Privacy Policy
1. Introduction
DRSB Pontus Kft. (registered office: 1137 Budapest, Pozsonyi út 25. 4/5; tax no.: 32907913-2-41; company reg. no.: 01-09-448904) (the "Controller", "we") processes personal data as set out in this notice, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR").
This notice governs the data processing of the website https://cyberment.ee and is available at https://cyberment.ee/privacy-policy. Amendments take effect upon publication at that address.
2. The Controller and contact details
- Name: DRSB Pontus Kft.
- Registered office: 1137 Budapest, Pozsonyi út 25. 4/5, Hungary
- Email: [email protected]
We have not appointed a Data Protection Officer, as we are not required to.
3. Definitions (short form)
- Personal data: any information relating to an identified or identifiable natural person ("data subject").
- Processing: any operation performed on personal data (collection, storage, use, disclosure, erasure, etc.).
- Controller: the party that determines the purposes and means of processing — here, DRSB Pontus Kft.
- Processor: a party that processes personal data on the Controller's behalf.
- Recipient: a party to whom personal data is disclosed.
- Consent: a freely given, specific, informed and unambiguous indication of the data subject's wishes.
- Data breach: a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
4. Principles
We process personal data lawfully, fairly and transparently; for specified, explicit and legitimate purposes only; limited to what is necessary (data minimisation); accurately and kept up to date; for no longer than necessary (storage limitation); and with appropriate security (integrity and confidentiality). We are accountable for, and able to demonstrate, compliance with these principles.
5. Processing via the contact / inquiry form
This is the only point on the website where we actively collect personal data from you.
| Personal data | Purpose | Legal basis |
|---|---|---|
| Name | Identification, addressing you | Pre-contractual steps at your request — GDPR Art. 6(1)(b); and our legitimate interest in responding to business inquiries — Art. 6(1)(f) |
| Work email | Contact, replying to your inquiry | as above |
| Company (optional) | Understanding your context | as above |
| Team size (optional) | Understanding your context | as above |
| Message | Handling your inquiry | as above |
| Submission timestamp, IP address | Technical operation, security, abuse prevention | Our legitimate interest in the security of the service — Art. 6(1)(f) |
How a submission is handled. When you submit the form, the data is (a) sent to us by email, and (b) passed to our automation workflow (n8n) and customer-relationship system (Twenty CRM), both self-hosted on our own infrastructure. The workflow triggers a notification to us and an automatic confirmation email to you (sent via our email service provider, Brevo). See the recipients table in section 9.
Providing the data: providing your name and email is necessary for us to reply; the company and team-size fields are optional. If you do not provide the required data, we cannot respond to your inquiry.
Retention: we keep inquiry data for 24 months from our last contact with you, after which it is deleted, unless a client engagement begins (see section 12) or you ask us to delete it sooner.
You can also contact us directly by email at [email protected] instead of using the form; the same purposes, legal basis and retention apply.
6. Spam / abuse protection (Cloudflare Turnstile)
To protect the form (and the imprint) from automated abuse, we use Cloudflare Turnstile. This processes technical data (including your IP address and browser signals) to distinguish humans from bots. Legal basis: our legitimate interest in the security of the service — GDPR Art. 6(1)(f). Cloudflare acts as our processor; see section 9.
7. Cookies
| Cookie type | Legal basis | Retention |
|---|---|---|
| Strictly necessary (security/Turnstile, your cookie-consent choice, your accessibility preferences) | No consent required; necessary for the service to function | Session, or until you clear your browser storage |
| Analytics / marketing cookies | Your consent — GDPR Art. 6(1)(a) | 1 day – 2 years, or until you withdraw consent |
We ask for your consent in a cookie banner before any non-essential cookies are set, using Google Consent Mode v2 (consent defaults to denied until you choose). "Accept all" and "Reject all" are offered with equal prominence. You can change or withdraw your choice at any time:
8. Web analytics (Google / Google Tag Manager)
Subject to your consent (section 7), we use Google Tag Manager and Google analytics tools to understand how the site is used. IP anonymisation is applied. Google acts as our processor / independent recipient under its own terms. You can prevent analytics processing by rejecting analytics cookies in our banner or in your browser. Google's privacy policy: policies.google.com/privacy
9. Recipients and processors
We only use processors that provide appropriate guarantees under the GDPR. Processors act solely on our instructions.
