Privacy Policy

This Privacy Policy (hereinafter: “Privacy Policy” or “Policy”) is provided by András György Bergou, sole proprietor (registered office: 1031 Budapest, Dobogókő utca 8., registration number: 62145811, tax ID: 91945738-1-41, email address: support@easy-cv.ai hereinafter: “Data Controller”) on its website, namely the https://easy-cv.ai website (hereinafter: “Website”), in particular the collection, storage, and use of data.

The Data Controller makes the currently effective version of this Privacy Policy available on its Website and at its registered office.

The Privacy Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: “GDPR” or “Regulation”), taking into account the provisions of Act CXII of 2011 on the Right to Self-Determination in Information and Freedom of Information (hereinafter: “Infotv.”), and its terminology corresponds to the definitions set forth in Article 4 of the GDPR, supplemented in certain respects by the interpretive provisions of Section 3 of the Infotv.

The Data Controller places great emphasis on the secure handling of the personal data of its customers, users, and visitors to the Website. The Data Controller is entitled to prepare an excerpt from the content of this Privacy Notice in connection with specific data processing activities; furthermore, the Data Controller may ensure that data subjects, in connection with the prior notification regarding the processing of personal data, declare by signing this document that they have read and understood the contents of the excerpt.

Please read the information below carefully and use the services available on the website only if you agree with the terms set forth below.

In providing its services, the Data Controller pays particular attention to the protection of personal data, compliance with mandatory legal provisions, and the secure and fair processing of data.

The Data Controller treats the personal data provided to it as confidential in accordance with Section 2 of this Privacy Notice; in its procedures, it observes the principles of lawfulness, fairness, and transparency under the GDPR, and processes personal data for specific purposes while adhering to the principle of data minimization; it also complies with the principle of limited storage, protects the confidentiality and integrity of personal data, and takes into account the principle of accuracy under the GDPR.

The Data Controller acts in accordance with and complies with the relevant provisions of the GDPR, the Infotv., and other applicable legal regulations when managing, recording, processing, and transferring the personal data of data subjects.

The Data Controller ensures the security of the data and implements the technical and organizational measures and establishes the procedural rules necessary to enforce the data protection and confidentiality rules prescribed by the GDPR, the Infotv., and other applicable laws. The Data Controller protects personal data from unauthorized access; alteration; transmission; disclosure; or accidental deletion, destruction; damage; and inaccessibility resulting from changes in the technology used.

The Data Controller places particular emphasis on protecting data files managed electronically in various records to ensure that data stored in these records—unless permitted by law—cannot be directly linked to or attributed to the data subject.

Visitors to the Website have the option to register in order to use the Data Controller’s basic and premium services. If a Website visitor wishes to register, they may do so by completing the registration form. To finalize registration, you must give your consent to data processing by checking the checkbox and accept the Data Controller’s Privacy Policy; without this, registration will not be finalized.

Further details regarding registration are provided in the Data Controller’s Terms and Conditions, which are available at the following link: https://easy-cv.ai/tos

The Data Controller informs data subjects that, in connection with registration, it uses the services of MongoDB Inc. (headquarters: Paramount Plaza, 1633 Broadway, 38th Floor, New York, NY 10019 United States), which is a member of the EU-US Data Privacy Framework; thus, its activities comply with the provisions of the GDPR, ensuring that users’ data is adequately protected during data processing.

3.2. Data processing related to the creation and maintenance of user accounts available on the Website

If the data subject registers to use the services available on the Data Controller’s Website, a user account will be created following registration, and the data subject may access it after logging in. Further details regarding the modification and deletion of user accounts are provided in the Data Controller’s Terms and Conditions, which are available at the following link: https://easy-cv.ai/tos

The Data Controller informs data subjects that, in connection with the user account, it uses the services of MongoDB Inc. (headquarters: Paramount Plaza, 1633 Broadway, 38th Floor, New York, NY 10019 United States), which is a member of the EU-US Data Privacy Framework; thus, its activities comply with the provisions of the GDPR, meaning that users’ data is adequately protected during data processing.

