Privacy Policy

Privacy in FlyIT digital services.

This notice clearly summarizes how we process the personal data of website visitors, prospects, customers, project partners, training participants, and support request submitters.

Privacy question Terms and Conditions
GDPR principles controller and processor roles support for customer systems
FlyIT privacy policy Security Data subject rights
Updated notice Website, proposal, project, support, training
Data controller

Who processes the data?

FlyIT Kft.

Registered office
2316 Tököl, Dózsa György utca 19.
Tax number
27839294-2-13

Controller or processor?

FlyIT acts as a data controller for its own website, proposals, customer relations, invoicing, marketing, ticketing, and support processes. When we work with personal data in a customer system for purposes defined by the customer, we usually act as the customer’s data processor, following the customer’s instructions.

Processed data and purposes

We process only the data needed to provide the service and maintain contact.

Contact and quotation requests

Name, company name, position, email, phone number, and message content. Purpose: contact, quotation, and business communication. Legal basis: preparation of a contract or legitimate interest.

Projects and development

Contact details, requirements, meeting notes, access information, and test data. Purpose: development, implementation, consulting, and handover. Legal basis: performance of a contract.

Tickets and support

Reporter details, system information, screenshots, error description, and logs. Purpose: troubleshooting, support, and security. Legal basis: performance of a contract and legitimate interest.

Education and training

Participant name, email address, company, attendance, and training-related communication. Purpose: organizing and delivering training.

Invoicing and legal obligations

Billing data, contracts, and performance certificates. Purpose: meeting accounting and tax obligations. Legal basis: legal obligation.

Website and analytics

Technical identifiers, cookies, IP address, browser data, and visit statistics. Purpose: security, operation, user experience, and measurement. Legal basis: consent or legitimate interest.

Legal bases

The legal basis for processing always depends on the specific situation.

ContractQuotations, project work, support, training, implementation, and performance.
Legal obligationInvoicing, bookkeeping, tax, and accounting retention obligations.
ConsentOptional marketing, non-essential cookies, and certain voluntary processing activities.
Legitimate interestIT security, fraud prevention, quality assurance, customer relations, and enforcement of claims.
Customer systems

When we work in a customer system, the customer determines the purposes of processing.

When implementing Microsoft 365, Power Platform, DVP, SharePoint, Dataverse, or custom business applications, FlyIT may access customer-side data. In these cases, the customer is responsible for the processing purpose, legal basis, notices, and handling of data subject rights, while FlyIT acts according to the customer’s instructions.

  • We request only the access needed to perform the service.
  • For testing, we recommend anonymized or sample data whenever possible.
  • Access granted for the project or support must be reviewed when the project or support ends.

Data processing agreement

If a project involves regular or substantial processing of personal data, a separate data processing agreement or contractual privacy clause may define the parties’ tasks, security measures, and subprocessors.

Retention periods

We do not retain data longer than necessary.

Business and project data

Quotation request
Until the consultation closes, or based on legitimate interest for no longer than the usual duration of the business relationship.
Contract and project
Until the contract is performed, then until the limitation period for legal claims expires.
Invoices
For the period required by accounting and tax retention rules.

Support and technical data

Tickets
Until the support case is closed, then for the time needed for quality assurance and enforcement of legal claims.
Logs
For security and operational purposes, for the minimum necessary period.
Marketing consent
Until withdrawn or until the purpose ceases.
Data subject rights

You have the right to request information and exercise your rights under the GDPR.

Access and information

You may ask whether we process personal data about you and, if so, for what purpose.

Rectification

You may request correction of inaccurate or incomplete data.

Erasure and restriction

You may request erasure or restriction of processing if the legal conditions apply.

Data portability

In certain cases, you may request your data in a machine-readable format.

Objection

You may object to processing based on legitimate interest.

Withdrawal of consent

Where processing is based on consent, you may withdraw your consent at any time.

Remedies

For privacy questions, you may first contact FlyIT Kft. at info@flyit.hu You may also lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information.

NAIH
1055 Budapest, Falk Miksa utca 9-11.
Email
ugyfelszolgalat@naih.hu
Web
www.naih.hu
Data security

We protect data with technical and organizational measures.

  • Restricting access and applying the principle of least privilege.
  • Logging, password and access protection, and backups where relevant.
  • Privacy by design in development and implementation projects.
  • In the event of a data breach, investigation, documentation, and notification where required.
Privacy

Do you have a question about data processing?