| Activity | Name, seat, contact |
|---|---|
| Web & email hosting, and the infrastructure running our self-hosted automation (n8n) and CRM (Twenty) | Hostinger UAB, 61 Lordou Vironos Street, 6023 Larnaca, Cyprus · [email protected] · hostinger.com |
| DNS, CDN & bot protection (Turnstile) | Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA · cloudflare.com/privacypolicy |
| Transactional email (notification + auto-reply) | Brevo (Sendinblue SAS), 106 boulevard de Sébastopol, 75002 Paris, France · brevo.com |
| Web analytics (with your consent) | Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland |
| Advertising & retargeting (with your consent) | Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland; LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland |
Our automation (n8n) and CRM (Twenty) are software we run ourselves on the infrastructure above; they are not separate third-party recipients of your data. We disclose personal data to public authorities only where required by law.
10. Advertising and retargeting tools (Meta Pixel, LinkedIn Insight Tag)
Subject to your consent (GDPR Art. 6(1)(a) — marketing cookies in our banner), we use the following tools to measure and optimise our advertising and reach, and to build retargeting audiences:
- Meta Pixel — Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (facebook.com/privacy/policy).
- LinkedIn Insight Tag — LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (linkedin.com/legal/privacy-policy).
These tools may set cookies and share event data (such as page views, clicks, form submissions, IP address and browser/device data) with Meta and LinkedIn respectively, which act as controllers for that data under their own terms. The LinkedIn Insight Tag also provides us with aggregate, non-identifying professional data about our visitors (industry, job function, company size, seniority). You can refuse all of this by rejecting marketing cookies in our consent banner.
11. Social media presence
We maintain profiles on LinkedIn and Facebook to present our services and engage with prospects and clients. We process publicly available profile data and any interactions you initiate (comments, messages). Legal basis: your consent on those platforms — GDPR Art. 6(1)(a). The platforms are their own controllers under their own privacy policies. Messages and interactions are retained for up to 2 years. We do not extract or build profiles from social media beyond responding to your messages.
12. Client relationships and accounting
If your inquiry leads to a training or consulting engagement, we process the contact and contractual data necessary to perform the contract (GDPR Art. 6(1)(b)). Invoices and supporting accounting records are retained for 8 years as required by Section 169(2) of Act C of 2000 on Accounting — a legal obligation (Art. 6(1)(c)).
13. Your rights
You have the right to: access your data; rectification; erasure ("right to be forgotten"); restriction of processing; data portability; object to processing based on legitimate interest; and to withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).
You can exercise these rights:
- by post: 1137 Budapest, Pozsonyi út 25. 4/5, Hungary
- by email: [email protected]
14. Response deadline
We inform you of the action taken on your request without undue delay, and in any case within 1 month of receipt. This may be extended by a further 2 months where necessary; we will tell you within 1 month if so, with reasons. If we do not act on your request, we will tell you within 1 month why, and that you may lodge a complaint with the supervisory authority and seek a judicial remedy.
15. Security of processing
We apply appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including: encryption in transit (TLS/HTTPS); access control and authentication; least-privilege access to systems; regular backups; and antivirus/hardening of the systems used. Access to personal data is limited to authorised persons.
16. Data breaches
Where a breach is likely to result in a high risk to your rights and freedoms, we inform you without undue delay. We notify the competent supervisory authority of a breach without undue delay and, where feasible, within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk.
17. Complaints — supervisory authority
You may lodge a complaint with the Hungarian supervisory authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
1055 Budapest, Falk Miksa utca 9-11. · Postal: 1363 Budapest, Pf. 9.
Phone: +36-1-391-1400 · Email: [email protected] · naih.hu
You also have the right to an effective judicial remedy.
18. Changes to this notice
We may update this notice; changes take effect upon publication at the address in section 1.