In connection with this data processing, the Data Controller informs data subjects that it uses the services of MongoDB Inc. (headquarters: Paramount Plaza, 1633 Broadway, 38th Floor, New York, NY 10019, United States) and Cloudinary Ltd. (headquarters: 3400 Central Expressway, Suite 110, Santa Clara, California, 95051, United States), which are members of the EU-US Data Privacy Framework; thus, their activities comply with the provisions of the GDPR, ensuring that users’ data is adequately protected during data processing.

If a registered user subscribes to the Data Controller’s premium service, a contract is established between them; to complete the subscription, the subscriber must provide certain data to the Data Controller. Billing information is required for the issuance of the invoice.

It is important to note that in the case of credit card payments, the subscriber will be redirected to the Stripe website, and the subscriber can fulfill their payment obligation through this site. The Data Controller does not process any data related to the credit card.

In connection with this data processing, the Data Controller hereby informs data subjects that MongoDB Inc. (headquartered at Paramount Plaza, 1633 Broadway, 38th Floor, New York, NY 10019, United States) and Cloudinary Ltd. (headquartered at 3400 Central Expressway, Suite 110, Santa Clara, California, 95051, United States), as well as Google LLC. (registered office: 1600 Amphitheatre Parkway, Mountain View, California, 94043, USA), which are members of the EU-US Data Privacy Framework, and also uses the services of OpenAI OpCo LLC. (headquartered at 3180 18th Street, San Francisco, California 94110, United States), which complies with the provisions of the Standard Contractual Clauses (SCC) adopted by the European Commission; thus, their activities comply with the provisions of the GDPR, meaning that users’ data is adequately protected during data processing.

Who has access to the data? The Data Controller’s authorized employees and the employees of any data processors. The current list of the Data Controller’s data processors is included in Section 4 of this Privacy Notice.

The Data Controller provides the opportunity for registered users/subscribers of the Website and interested visitors to the Website to contact the Data Controller via email.

The Data Controller provides an opportunity for newsletter subscribers to receive regular email updates regarding the Data Controller’s activities, the services it provides, the content published by the Data Controller, as well as news and changes.

The Data Controller informs data subjects that, in connection with the sending of newsletters, it uses the services of Resend (headquartered at 2261 Market Street, San Francisco, CA 94114, United States), which is a member of the EU-US Data Privacy Framework; thus, its activities comply with the provisions of the GDPR, ensuring that users’ data is adequately protected during data processing.

The Data Controller uses so-called “cookies” in the operation of the Website. Cookies are IT data files that facilitate the use of the website (hereinafter: “cookie”), which the Data Controller sends to the data subject’s browser and which are stored on the data subject’s device and returned by the browser to the server with every request directed to it. They do not contain executable files, viruses, or spyware, nor do they access data on the user’s hard drive. Some cookies are essential for the proper functioning of the site, others collect statistics to make the site more user-friendly, while there are cookies intended for the placement of targeted advertisements.

Browsers allow you to change your cookie settings. Most browsers automatically accept cookies by default, but this can be changed. You can find information on how to change your browser settings in the instructions or help section of your browser.

The Data Controller uses only strictly necessary cookies on its Website. These cookies are essential for ensuring the basic functions of the Website and are not suitable for identifying the data subject for marketing or statistical purposes. Without these cookies, the Website and its services cannot function properly. The Data Controller stores the following cookies:

The Data Controller maintains a record of its contractual partners. Regarding the maintenance of this record, it is important to note that, as a general rule, the Data Controller may process personal data contained in contracts concluded in the course of its activities only until the performance of the contract, based on the legal basis set forth in Article 6(1)(b) of the GDPR.

Among the Data Controller’s contractual partners are legal entities whose data, as a general rule, do not qualify as personal data, and the Data Controller stores such data for the purpose of fulfilling the contract. However, the data of certain contact persons specified in the contract, as well as, where applicable, the data of contact persons at various authorities who do not have a contractual relationship with the Data Controller but are merely employees, staff members, or subcontractors of the Data Controller’s contractual partners, are subject to a different assessment. The Data Controller stores and records the contact information and data of these individuals to facilitate the Data Controller’s activities, based on the Data Controller’s legitimate interest and in accordance with the conducted data processing impact assessment.

