Data Processing Information

Last Updated: January 28, 2026

Kontozz.hu

Data Processing Information

Table of Contents

1. Purpose of the information

2. Description of the service

3. Terms used in this information sheet

4. Data processing principles

5. Data processing activities
   5.1. Registration and creation of user accounts
   5.2. Use of the billing program
   5.3. Contact and customer service (e-mail, chat)
   5.4. Contact details management
   5.5. Newsletter service
   5.6. User feedback and market research
   5.7. Data provision to the National Tax and Customs Administration (NAV)
   5.8. Official inquiries

6. Data processors and external service providers used
   Hosting provider: DigitalOcean
   Web analytics: Google Analytics (GA4)
   Authentication: Google Login / OAuth 2.0
   Email provider: Mailgun

7. Cookie management
   v1.0 - 2025.11.06.
   List of cookies used on the website
   Cookie management and deletion
   Legal basis for cookies

8. Data security

9. Data Protection Officer

10. Rights of data subjects

11. Remedies

1. Purpose of the information notice
   The purpose of this data processing information notice is to set out in a transparent manner the data processing practices and data protection rules of the kontozz.hu online invoicing system operated by Syneo International Kft. (hereinafter: "Data Controller"). The information provides guidance to data subjects – in particular users, customers, and partners of the system – on the following:

   • what types of personal data we collect and process,

   • the purpose and legal basis of data processing,

   • how long we retain data,

   • who may be the recipients of the data,

   • as well as what rights data subjects have under the GDPR and domestic legislation.

   As a data controller, our primary obligation is to treat the personal data we receive as confidential and to do everything in our power to ensure its security. This information notice has been prepared in accordance with the following legislation:

   • Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR),

   • Act CXII of 2011 on the right to informational self-determination and freedom of information (Info Act),

   • Act V of 2013 on the Civil Code (Ptk.),

   • Act CL of 2017 on the Rules of Taxation (Art.),

   • as well as the related Hungarian and EU legislation.

   
   

2. Service description
   Kontozz.hu is a cloud-based invoicing program accessible via the internet, which aims to provide Hungarian businesses – sole traders, companies, civil organizations, and private individuals with tax numbers – with a simple and legally compliant solution for issuing and managing their invoices.

   
   

   To use the service, users must register in the system, during which they create their own account. Through this, they can access billing functions, initiate customer service contact, and use additional services.
   When using the system, the processing of personal data is unavoidable, in particular:

   • user data provided during registration and account use,

   • data related to invoices issued,

   • data communicated during customer service communications,

   • data provided for newsletters or market research.

   
   

   Although the service is primarily intended for the management of company data, in certain cases this data may relate to natural persons (e.g., sole traders, contact persons), and is therefore considered personal data.

   
   

3. Terms used in this notice
   The following key terms apply to data processing and this notice:

   
   

   Data subject: a natural person whose personal data is affected by data processing.

   
   

   Personal data: any information that can be used to identify the data subject directly or indirectly (in particular name, email address, telephone number, tax number, bank account number).

   Data controller: the legal entity that determines the purpose and means of data processing, in this case Syneo International Kft., 9700 Szombathely, Kürtös utca 5., company registration number: 18 09 115488, tax number: 32173394-2-18, Marcell Szakács.

   Data processor: a natural or legal person who performs technical or administrative tasks on behalf of the data controller (e.g., hosting provider, mailing system).

   Data processing: any operation performed on personal data (collection, recording, storage, transmission, deletion, etc.).

   Consent: a voluntary and unambiguous expression of the will of the data subject, based on adequate information.

   Data breach: unauthorized access, loss, alteration, or disclosure of personal data.

   
   

   These terms shall be interpreted in accordance with the definitions set out in Article 4 of the GDPR.

   
   

4. Data processing principles
   The Data Controller processes all personal data in accordance with the GDPR and the principles of the Info Act. Within this framework:

   • Legality, fairness, and transparency – our data processing always complies with the law, and we provide clear and understandable information to those affected.

   • Purpose limitation – we collect data only for specified, explicit, and legitimate purposes, and do not process it in a manner that is incompatible with those purposes.

   • Data minimization – we only process data that is strictly necessary to achieve the intended purpose.

   • Accuracy – we ensure that personal data is accurate and up to date; we correct or delete incorrect data.

