Privacy Notice
Version 1.0 · May 2025 · EMP42 Consulting Kft.
1. Introduction and Identity of the Data Controller
This Privacy Notice (the “Notice”) is issued in fulfilment of the information and transparency obligations under Articles 13 and 14 of Regulation (EU) 2016/679 (the “GDPR”). This Notice is not a contract requiring acceptance, but a mandatory transparency notice whose acknowledgement is a precondition for using the Platform. During registration, a single mandatory checkbox confirms that you have read and accept Audit41’s Terms of Service and this Notice.
This Notice describes how EMP42 Consulting Kft. (“EMP42” or the “Service Provider”; registered seat: 1077 Budapest, Rottenbiller u. 35.; company registration number: 01-09-451522) collects, uses, stores, and shares personal data in connection with the Audit41 platform (the “Platform”) and related services.
EMP42 acts as data controller in respect of personal data it collects directly from visitors to the website and in connection with its marketing activities. In respect of personal data processed on behalf of clients through the Platform, EMP42 acts as data processor (see Section 9).
This Notice applies to:
- visitors to the Audit41 website (audit41.ai);
- persons registered for or using the Platform;
- representatives of business clients communicating with EMP42.
For questions or requests concerning this Notice, please contact us at: legal@emp42.ai
2. Legal Bases for Processing
We process personal data only where a legal basis under the GDPR and applicable national data protection law exists. The legal bases we rely on are:
- Article 6(1)(b) GDPR – performance of a contract: processing necessary to provide the Platform service to registered users and clients.
- Article 6(1)(a) GDPR – consent: where you have given specific, informed, and freely given consent (e.g. newsletter or marketing communications subscription).
- Article 6(1)(c) GDPR – legal obligation: processing necessary to comply with applicable law, including tax, accounting, and regulatory obligations.
- Article 6(1)(f) GDPR – legitimate interests: processing necessary for EMP42’s legitimate business interests – such as service development, Platform security, and fraud prevention – provided these are not overridden by your rights and interests.
3. Categories of Personal Data Processed
3.1 Data you provide to us
When registering for the Platform, using the Platform, or contacting EMP42, we may collect:
- registration data: full name, work e-mail address, company name, job title, and password;
- account and profile data: preferences and settings chosen within the Platform;
- communications data: content of messages sent to us by e-mail or through customer support channels;
- payment and billing data: billing information (processed through our payment provider; we do not store full payment card data).
3.2 Data we collect automatically
When you visit our website or use the Platform, we automatically collect:
- usage data: pages visited, features used, actions taken, session duration, and click patterns;
- technical data: IP address, browser type and version, operating system, device type, and time zone;
- log data: server logs, error reports, and access timestamps.
3.3 Data from third-party sources
We may also receive limited personal data from third-party sources – such as identity verification providers, payment processors, or publicly available company registers – where this is reasonable or required by law to provide our services.
4. Purposes for Which We Use Personal Data
We process personal data for the following purposes:
- Providing the Platform: creating and managing user accounts, providing compliance analyses and AI-generated outputs, and providing customer support.
- Service-related communications: sending transactional e-mails such as account confirmations, subscription renewal reminders, compliance deadline notifications, and security alerts. This processing is necessary for the performance of the contract and does not require separate consent.
- Marketing communications: sending newsletters, product updates, webinar invitations, and compliance background material, where you have given consent. You may withdraw your consent at any time (see Section 8).
- Platform improvement: analysing usage patterns to improve features, performance, and user experience, on the basis of legitimate interests.
- Security and fraud prevention: monitoring suspicious activity, protecting the integrity of the Platform, and safeguarding user accounts.
- Legal compliance: complying with applicable law, including lawful requests from public authorities.
- Prohibition on use of data for AI model training: we do not use personal data submitted through the Platform to train, fine-tune, or develop any artificial intelligence or machine learning model, unless you have given explicit written consent.
5. Use of Cookies
5.1 What is a cookie?
A cookie is a small text file placed on your device when you visit our website or use our web application. We use cookies and similar tracking technologies (e.g. web beacons, local storage) on our website and Platform.
5.2 Types of cookies we use
- Strictly necessary cookies: essential to the operation of the Platform and cannot be disabled. These include session cookies for authentication and security. Legal basis: performance of a contract (Article 6(1)(b) GDPR).
- Functional cookies: store preferences and settings (e.g. language, display preferences). Legal basis: legitimate interests (Article 6(1)(f) GDPR).
- Analytics cookies: collect anonymised data about how users interact with the Platform for development purposes (e.g. pages visited, session length, error rates). Legal basis: legitimate interests or consent, depending on the tool used.
- Marketing cookies: used for cross-site visitor tracking and to display relevant ads or measure campaign effectiveness. Placed only with prior consent. Legal basis: consent (Article 6(1)(a) GDPR).