Write to us and we will help identify whether the matter concerns website, customer relationship, or customer-system data processing.

info@flyit.hu
HomePrivacy policy

1. Introduction and scope

FlyIT Kft. processes personal data in accordance with applicable European Union and Hungarian laws, ensuring lawful, fair, and transparent processing, data security, and the exercise of data subject rights.

Purpose: to clearly explain what personal data we process, for what purpose and legal basis, how long we retain it, to whom we disclose it, what security and organizational measures we apply, and what rights data subjects have.

2. Data controller details

  • Name: FlyIT Limited Liability Company
  • Registered office: 2316 Tököl, Dózsa György utca 19.
  • Tax number: 27839294‑2‑13 • Company registration number: 13‑09‑220038
  • Email: info@flyit.hu

Data Protection Officer (DPO): Korek György • gyorgy.korek@flyit.hu

3. Roles and responsibilities

3.1 FlyIT mint data controller

FlyIT acts as data controller for personal data processed on its own websites, in newsletters, sales, and customer relationship processes.

3.2 FlyIT mint data processor in customer projects

  • In customer assignments (development, operation, consulting, Power Apps/Power Automate), we usually act as a processor based on the customer’s written instructions.
  • The customer, as controller, is responsible for the legal basis, notices, fulfillment of data subject rights, and data accuracy.
  • We act only on documented instructions and are entitled to refuse any instruction that violates the law or the rights of data subjects.
  • Subcontractors (subprocessors) are involved only with appropriate confidentiality and privacy safeguards; we inform the customer accordingly.

4. Categories of personal data processed

4.1 Customer and user data

  • Basic data: name, company name, position, email, phone number, billing/shipping address.
  • Contract/payment data: orders, contracts, performance and billing data (we do not store full card details).
  • Communication: quotation requests, tickets, support and project correspondence, meeting notes.

4.2 Technical and log data

  • IP address, device and browser data, timestamps, viewed resources, error logs, access and change logs.
  • Performance and security telemetry, audit trails (with pseudonymized identifiers).

4.3 Special categories of data

As a rule, we do not request or process special categories of personal data. If a customer system requires this, we provide prior written notice, and processing takes place only with an appropriate legal basis and safeguards, strict access restrictions, and encryption.

5. Processing purposes and legal bases

  • Performance and preparation of a contract: development, operation, support, license and project management.
  • Legitimate interest: IT security, fraud prevention, system operation, bug fixing, quality assurance, CRM; balancing test documented.
  • Consent: newsletter, marketing and analytics cookies; can be withdrawn at any time.
  • Legal obligation: accounting/tax retention and compliance with authority requests.

6. Data collection sources

  • Directly from the data subject (forms, contracting, support, communication).
  • Automatic collection (logs, security systems, performance monitoring).
  • Data provided by a customer/partner (in a processor role).
Liability clause: if FlyIT acts as processor, the customer/partner is responsible for the lawfulness of the data provided; we are not responsible for unlawful or unfair data transfers.

7. Recipients and transfers

Where necessary for processing, we use processors (such as hosting, email and messaging, ticket management, runtime environments, and security monitoring). Processors contractually undertake confidentiality, appropriate technical and organizational measures, and use data only for the contractual purpose.

Transfers to third countries (outside the EU/EEA) may take place only with appropriate safeguards and prior notice.

Third-party systems: the provider and/or customer is responsible for processing and settings in external systems selected or managed by the customer (cloud providers, analytics, email/marketing, external APIs). FlyIT is not responsible for processing over which it has no control.

8. Data security and development standards

  • Encryption: protection of data in transit and at rest; key management with controlled permissions.
  • Access control: role-based (RBAC), strong authentication, permission reviews.
  • Logging and audit: retention of access, change, and error logs; protection against tampering.
  • Backups and recovery: versioned, separate backups; recovery tests.
  • Development lifecycle: privacy by design/default, code review, vulnerability management, prevention of secret leaks.
  • Data segregation: logical/physical separation by customer, minimal data linking.
  • Testing: the default method is synthetic/pseudonymized test data; production data may enter test environments only with written permission and controlled safeguards.
  • Supplier control: subcontractor due diligence, confidentiality and privacy obligations.
  • Training and background checks: regular privacy and IT security training for staff; checks before sensitive access.

9. Handling data breaches

  • When a breach is detected, immediate triage, root-cause analysis, scope, and risk assessment are performed.
  • Authority notification and data subject notice are made where necessary; corrective and preventive actions are documented.
  • A breach log is maintained; follow-up corrective actions and responsibility review are performed.
Customer notification obligation: if the customer detects a data breach in its own systems, it must notify FlyIT in writing without delay and cooperate in remediation.