   • Limited storage – we only retain data for as long as the purpose of data processing requires.

   • Integrity and confidentiality – we protect personal data against unauthorized access, modification, or loss through technical and organizational measures.

   • Accountability – the Data Controller is responsible for the lawfulness of data processing and is able to demonstrate it.

     
     

5. Data processing activities
   Below, we describe in detail what personal data we process when you use the kontozz.hu online invoicing service, for what purpose, on what legal basis, and for how long.

   
   

   5.1. Registration and creation of a user account
   Scope of data processed:

   • name, email address, password, date of birth

   • Billing information: company name, tax number, EU tax number, registered office/address (country, postal code, city, street, house number, building, floor, door),

   • bank account number, registration number,

   • contact telephone number.

   
   

   Purpose of data processing:
   Creating and maintaining a user account in order to enable the user to access the services of kontozz.hu. Based on the data provided during registration, we can ensure the operation of the system, access to billing functions, and communication.
   Legal basis:
   Voluntary consent of the data subject (GDPR Article 6(1)(a)).

   
   

   Retention period:

   • In the case of unconfirmed registration, 6 months.

   • For verified accounts, 10 years from the last login or until a request for deletion is made.

   
   

   5.2. Use of the billing program
   Scope of data processed:

   • name, email address, address details, tax number, EU tax number, bank account number, registration number,

   • contact telephone number,

   • customer and partner data (name, address, tax number, contact details) appearing on issued invoices.

   
   

   Purpose of data processing:
   Provision of billing services, issuance, storage, and transmission of invoices necessary for the performance of transactions between the user and its partners.
   Legal basis:
   Performance of a contract (GDPR Article 6(1)(b)) and compliance with a legal obligation (Art., accounting rules).
   Retention period:

   • Until the termination of the contract and for the period specified in accounting and tax regulations.

   • At least 8 years for invoices (based on Art.).

   
   

   5.3. Contact and customer service (email, chat)
   Scope of data processed:

   • name, email address,

   • additional data voluntarily provided by the data subject (e.g., information provided in customer service inquiries, chat log content).

   
   

   Purpose of data processing:
   Maintaining contact with users, providing customer service assistance, handling complaints.

   
   

   Legal basis:

   • Consent of the data subject (Article 6(1)(a) of the GDPR),

   • or legitimate interest (GDPR Article 6(1)(f)) in order to ensure customer service communication.

   
   

   Retention period:
   Until the data subject requests deletion, but for a maximum of 5 years (general civil law limitation period).

   
   

   5.4. Contact details management
   Scope of data processed:

   • name, email address, phone number.

   
   

   Purpose of data processing:
   If the user provides the details of their accountant or other contact person rather than their own details, this data will be used to ensure contact can be maintained.
   
   

   Legal basis:
   Consent of the data subject (GDPR Article 6(1)(a)) and legitimate interests of the parties (GDPR Article 6
   (1)(f)).

   
   

   Retention period:
   Until the data subject requests deletion, but for a maximum of 5 years.

   
   

   5.5. Newsletter service
   Scope of data processed:

   • name, email address, IP address.

   
   

   Purpose of data processing:
   To inform users about new features, developments, promotions, and related legal changes on kontozz.hu.
   Legal basis:
   Consent of the data subject (GDPR Article 6(1)(a)).

   
   

   Retention period:
   Until the data subject unsubscribes or requests deletion.

   
   

   Note:
   We use an external service provider (e.g., newsletter software) to send newsletters, which acts as a data processor. The exact details of the service provider will be published later in the information sheet.

   
   

   5.6. User feedback and market research
   Scope of data processed:

   • name, email address,

   • other information provided by the data subject during the feedback process.

   
   

   Purpose of data processing:
   In order to improve the quality of our services, we occasionally provide users with questionnaire surveys or online feedback options.
   Legal basis:
   Consent of the data subject (GDPR Article 6(1)(a)).

   
   

   Retention period:
   Until the data subject requests deletion, but for a maximum of 5 years.

   
   

   5.7. Data reporting to the National Tax and Customs Administration (NAV)
   Scope of data processed:
   Data specified by law on issued invoices.

   
   

   Purpose of data processing:
   Compliance with mandatory data reporting requirements under the VAT Act and other relevant legislation.