5.3 Managing cookie preferences
A cookie consent banner is displayed when you first visit our website, allowing you to accept or reject non-essential cookies. You may change your settings at any time via the cookie settings link in the footer.
You can also manage cookies through your browser settings. Disabling certain cookies may affect Platform functionality.
5.4 Cookie retention
Session cookies expire when you close your browser. Retention periods for persistent cookies are listed in the cookie settings interface. We review and update our cookie list annually.
6. Disclosures of Personal Data
We do not sell your personal data. We may disclose personal data in the following circumstances:
- Sub-processors and service providers: third parties involved in operating the Platform (e.g. cloud providers, e-mail delivery services, payment processors, analytics tools). We require all sub-processors to process data only on our instructions and to apply appropriate security measures.
- Professional advisors: lawyers, accountants, and auditors, subject to confidentiality obligations.
- Public authorities: where required by law, court order, or regulatory requirement.
- Business transfer: in the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, with data protection commitments remaining in place.
A current list of our sub-processors is available on request at legal@emp42.ai.
7. International Data Transfers
Where we transfer personal data outside the European Economic Area, we ensure that such transfers are subject to appropriate safeguards under Chapter V of the GDPR. These safeguards may include:
- standard contractual clauses approved by the European Commission (SCCs);
- transfers to countries covered by a European Commission adequacy decision – including transfers to US organisations certified under the EU–US Data Privacy Framework.
For more detailed information on the safeguards applied to a particular transfer, please contact us at legal@emp42.ai.
8. Your Rights Under the GDPR
Subject to applicable law, you have the following rights in respect of your personal data:
- Right of access (Article 15 GDPR): receive a copy of the personal data we hold about you.
- Right to rectification (Article 16 GDPR): request correction of inaccurate or incomplete data.
- Right to erasure (Article 17 GDPR): request deletion of your personal data where no legal basis for processing exists.
- Right to restriction of processing (Article 18 GDPR): request restriction in specified circumstances.
- Right to data portability (Article 20 GDPR): receive your data in a structured, commonly used, machine-readable format.
- Right to object (Article 21 GDPR): object to processing based on legitimate interests, including for direct marketing purposes.
- Right to withdraw consent (Article 7(3) GDPR): where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal. You can unsubscribe from marketing e-mails via the unsubscribe link in the message or by writing to legal@emp42.ai.
To exercise your rights, please contact us at legal@emp42.ai. We will respond within 30 (thirty) days. We may need to verify your identity before processing your request.
If you are dissatisfied with our response, you may lodge a complaint with NAIH (Nemzeti Adatvédelmi és Információszabadság Hatóság – the Hungarian National Authority for Data Protection and Freedom of Information, www.naih.hu) or with the supervisory authority in your Member State.
9. EMP42 as Data Processor
When clients upload or process personal data through the Platform relating to their employees, customers, or third parties, EMP42 acts as data processor on behalf of the client (data controller). In this capacity:
- we process personal data only on the client’s documented instructions;
- we do not use it for any purpose beyond providing the Platform services;
- our processor obligations are set out in Section 5 of the Terms of Service.
10. Retention Periods
We retain personal data only for as long as necessary to achieve the purpose of collection or as required by law. Our general retention principles are:
- Account data: for the duration of the subscription and for 3 (three) years thereafter, unless earlier deletion is requested.
- Marketing consent records: for the duration of the marketing relationship, and for 3 (three) years thereafter as evidence of consent.
- Acceptance logs (Terms of Service and cookie consent): for 5 (five) years from acceptance.
- Billing and financial data: 8 (eight) years, as required by applicable accounting law.
- Server logs and technical data: up to 12 (twelve) months.
After the retention period expires, personal data is securely deleted or anonymised.
11. Data Security
We apply and maintain appropriate technical and organisational security measures to protect personal data against accidental loss, destruction, alteration, unauthorised disclosure, or access. These measures include encryption of data in transit and at rest, access control, regular security assessments, and incident response procedures.
In the event of a personal data breach affecting your data, we will notify you and the competent supervisory authority in accordance with our obligations under Articles 33 and 34 GDPR.
12. Age Limit
The Platform is intended solely for business organisations and their authorised representatives. We do not knowingly collect personal data from persons under 18. If you believe we have inadvertently collected such data, please notify us at legal@emp42.ai and we will delete it without delay.
13. Amendments to this Notice
We may update this Privacy Notice from time to time to reflect changes in our data processing practices, the Platform, or applicable law. We will notify you of material changes by a notice on our website or by e-mail at least 14 (fourteen) days before the change takes effect. The date of the latest version is shown at the top of the document.
Continued use of the Platform after the amended Notice takes effect constitutes acceptance of the revised Notice.
14. Contact
For questions, requests, or complaints regarding this Notice and our data processing practices, please contact us:
EMP42 Consulting Kft.
E-mail: legal@emp42.ai
Website: audit41.ai
© 2025 EMP42 Consulting Kft. All rights reserved.