top of page

AIFLOWS

PRIVACY POLICY

Last updated: 2026.01.01.

This Privacy Policy explains how GoldenTrait Media Kft. (“we”, “us”, “our”) collects and uses personal data when you visit our website, interact with us, or book a consultation.

We process personal data in accordance with the EU General Data Protection Regulation (“GDPR”) and applicable Hungarian data protection law.

1. Data Controller

The data controller responsible for your personal data is:

GoldenTrait Media Kft.
2481 Velence, X. utca 13., Hungary
Email: info@goldentrait.com

If you have any questions about this Privacy Policy or how we handle your data, you can contact us at the email address above.

2. What Personal Data We Collect

We only collect personal data that is necessary for clearly defined purposes.

2.1. Website visitors


When you visit our website, we may process:

  • Technical data: IP address, browser type and version, device information, operating system, referral URL, pages visited, time and date of visit.

  • Usage data: interactions with pages, clicks, scrolls, time spent on pages.
     

This data may be collected via server logs and cookies/analytics tools.

2.2. Contact and enquiry data


If you contact us (e.g. via contact form or email), we process:

  • Identification data: name, company name (if provided), role (if provided).

  • Contact details: email address, phone number (if provided).

  • Message content: the information you include in your message and any attachments.
     

2.3. Consultation and booking data


If you schedule a call (for example via Calendly or a similar scheduling tool), we may process:

  • Identification and contact data: name, email address, company, role.

  • Booking information: selected time slot, time zone, topic of the call, notes you provide.

  • Technical booking metadata: confirmation status, rescheduling/cancellation details.
     

This data is processed both by us and by our scheduling service provider as our processor.
 

2.4. Newsletter / marketing communications (if applicable)

If you subscribe to a newsletter or opt in to receive updates from us, we process:

  • Identification and contact data: name (if provided), email address.

  • Subscription preferences and interaction data (e.g. opens, clicks), where supported by our email tool.
     

2.5. Client and prospect data (B2B)

If you are a client, prospect, or representative of a business we speak with, we may process:

  • Identification and contact data: name, position, company, email, phone.

  • Business information: company details, processes you describe, relevant notes about projects and opportunities.

  • Contractual data: proposals, offers, contracts and related correspondence.
     

We do not intentionally process special category data (e.g. health data, political opinions, religious beliefs) and we ask you not to send such information to us.
 

3. Purposes and Legal Bases

We process personal data only when we have a lawful basis under GDPR.
 

3.1. Operating and securing the website

Purpose: Provide access to the website, ensure stability and security, prevent misuse.
Data: Technical and usage data (see 2.1).
Legal basis: Our legitimate interests in operating a secure and functional website (Art. 6(1)(f) GDPR).
 

3.2. Responding to enquiries

Purpose: Respond to your questions, provide information, follow up on contact requests.
Data: Contact and enquiry data (see 2.2).
Legal basis:

  • Legitimate interests in communicating with interested parties and potential clients (Art. 6(1)(f) GDPR); and/or

  • Pre-contractual steps at your request where the enquiry relates to our services (Art. 6(1)(b) GDPR).
     

3.3. Scheduling and holding consultations

Purpose: Allow you to book a call, send confirmations and reminders, conduct the consultation, and follow up.
Data: Consultation and booking data (see 2.3), relevant contact and client data.

Legal basis:

  • Pre-contractual steps / performance of a contract (Art. 6(1)(b) GDPR); and

  • Legitimate interests in efficient scheduling and service delivery (Art. 6(1)(f) GDPR).
     

3.4. Providing and improving our services
Purpose: Plan, deliver and improve automation and AI-related services; manage client relationships.
Data: Client and prospect data (see 2.5), project-related data.
Legal basis:

  • Performance of a contract with your company (Art. 6(1)(b) GDPR);

  • Legitimate interests in managing and improving our business (Art. 6(1)(f) GDPR).
     

3.5. Direct marketing (B2B)

Purpose: Send relevant information about our services to business contacts and subscribers.
Data: Contact and client/prospect data.
Legal basis:

  • Legitimate interests in promoting our services to business contacts (Art. 6(1)(f) GDPR), within applicable marketing rules; and/or

  • Consent (Art. 6(1)(a) GDPR) where required (e.g. for email newsletters you subscribe to).
     

You may opt out of marketing communications at any time by using the unsubscribe link or contacting us.
 