10. Retention periods

  • Contractual and financial data: for the statutory period (typically 8 years).
  • Log data: 6–24 months, then deletion or anonymization based on business and security needs.
  • Marketing data: until consent is withdrawn, or deletion after a reasonable period of inactivity.

11. Data subject rights and request handling

  • Access and information: data processed by us, purposes, legal bases, recipients, retention periods.
  • Rectification, erasure (“right to be forgotten”), restriction.
  • Data portability: in a structured, machine-readable format.
  • Objection to processing based on legitimate interest.
  • Withdrawal of consent (e.g. marketing/analytics).

Requests are accepted at info@flyit.hu. We respond within no more than 1 month. We may request reasonable data verification for identification.

Abusive requests: for manifestly unfounded or excessive requests, we may charge a fee or refuse fulfillment where permitted by law.

12. Cookies and online tracking

We use cookies necessary for operation; analytics and marketing cookies are activated only with consent, which can be changed or withdrawn at any time.

  • Necessary session, security, load balancing.
  • Analytics aggregated statistics and performance; only with consent.
  • Marketing remarketing/conversion; only with consent.

13. Data processing in customer systems – obligations and protection

  • The customer warrants that the provided data was collected lawfully and that data subjects received appropriate notice.
  • The customer is responsible for purposes, legal bases, fulfillment of data subject rights, and data quality.
  • The customer must provide necessary information (e.g. impact assessment, data flow map, transfer safeguards).
  • The customer bears the risk and responsibility for settings related to its own systems (e.g. external integrations, analytics, cloud, email).
  • FlyIT may refuse any unlawful or unreasonable instruction and suggest an alternative lawful solution.

14. Liability, limitation of damages, and risk allocation

FlyIT’s liability is limited to direct, proven damages, up to the amount of fees paid for the relevant period under the applicable service contract(s). We are not liable for indirect or consequential damages, including but not limited to lost profit, data loss, business interruption, or reputational damage.

Indemnification: the customer must indemnify FlyIT for any claim, damage, cost, or fine arising from the customer’s unlawful data transfer, lack of legal basis, or deficiencies in a third-party system.

15. Confidentiality and trade secrets

All personal data and business information are confidential; our staff and subcontractors undertake confidentiality obligations. Information may be accessed only by those who need it and are authorized.

16. Audit and inspection rights

  • The customer may, at reasonable frequency and scope, verify that FlyIT fulfills its data protection obligations.
  • The audit must be agreed in advance; access may be limited to protect trade secrets and other customers’ data.
  • FlyIT may recover unreasonable costs and resource demands arising from an audit if the inspection is excessive or repeated.

17. Data Processing Agreement (DPA) and documentation

In the case of processing activities, a separate DPA is concluded, defining the subject, duration, purpose, data categories, categories of data subjects, security measures, subcontractor involvement, audit rights, transfer safeguards, and liability provisions.

We maintain records of processing activities and conduct data protection impact assessments where necessary.

18. Protection of minors

Our services are not specifically aimed at children; we process minors’ data only within the legal framework and with special safeguards. In the event of unauthorized transfer, we initiate deletion.

19. Automated decision-making and profiling

We do not use automated decision-making that affects data subjects’ rights or significant interests. If such functionality appears in a customer system, it may operate only with separate notice, an appropriate legal basis, and safeguards.

20. Changes and notifications

We update this notice from time to time. In case of material changes, we display a clear notice on the website and, where appropriate, send separate communication to data subjects.

Version history

  • v1.0.1 (2021-02-02): Cookie notice.
  • v1.0.2 (2022-04-26): Company details updated.
  • v3.0 (2025-12-01): Comprehensive expansion and strengthening of liability and protection clauses.

21. Remedies

If you believe that the processing of your personal data is unlawful, you may contact us directly (info@flyit.hu). You may also lodge a complaint with the Hungarian supervisory authority.

22. Contact

  • Email: info@flyit.hu
  • Postal address: 2316 Tököl, Dózsa György utca 19.

Managing your data

In the panel on the right, you can request information about what data we process about you. You can also easily request deletion of your data.

If you request deletion of your data, we will respond to the email address provided and also delete the submitted message from our servers.

I have read the FlyIT privacy policy.
Back to the home page
HomePrivacy Policy