   
   

   Legal basis:
   Compliance with legal obligations (GDPR Article 6(1)(c), VAT Act).

   
   

   Retention period:
   For the period specified by law, currently at least 8 years.

   
   

   5.8. Official requests
   Scope of data processed:
   Data requested in official requests (e.g., court, investigative authority).

   
   

   Purpose of data processing:
   Compliance with legal obligations.

   
   

   Legal basis:
   Compliance with a legal obligation (GDPR Article 6(1)(c)).

   
   

   
   For the time necessary to fulfill the request.

   
   

   Profiling and automated decision-making
   Within the scope of the kontozz.hu service, we do not use automated decision-making processes or profiling that would have legal effects on the data subject or significantly affect them.
   When sending newsletters, we may send personalized content based on users' interests or service usage habits, but this is solely for the purpose of providing more relevant information and does not constitute automated decision-making within the meaning of the GDPR.

   
   

6. Data processors and external service providers used
   In providing the service, the Data Controller uses data processors to perform certain technical tasks. Data processors process personal data exclusively on the basis of the Data Controller's instructions and in accordance with the law.
   Possible data processors:

   
   

   Hosting provider: DigitalOcean
   Service provider name and address:
   DigitalOcean, LLC

   
   

   101 Avenue of the Americas, 10th Floor, New York, NY 10013, USA
   EU representative: DigitalOcean Germany GmbH, Frankfurt am Main, Germany

   
   

   Purpose of data processing:
   Technical operation of the kontozz.hu website and technical operation of the service, hosting and database services, creation of backup copies.
   Scope of data processed:
   Personal data stored in user accounts, log data, IP addresses, connection metadata.
   Place of data processing:
   Frankfurt (Germany, within the EU).

   
   

   Legal basis for data processing:
   GDPR Article 6(1)(b) – data processing for the performance of a contract.

   
   

   Data transfer to third countries:
   This does not occur if the data is processed exclusively within the EU (Frankfurt).

   
   

   Web analytics: Google Analytics (GA4)
   Service provider name and address:
   Google Ireland Limited
   Gordon House, Barrow Street, Dublin 4, Ireland

   
   

   Purpose of data processing:
   Analysis of website traffic and user behavior, collection of statistical data for the purpose of service development.
   Scope of data processed:
   IP address (in anonymized form), device and browser information, visit and behavior data, referring websites.
   Place of data processing:
   Primarily within the EU, but data may be transferred to the United States.

   
   

   Legal basis for data processing:
   GDPR Article 6(1)(a) – consent of the User (acceptance of the cookie banner).

   
   

   Data transfer to third countries:
   Possible, provided that an adequate level of protection is ensured under the EU–US Data Privacy Framework.

   
   

   Authentication: Google Login (Google Login / OAuth 2.0)
   Service provider name and address:
   Google Ireland Limited
   Gordon House, Barrow Street, Dublin 4, Ireland

   
   

   Purpose of data processing:
   To authenticate users and facilitate login with Google accounts.

   
   

   Scope of data processed:
   Google account ID, name, email address, optional profile picture.

   
   

   Legal basis for data processing:
   GDPR Article 6(1)(b) – data processing necessary for the provision of the service (performance of a contract).
   Data transfer to third countries:
   Possible to the United States within the framework of the EU-US Privacy Shield.

   
   

   Email service provider: Mailgun
   Service provider name and address:
   Mailgun Technologies, Inc.
   112 E Pecan St #1135, San Antonio, TX 78205, USA EU representative: Sinch Email, Ireland
   Purpose of data processing:
   Forwarding system messages, password reset and registration emails, and other notifications to users.
   Scope of data processed:
   Email addresses, message subjects, sending and delivery data, and message content.

   
   

   Legal basis for data processing:
   GDPR Article 6(1)(b) – data processing necessary for the performance of a contract.

   
   

   Data transfer to third countries:
   Data is transferred to the United States under the EU-US Data Privacy Framework, with appropriate safeguards in place.

   
   

   We carefully select all data processors and enter into written agreements with them, setting out their data protection obligations.

   
   

7. Cookie management
   The kontozz.hu website and its associated web application use cookies to improve the user experience, ensure proper functioning, and perform statistical analysis.
   Cookies are small data files that are stored on the user's computer or other device by their browser. Some cookies are essential for the technical operation of the website ("necessary cookies"), while others serve statistical or marketing purposes.
   The use of necessary cookies is essential for the provision of the service, therefore the user's consent is not required for these.
   However, the use of cookies for analytical and marketing purposes requires the user's prior consent, which can be given or withdrawn using the cookie management tool (cookie banner) displayed on the website.