Who has access to personal data? Personal data may be accessed by the Data Controller’s authorized employees and data processors. The current list of the Data Controller’s data processors is included in Section 4 of this Privacy Notice.

The issuance of accounting documents is an inherent part of the Data Controller’s business activities. Given that the Data Controller may enter into contracts with private individuals and sole proprietors in addition to legal entities and organizations without legal personality, and that certain data of sole proprietors may constitute personal data, it is necessary for the Data Controller to have personal data processed in connection with the handling of accounting documents.

Scope of Data Subjects: Persons using the Data Controller’s services.

The Data Controller’s customers who qualify as consumers are entitled to the right to file a complaint as defined in Act CLV of 1997 on Consumer Protection (hereinafter: “Fgytv.”). Pursuant to the Fgytv., the consumer (data subject) is entitled to submit a complaint to the Data Controller at the email addresssupport@easy-cv.ai .

The Data Controller handles complaints received in accordance with the provisions of the Consumer Protection Act and informs the consumer of the outcome of the investigation within the specified timeframe.

3.12. Data processing related to maintaining records regarding the exercise of data subjects’ rights under the GDPR

Data processors do not make independent decisions; they are authorized to act solely in accordance with the contract concluded with the Data Controller and the instructions received. Data processors record, manage, and process the personal data transferred to them by the Data Controller and managed or processed by them in accordance with the provisions of the GDPR.

Data processors perform data processing operations on the personal data provided by data subjects within the retention period specified in this Privacy Notice and applicable to the respective data processing purposes. The Data Controller engages the following data processors in connection with the data processing activities described in this Privacy Notice:

The data subject may request information regarding the processing of their personal data; and may request the rectification of their personal data; restriction of data processing; erasure of their data by submitting a written request to the email addresssupport@easy-cv.ai or by sending a letter to the Data Controller’s registered office; and they are entitled to exercise their right to data portability and their right to seek legal remedy.

In the event of a complaint, the data subject may turn to the National Authority for Data Protection and Freedom of Information in Hungary or, at their discretion, to a court. In court proceedings, the regional court has jurisdiction.

The Data Controller shall inform all recipients to whom the personal data has been disclosed of any rectification, erasure, or restriction of processing, unless this proves impossible or involves a disproportionate effort. At the data subject’s request, the Data Controller shall provide information regarding these recipients.

In accordance with the obligation set forth in Article 13 of the GDPR, the Data Controller is required—provided that the personal data originates from the data subject at the time of collection—to provide data subjects with the following information regarding data processing:

If the personal data were not obtained from the data subject, the Data Controller shall provide the data subject with the above information, as well as the following information pursuant to Article 14 of the GDPR:

If the personal data were not obtained from the data subject, the Data Controller shall provide the information:

The above-mentioned obligation to provide information need not be fulfilled if:



The data subject’s right of access—in accordance with Article 15 of the GDPR—extends to the provision of the following information:

The Data Controller shall always strive to ensure that the information provided to the data subject complies with the rules set forth in the GDPR and, to the extent possible, is concise, transparent, understandable, easily accessible, clear, and plain.

The Data Controller is responsible for providing information and taking appropriate measures.

The Data Controller shall provide all information to the data subject in writing, including by electronic means.

In accordance with the data security rules set forth in Articles 15 and 32 of the GDPR, the Data Controller shall provide information to the data subject only and exclusively if the Data Controller has verified the data subject’s identity.

If the identity of the data subject cannot be verified, the Data Controller will reject the request to exercise rights and will also inform the data subject of the procedures for exercising their rights.

The Data Controller shall inform the data subject within one month of receiving the request, provided that the request is made in accordance with the properly communicated statement regarding their rights. Taking into account the complexity of the request and the number of requests, this one-month deadline may be extended by an additional two months by the Data Controller, provided that the Data Controller sends a reasoned notification to the data subject within one month of the submission/receipt of the request.

A request is considered properly submitted or received if the data subject sends the written request to the Data Controller’s official address or to the email address provided for this purpose, and it is received there.

The Data Controller will not consider any request that is not communicated in accordance with the above.