3.6. Legal obligations and claims

Purpose: Comply with legal obligations (e.g. tax, accounting) and establish, exercise or defend legal claims.
Data: All categories as relevant (contracts, invoicing, correspondence).
Legal basis:

  • Legal obligations (Art. 6(1)(c) GDPR);

  • Legitimate interests in defending our rights and handling disputes (Art. 6(1)(f) GDPR).

    4. Cookies and Analytics

Our website may use cookies and similar technologies to:
 

  • Enable basic site functionality;

  • Remember certain preferences;

  • Analyse site traffic and usage patterns (e.g. via analytics tools).
     

Where required by law, we will ask for your consent before placing non-essential cookies and you can manage your preferences via the cookie banner or your browser settings.

If applicable, provide further details in a separate Cookie Policy.
 

5. Who We Share Personal Data With

We do not sell your personal data. We may share it with:
 

  • Service providers / processors, for example:

    • Website hosting and infrastructure providers;

    • Analytics providers;

    • Scheduling providers (e.g. Calendly);

    • Email and CRM tools;

    • Professional advisers (e.g. accountants, legal advisers).
       

These service providers process data on our behalf under data processing agreements, following our instructions and with appropriate security measures in place.

  • Public authorities and regulators, where required by law or to protect our rights.
     

If we are involved in a business transaction (e.g. merger, asset sale), personal data may be transferred as part of that transaction, subject to confidentiality.
 

6. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA) or may store/process data outside the EEA.
 

In such cases, we ensure that appropriate safeguards are in place in accordance with GDPR, such as:

  • Adequacy decisions by the European Commission; or

  • Standard Contractual Clauses approved by the European Commission, supplemented where necessary by additional technical and organisational measures.
     

You can contact us for more information on the specific safeguards used.
 

7. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law.
 

Indicative retention periods:

  • Website logs / technical data: usually a few weeks to a few months, unless needed longer for security or investigations.

  • Enquiries: typically up to 2 years after the last interaction, unless needed longer for legal purposes.

  • Consultation and client-related data: for the duration of the relationship and, thereafter, typically 5–8 years to comply with tax/accounting obligations and to handle potential claims.

  • Marketing data: until you unsubscribe or object, or until we determine the data is no longer accurate or relevant.
     

We may keep data longer if required by law or to establish, exercise or defend legal claims.
 

8. How We Protect Your Data

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

These measures include, for example:
 

  • Access controls and authentication;

  • Encryption in transit where appropriate;

  • Use of reputable hosting and service providers;

  • Limiting access to personal data to those who need it for their work;

  • Regular reviews of our security measures.
     

However, no system can be completely secure, and we cannot guarantee absolute security of information transmitted or stored electronically.
 

9. Your Rights Under GDPR

As an individual in the EU/EEA, you have the the following rights regarding your personal data, subject to conditions and exceptions in the GDPR:
 

  • Right to information: to receive clear information about how we process your data (this Policy and related notices).

  • Right of access (Art. 15 GDPR): to obtain confirmation whether we process your data and access to that data.

  • Right to rectification (Art. 16 GDPR): to have inaccurate or incomplete data corrected.

  • Right to erasure (Art. 17 GDPR): to request deletion of your data, in certain circumstances.

  • Right to restriction of processing (Art. 18 GDPR).

  • Right to data portability (Art. 20 GDPR): to receive certain data in a structured, commonly used, machine-readable format and transmit it to another controller.

  • Right to object (Art. 21 GDPR):

    • to processing based on legitimate interests, on grounds relating to your particular situation;

    • to direct marketing at any time.

  • Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects (Art. 22 GDPR).
     

Where processing is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
 

How to exercise your rights
You can exercise your rights by contacting us at:

Email: info@goldentrait.com

We may need to verify your identity before fulfilling your request. We aim to respond within one month, as required by GDPR, and may extend this period in complex cases, informing you accordingly.
 

Right to lodge a complaint
You also have the right to lodge a complaint with your local data protection authority. In Hungary, this is:

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Postal address: 1363 Budapest, Pf. 9., Hungary
Office address: 1055 Budapest, Falk Miksa utca 9–11.
Phone: +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Website: https://www.naih.hu
 

10. Children’s Privacy

Our website and services are intended for business users and are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it as appropriate.
 

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example if our processing activities or legal obligations change. The updated version will be published on our website with a new “Last updated” date.
 

We encourage you to review this Policy periodically to stay informed about how we process personal data.
 

12. Contact

If you have any questions, concerns or requests regarding this Privacy Policy or our handling of personal data, you can contact us at:
 

GoldenTrait Media Kft.
2481 Velence, X. utca 13., Hungary
Email: info@goldentrait.com

bottom of page