or from infrastructure/service providers involved in site delivery.
- Directly from you when you send a message or choose a cookie setting.
- Automatically from browser interaction when optional analytics is enabled or when hosting/security systems log site activity.
- From third-party platforms you choose to use, such as LinkedIn or email providers, when you contact Mihaly through those channels.
Retention periods
Data is kept only for as long as it remains reasonably necessary for the purpose for which it was collected, or for as long as retention is required to protect legitimate interests, resolve disputes, or meet legal obligations.
| Data type | Retention approach |
|---|---|
| Consent records | Up to 12 months unless cleared earlier by the visitor or replaced by a newer preference record. |
| Analytics data | Subject to Google Analytics property settings and Google's product configuration. Retention is kept as short as practical for the reporting need. |
| Direct messages | For as long as reasonably needed to reply, follow up, assess project fit, manage a commercial discussion, or protect against later disputes. |
| Operational/security logs | For the period reasonably required by the hosting, CDN, or security layer to maintain availability, investigate incidents, and protect the service. |
International transfers
Because analytics, hosting, CDN, or email-related services may operate internationally, personal data may be processed outside the visitor's home country, including in jurisdictions that do not provide the same level of data protection as the visitor's own jurisdiction.
Where transfers occur, they rely on the transfer tools, contractual measures, or service-provider safeguards made available by the relevant provider, subject to the legal limits of those mechanisms.
Legal claims and record preservation
Where reasonably necessary, relevant records may be retained or disclosed to establish, exercise, or defend legal claims, enforce agreements, respond to official requests, or investigate misuse affecting the site or its operator.
Automated decision-making
This site does not use personal data processed through its own public pages for automated decision-making or profiling that produces legal effects or similarly significant effects on visitors.
Recipients and service providers
- Hosting, infrastructure, CDN, and security providers used to publish and protect the site.
- Google, where analytics consent has been granted and Google Analytics is enabled.
- Email, telecom, or professional communication providers used when a visitor contacts Mihaly directly.
- Professional advisers, insurers, or authorities where disclosure is reasonably necessary to protect legal rights, respond to claims, or comply with law.
Visitor rights
Depending on the law that applies to a visitor, rights may include access, rectification, erasure, restriction, objection, portability, withdrawal of consent, and complaint to a supervisory authority.
Requests related to this site or direct communications can be sent to km@kerteszmihaly.com. A request may need enough detail to verify what records it relates to before action can be taken.
Analytics consent can also be changed at any time from the footer cookie-settings control.
Children and sensitive data
This site is not intended for children and is not designed to knowingly collect personal data from minors.
Please do not send special category data, highly confidential information, or regulated personal data through public contact channels unless a separate secure arrangement has first been agreed.
Security
Reasonable technical and organizational steps are taken to reduce common security risks, but no internet-facing site, email route, or third-party platform can guarantee absolute security.
Visitors should avoid sending secrets, credentials, or unnecessary sensitive material through normal contact channels unless a secure method has been agreed first.
Changes to this policy
This policy may be updated from time to time to reflect changes in the site, providers, analytics setup, legal requirements, or business operations.
The date at the top of the page shows the latest update point. Material changes should be reflected here before they become part of normal site operation.