Information and communication regarding the processing of personal data must be easily accessible and understandable, and must be formulated in clear and simple language. This principle applies in particular to informing data subjects about the identity of the data controller and the purpose of data processing, as well as to providing further information aimed at ensuring the fair and transparent processing of the data subject’s personal data, as well as to the information that data subjects have the right to obtain confirmation and information regarding the data processed about them.

The Data Controller shall provide the information and take the measures set forth in this section free of charge; the Data Controller shall only charge a fee in the cases specified in Article 12(5) of the GDPR.

The data subject has the right to have inaccurate personal data concerning him or her rectified by the Data Controller without undue delay upon request. Taking into account the purposes of the processing, the data subject has the right to request that incomplete personal data be completed, including by means of providing a supplementary statement.

The data subject has the right to request that the Data Controller erase personal data concerning him or her without undue delay, and the Data Controller is obligated to erase personal data concerning the data subject without undue delay if any of the following grounds apply:

OR

The data subject’s right to erasure may be restricted only where the following exceptions set forth in the GDPR apply; that is, where the above grounds exist, the continued retention of personal data may be considered lawful,

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, provided that:

AND

The right set forth in this section does not apply to the data subject if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or if this right would adversely affect the rights and freedoms of others.

If the Data Controller is required to disclose personal data to a person other than the data subject based on the data subject’s right to data portability, the Data Controller shall inform and instruct such third-party recipient, within the framework of this Privacy Notice, that the personal data transferred by the Data Controller regarding the data subject may not be used for the recipient’s own purposes, and that such personal data may be processed exclusively in accordance with the provisions of applicable data protection laws and for the specified purpose. The Data Controller assumes no liability for the use by a third party of personal data properly transferred to such third party at the request of the data subject.

If the legal basis for the Data Controller’s processing of the data subject’s personal data is the data subject’s consent, the data subject may withdraw their consent to such processing at any time. In this regard, the Data Controller informs data subjects that even after the data subject withdraws their consent, the Data Controller may continue to process the data subject’s personal data to fulfill a legal obligation or to pursue its legitimate interests, provided that the pursuit of such interests is proportionate to the restriction of the right to the protection of personal data.

The Data Controller shall compensate for damages caused to others by the unlawful processing of the data subject’s data or by a breach of data security requirements, as well as for compensation for non-pecuniary damages resulting from a violation of privacy rights caused by the Data Controller or a data processor engaged by the Data Controller. The Data Controller shall be exempt from liability for the damage caused and from the obligation to pay compensation if it proves that it bears no responsibility whatsoever for the event that caused the damage.

The data subject is entitled to contact the Data Controller directly at the following email address:support@easy-cv.ai or via other contact details listed on the Website to address the infringement suffered or to file any other complaint.

If the data subject considers the Data Controller’s data processing to be objectionable, they may file a complaint with the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa u. 9-11., postal address: 1363 Budapest, P.O. Box 9, phone number: +36 (1) 391-1400, email:ugyfelszolgalat@naih.hu , website: www.naih.hu).

The data subject has the option of turning to the courts to protect their data, and the court will hear the case on an expedited basis. In this case, the data subject is free to decide whether to file their complaint with the http://birosag.hu/torvenyszekek (Regional Court) corresponding to their place of residence (permanent address) or their place of stay (temporary address). You can find the court with jurisdiction over your place of residence or temporary residence at http://birosag.hu/ugyfelkapcsolati-portal/birosag-kereso.

This Privacy Notice is effective from April 15, 2026 until further notice.

The Data Controller reserves the right to amend this Privacy Notice. If the amendment affects the use of the personal data provided by the data subject, the Data Controller will notify the data subject of the changes in an appropriate manner, such as via an informational email. If the details of data processing also change as a result of the amendment to the Privacy Notice, the Data Controller will specifically request the data subject’s consent.

The Service Provider hereby states that its services, General Terms and Conditions, and the provisions of this Privacy Policy are governed by Hungarian law, with the proviso that in matters not specified in this Privacy Policy, the GDPR shall apply, and in cases permitted by the GDPR, the rules of the Information Act shall apply in a supplementary capacity. The Service Provider hereby informs you that this Privacy Policy is available in Hungarian and English; in the event of a dispute (including legal disputes), the Hungarian-language text shall prevail.