Privacy Policy

Last updated: March 2026

1. Who we are

EMP42 Consulting Kft (“EMP42”, “we”, “us”, “our”) operates the Audit41 Readiness website at audit41.ai. We are registered in Hungary (registered address: Rottenbiller utca 35, 1077 Budapest, Hungary).

This Privacy Policy covers the Audit41 Readiness marketing website (audit41.ai). A separate privacy policy governs the Audit41 Readiness application (when applicable).

For privacy enquiries: legal@emp42.ai

2. What data we collect

2.1 — NIS2 Self-Checker submissions

When you complete the NIS2 Self-Checker, we collect: first name, email address, company name (optional), country, sector, organisation size, and your answers to the self-assessment questions.

Purpose: to deliver your self-assessment results and, with your consent, send you NIS2 compliance guidance.

Legal basis: performance of a service you have requested (Article 6(1)(b) GDPR) for transactional communications; consent (Article 6(1)(a) GDPR) for marketing communications.

2.2 — Contact and enquiry forms

Name, email address, and message content. Purpose: to respond to your enquiry. Legal basis: legitimate interests (Article 6(1)(f) GDPR).

2.3 — ISO 27001 and NIST framework lead forms

Name, email address, and company size. Same purpose and legal basis as 2.1.

2.4 — Demo requests (for auditors)

Name, email address, and firm details. Purpose: to respond to demo requests and schedule product demonstrations. Legal basis: legitimate interests.

2.5 — Analytics data (with consent)

If you accept analytics cookies, Google Analytics 4 collects anonymised usage data including pages visited, time on site, and browser type. We do not enable user-level tracking or cross-site tracking. Legal basis: consent (Article 6(1)(a) GDPR).

2.6 — Marketing data (with consent)

If you accept marketing cookies, the LinkedIn Insight Tag collects data to measure the effectiveness of our LinkedIn advertising campaigns. Legal basis: consent (Article 6(1)(a) GDPR).

3. How we use your data

• Deliver self-assessment results by email
• Send compliance guidance you have opted in to receive
• Respond to your enquiries
• Improve the website based on usage data
• Measure the effectiveness of our marketing campaigns

4. Data sharing

We do not sell your data. We share data only with service providers who help us operate the site:

For transfers to processors outside the EEA, we rely on Standard Contractual Clauses (SCCs) as the legal transfer mechanism under Article 46(2)(c) GDPR.

5. Data retention

• Self-checker and form submissions: retained until you request deletion or unsubscribe. We review and clean our contact lists annually.
• Analytics data: retained according to Google Analytics standard retention settings (14 months by default).
• Marketing data: retained until you withdraw consent or opt out.
• Enquiry data: retained for 2 years from your last contact with us.

6. Your rights under GDPR

You have the right to: access the personal data we hold about you; rectify inaccurate data; erase your data (“right to be forgotten”); restrict processing; object to processing based on legitimate interests; data portability; withdraw consent at any time; and lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) at naih.hu.

To exercise your rights, email: legal@emp42.ai. We will respond within 30 days.

7. Cookies

See our Cookie Policy for full details on cookies we use.

8. Children

This website is not directed at children under 16. We do not knowingly collect data from children.

9. Changes to this policy

We may update this policy. We will post the updated policy on this page with a revised date. Material changes will be notified by email to contacts on our mailing list.

10. Contact

EMP42 Consulting Kft
Rottenbiller utca 35, 1077 Budapest, Hungary
legal@emp42.ai