Skip to main content

Privacy

Last updated: 12 January 2026

This Privacy Policy explains how personal data is processed in connection with www.stagbeetlesoft.com (the Website), including its contact/quotation workflows and the client portal (account creation and login).

This Privacy Policy does not automatically apply to any webshop operated on a different domain. Any webshop should provide its own privacy information on that domain.

1) Data Controller

Data Controller: Marcell Nemeth (StagBeetle Software)
Location: Budapest, Hungary
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Phone: +36 30 083 4136

2) What the Website does

The Website is used for:

company presentation and marketing,

contact and quotation requests via “Contact Us,”

a client portal area (account creation and login),

customer support via email and a ticket system.

There is no embedded webshop on this domain.

3) Categories of personal data processed
A) Data provided by users

Contact requests (Contact Us):

name, email address, phone number, company name, message content.

Quotation requests:

project description, budget, deadline,

file uploads (the content depends on what is uploaded).

Newsletter subscription:

name, email address.

Client portal accounts:

username and authentication data (passwords are intended to be stored in a protected form, e.g., hashed, and not in plain text),

account-related metadata (e.g., timestamps, status).

Customer support (email and ticket system):

correspondence content,

ticket information (messages, timestamps, status, attachments if provided).

B) Data collected automatically

Server and security logs:

IP address, browser/device information, date/time, requested URL, referrer URL, and related log metadata.

4) Purposes of processing

Personal data may be processed for:

responding to inquiries and communications,

preparing quotations and handling pre-contractual requests,

creating and administering client portal accounts and authentication,

delivering customer support via email and tickets,

operating, maintaining, securing, and improving the Website,

measuring website usage and performance (analytics), where enabled,

sending marketing communications (newsletter and product/service updates), where a lawful basis exists.

5) Legal bases (GDPR)

Where the GDPR applies, processing is based on one or more of the following:

Contract / pre-contractual steps (GDPR Art. 6(1)(b)) — e.g., quotation requests and client portal services.

Legitimate interests (GDPR Art. 6(1)(f)) — e.g., Website operation, basic security, abuse prevention, and limited service improvement.

Consent (GDPR Art. 6(1)(a)) — e.g., newsletter subscription and (where required) analytics cookies/identifiers.

Legal obligation (GDPR Art. 6(1)(c)) — where applicable legal compliance requires processing.

6) Cookies and similar technologies
Strictly necessary cookies

The Website uses strictly necessary cookies and similar technologies for:

session management,

security,

login/authentication in the client portal.

These are required for core operation.

Analytics (Matomo self-hosted; Google Analytics)

The Website uses:

Matomo (self-hosted) for analytics. Matomo provides mechanisms to implement consent and/or reduce cookie usage depending on configuration.

Google Analytics to understand Website performance and improve visibility and effectiveness (including SEO-related performance analysis).

Where required by applicable law (including EU ePrivacy rules), analytics cookies/identifiers are used only after consent. If consent is not provided, only strictly necessary cookies should operate.

7) Email marketing (newsletter)

Marketing emails (e.g., newsletters and product/service updates) are sent only where a lawful basis exists (typically consent). Each marketing email includes an unsubscribe mechanism. After an unsubscribe request, a minimal record may be kept to ensure the request is respected (suppression).

8) Data sharing and third parties
A) Hosting, newsletter delivery, ticket system

Website hosting, databases, email, and the ticket system are operated on Controller-managed infrastructure (own servers and systems). No external hosting/newsletter/ticket processor is used for these components.

B) Analytics providers

Matomo is self-hosted (no external Matomo cloud processing).

Google Analytics is provided by Google and may involve processing by Google entities.

Google states it participates in the EU–US Data Privacy Framework for relevant transfers.

Personal data is not sold.

9) International data transfers (relevant to Google Analytics)

Use of Google Analytics may involve transferring personal data outside the European Economic Area. In such cases, transfers may rely on recognized mechanisms such as:

the EU–US Data Privacy Framework adequacy mechanism (where applicable),
and/or

contractual and supplementary measures where required.

10) Data retention

Personal data is retained no longer than necessary for the relevant purpose, unless a longer period is required by law. Typical retention practices may include:

Contact inquiries: kept for the duration of handling and follow-up, then typically up to 24 months after the last interaction.

Quotation requests (including uploaded files): kept for the quotation process and follow-up, then typically up to 24 months (uploaded files may be deleted earlier if no longer needed).

Client portal accounts: kept while the account is active; after closure, limited data may be retained for a reasonable period for security and dispute handling.

Support tickets and correspondence: kept for operational continuity and dispute handling, typically up to 36 months after closure.

Server/security logs: typically kept for a limited period (commonly 7–30 days), unless needed longer for security investigations.

Users are encouraged not to upload or send unnecessary sensitive personal data (e.g., special category data) via forms or file uploads.

11) Security

Appropriate technical and organizational measures are applied to protect personal data, including access controls and security monitoring. No method of transmission or storage is risk-free; residual risk cannot be fully eliminated.

12) Data subject rights (GDPR)

Where the GDPR applies, individuals may have the right to:

access,

rectification,

erasure (in certain circumstances),

restriction,

data portability (where applicable),

objection (especially to processing based on legitimate interests),

withdraw consent at any time (without affecting prior processing),

lodge a complaint with a supervisory authority.

Requests can be submitted via: This email address is being protected from spambots. You need JavaScript enabled to view it.

13) Complaints (Hungary – supervisory authority)

In Hungary, the supervisory authority is the Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH). The NAIH contact details are available on its official website.

14) Third-party links and external platforms

If the Website links to third-party websites or if marketing occurs on external platforms, those third parties process data under their own policies. Use of third-party services is governed by the third party’s privacy and cookie practices.

15) Updates to this Privacy Policy

This Privacy Policy may be updated to reflect changes in practices, technologies, or legal requirements. The “Last updated” date shows the latest revision.