   
   

   List of cookies used on the website:

   
   

   
   

   
   

   Managing and deleting cookies
   Users can disable or delete cookies at any time in their browser settings. Cookie management guides for the most commonly used browsers:

   • Google Chrome

   • Mozilla Firefox

   • Microsoft Edge

   • Safari

   
   

   By deleting already saved cookies, user data can also be removed.
   Please note that if the necessary cookies are disabled, certain functions of kontozz.hu will not work or will only work to a limited extent.

   
   

   Legal basis for cookies
   Necessary cookies: Article 6(1)(b) of the GDPR – data processing necessary for the performance of a contract or in order to provide a service.

   
   

   Analytical and marketing cookies: GDPR Article 6(1)(a) – data processing based on user consent.

   
   

8. Data security
   The Data Controller considers the protection of personal data to be of paramount importance and implements technical and organizational measures to ensure the confidentiality, integrity, and availability of data.
   These include, in particular:

   • encrypted communication channels (HTTPS, TLS),

   • secure, encrypted storage of passwords,

   • regular data backups,

   • restriction and logging of access rights,

   • confidentiality obligations of employees and partners,

   • Continuous monitoring and updating of IT systems.

   
   

   Our goal is to prevent unauthorized access, loss, alteration, or disclosure of personal data.

   
   

9. Data Protection Officer
   Under current legislation, the Data Controller is not currently required to appoint a Data Protection Officer. If this becomes mandatory in the future, or if the Data Controller wishes to appoint such an officer voluntarily, we will update the contact details in this notice.
   Currently, you can contact us regarding data protection matters at the following contact details: Email: adatvedelem@kontozz.hu
   Postal address: Syneo International Kft., 9700 Szombathely, Kürtös utca 5.

   
   

10. Rights of data subjects
    Data subjects may exercise their rights under the GDPR at any time in relation to the processing of their personal data:
    Right of access – The data subject has the right to obtain information about whether we process their personal data and, if so, what data, for what purpose, on what legal basis, from what source, for how long, and to whom we transfer it. Upon request, the data subject may receive a copy of the data.

    
    

    Right to rectification – The data subject may request that we correct or supplement any inaccurate or incomplete data in order to keep it up to date.

    
    

    Right to erasure (“right to be forgotten”) – The data subject has the right to request the erasure of their personal data if its processing is no longer necessary or if they have withdrawn their consent and there is no other legal basis for processing. However, erasure cannot be requested for data that we are required to retain by law (e.g., invoices for 8 years).

    
    

    Right to restriction of processing – In certain cases, the data subject may request that we only store their personal data and not use it in any other way (e.g., in the event of a dispute over the accuracy of the data or during a legal dispute).

    
    

    Right to data portability – The data subject may request to receive the data recorded about them in a structured, widely used, machine-readable format, or to have it transferred to another data controller, if this is technically feasible.

    
    

    Right to object – The data subject may object to the processing of their personal data if it is based on our legitimate interest (e.g., newsletter, market research). In such cases, we will cease processing the data unless there is a compelling legal reason that takes precedence.

    
    

    Withdrawal of consent – If data processing is based on consent, the data subject may withdraw their consent at any time. The withdrawal applies to the future and does not affect the lawfulness of previous data processing.

    
    

    The Data Controller shall comply with requests without undue delay, within 30 days at the latest.

    
    

11. Remedies
    If the data subject feels that their rights have been violated by the Data Controller, the following remedies are available:

    • Submit complaints directly to the Data Controller using the contact details provided.

    • Submitting a complaint to the National Authority for Data Protection and Freedom of Information (NAIH):

    
    

    Headquarters: 1055 Budapest, Falk Miksa utca 9-11. Postal address: 1363 Budapest, Pf. 9.
    Telephone: +36 (1) 391-1400
    E-mail: ugyfelszolgalat@naih.hu Web: www.naih.hu

    
    

    Enforcement through the courts: You may bring a civil action before the court with jurisdiction over your place of residence or domicile.

2025.11.06.

Syneo International Ltd.