Privacy Policy

Effective: December 15, 2025

1. Data Controller

Data Controller Name: Árpád Adankó
Company: Adanko Hungary Kft.
Company Registration Number: 06 09 021909
Tax Number: 25197868-2-06
Registered / Mailing Address: 6724 Szeged, Lehel utca 17. B. lház. 2. em. 7.
E-mail: [email protected]
Website: https://xmrd.io
Hereinafter: Service Provider, Data Controller

2. Purpose of Data Processing

Through the website, the Service Provider only receives messages for the purpose of contact, request for quotation, or information inquiry.

The purposes of data processing are:

Contacting the interested party
Sending feedback by e-mail
Communicating with the interested party

The Service Provider does not perform online payments, invoicing, or automated data processing.

3. Categories of Personal Data Collected

The Service Provider exclusively collects and processes the following data:

3.1. Mandatory Data

Name (full name)
E-mail address

3.2. Optional Data

Other information voluntarily provided by the client in the message (free text)

3.3. Automatically Collected Technical Data

Technical data generated during the website visit (e.g., IP address, log files) are automatically handled by the hosting provider. The Data Controller does not analyze these data nor link them to identifiable individuals.

4. Legal Basis for Data Processing

Data Type	Legal Basis	GDPR Reference
Contact details (name, e-mail)	Consent of the data subject	GDPR Article 6(1)(a)
Technical data	Legitimate interest – to ensure website operation	GDPR Article 6(1)(f)

Withdrawal of Consent
The data subject may withdraw consent at any time by contacting [email protected]. Withdrawal does not affect the lawfulness of prior data processing.

5. Data Retention Period

Data Type	Retention Period
Contact data (name, e-mail)	Up to 6 months after the inquiry is closed
E-mail messages	Up to 12 months

Deletion is carried out automatically or manually.

6. Data Transfers and Processors

The Service Provider uses the following data processors:

6.1. Hosting Provider

Rackhost Zrt.
Website: rackhost.hu
Purpose: Technical operation of the website
Processed Data: Technical data (IP address, log files)

6.2. E-mail Provider (Google Workspace)

Google Ireland Limited

Website: google.com/workspace
Purpose: E-mail communication
Processed Data: Name, e-mail address, message content
Type of Processing: Data Processor

Data Protection Guarantee: Google processes data under the EU–US Data Privacy Framework. Google compliance certificates: https://privacy.google.com/businesses/compliance/

6.3. Legal Data Transfer
In cases defined by law, the Data Controller is obliged to transfer data to authorities or courts (e.g., tax authorities, police, NAIH) if the transfer is required by legal obligations.

Examples:

Tax authority audits
Court summons

Law enforcement inquiries

7. Rights of Data Subjects

Data subjects have the right to request information about the processed data, access their personal data, rectify it, request deletion, request restriction of processing, object to processing based on legitimate interests, and request data portability.
Requests can be submitted via [email protected]; the Service Provider will respond within 30 days.

Right to Lodge a Complaint
If the data subject believes that the processing of their personal data violates applicable laws, they may lodge a complaint with the supervisory authority:

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)

Headquarters: 1055 Budapest, Falk Miksa utca 9-11
Mailing address: 1363 Budapest, Pf. 9
Phone: +36 (1) 391-1400
E-mail: [email protected]
Website: https://www.naih.hu

Complaint submission options:

Online complaint form on the NAIH website
By post
By e-mail

The data subject also has the right to take legal action.

9. Data Security

The Service Provider takes all reasonable technical and organizational measures to protect data from unauthorized access, alteration, transmission, or deletion.

9.1. Technical Measures

SSL/HTTPS encryption
Server-side firewall
Access rights management
Regular backups

9.2. Organizational Measures

Confidentiality obligations
Access limited to authorized personnel only

9.3. Handling Data Breaches

In case of a data breach, the Service Provider:

Notifies NAIH within 72 hours if necessary

Informs affected individuals when justified

10. Use of Cookies

The website does not use cookies for marketing or technical purposes.
If cookies are used in the future, the Service Provider will provide separate Cookie Information to visitors.

11. Protection of Minors

The service is not directed at persons under 16 years of age.
If the Service Provider becomes aware that it processes a minor’s data, the data will be deleted immediately.

12. International Data Transfers

Data may be transferred to the United States through Google services.
Google has a compliance certificate ensuring that data are processed in accordance with GDPR. More information: https://privacy.google.com/businesses/compliance/

13. Final Provisions

13.1. Amendment of the Policy

The Service Provider reserves the right to amend the Privacy Policy.
Changes will be published on the website.

13.2. Contact

E-mail: [email protected]

13.3. Entry into Force and Amendments

Effective Date: December 15, 2025
Last Modified: December 15, 2025