Data Protection Policy

Last Updated: May 19, 2025

Welcome to egocalculation.com. We understand that your personal data is valuable and deserves the highest level of protection. This Data Protection Policy explains how we collect, use, disclose, retain, and safeguard your information in accordance with the General Data Protection Regulation (EU GDPR), the UK GDPR, and other applicable data protection legislation. By accessing or using our services, you agree to the practices described herein.

Introduction

At egocalculation.com, we are committed to protecting your privacy and ensuring that your personal data is processed in a lawful, fair, and transparent manner. This policy applies whenever you interact with our website, mobile applications, customer support, marketing communications, or any other services we provide. It also covers all formats of personal data, whether collected electronically, on paper, or through other means.

Data Controller and Data Protection Officer

egocalculation.com acts as the data controller for all personal data processed in relation to our services. The Data Protection Officer (DPO) oversees our data protection strategy and implementation, ensuring compliance with relevant laws and best practices. If you have any questions about how your data is handled or wish to exercise your rights, you may contact our DPO at [email protected] or by writing to our registered office at [Insert Company Address].

Lawful Bases for Processing

We process personal data only when we have a valid lawful basis to do so. These include situations where we have obtained your freely given consent for specific processing activities such as sending newsletters, where processing is necessary to fulfill a contract with you such as providing our calculation tools and customer support, where we are legally obliged to process data for compliance with statutory obligations, or where we have legitimate interests in improving our services, conducting analytics, and maintaining security, provided that such interests do not override your rights and freedoms.

Categories of Personal Data Collected

When you use our services, we may collect various types of personal data. This can include identity information such as your name or username, contact information like your email address or telephone number, and technical data such as your IP address, browser type, device identifiers, operating system, and time zone. We may also gather usage data regarding how you interact with our website and applications, including pages visited, features used, and session duration, as well as communication preferences and any feedback or support requests you submit.

How We Collect Personal Data

We obtain personal data directly from you when you provide it through our registration forms, contact forms, customer support inquiries, or newsletter subscription. We also collect data automatically via cookies and similar tracking technologies when you browse our site. Additionally, we receive data from third-party analytics providers, such as Google Analytics, which help us understand aggregate patterns and usage trends. In all cases, we limit collection to what is necessary for the purposes described below.

Purposes of Processing

We use your personal data to deliver and improve our products and services. Specifically, we process data to create and manage your user account, verify your identity, respond to inquiries, send service-related notifications and marketing materials (with your consent), analyze usage and performance to optimize our offerings, ensure the security and integrity of our systems, prevent and detect fraudulent activity, comply with our legal obligations, and carry out internal administrative tasks such as billing, auditing, and reporting.

Cookies and Tracking Technologies

Our website employs cookies, web beacons, and similar technologies to enhance functionality and performance, remember your preferences, and collect analytical information. We use both first-party cookies, which are set by us, and third-party cookies, such as those used by Google Analytics, to compile statistical reports on how visitors use the site. You can configure your browser to reject cookies, but this may impair certain features and your overall experience. For more information on opting out of Google Analytics tracking, please visit the Google Analytics Opt-Out page.

Third-Party Service Providers

To deliver our services, we engage third-party service providers such as hosting companies, payment processors, email delivery services, analytics platforms, and customer support tools. These providers are contractually bound to handle your data securely and may only process it on our instructions and in compliance with applicable data protection laws. We do not sell or rent your personal data for marketing purposes, nor do we allow third parties to use your information for their own independent purposes without your explicit consent.

Data Sharing and Disclosure

We may disclose your personal data to regulatory authorities, law enforcement agencies, or other governmental bodies when required by law, court order, or to protect our legal rights or the safety of others. In the event of a corporate transaction such as a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring party, subject to terms that uphold the privacy protections described in this policy.

International Transfers of Personal Data

Where we transfer your data outside the European Economic Area (EEA) or the United Kingdom, we ensure that appropriate safeguards are in place to protect your information. These measures may include Standard Contractual Clauses approved by the European Commission, Binding Corporate Rules, or transfers to jurisdictions deemed to provide an adequate level of protection. We do not transfer data to countries lacking adequate legal frameworks without implementing one of these safeguards.

Data Security Measures

We apply a combination of technical and organizational controls to protect personal data against unauthorized access, disclosure, alteration, or destruction. Encryption is used to secure data in transit via TLS/SSL and, where practicable, at rest. Access to personal data is restricted by role-based access controls and strong authentication mechanisms. We also conduct regular vulnerability assessments, security audits, and penetration tests, and we require our employees and contractors to undergo data protection training and adhere to strict confidentiality obligations.

Data Retention Policy

Your personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal and regulatory requirements, or to resolve disputes. For example, account information is kept for the duration of your active membership plus a reasonable period thereafter; newsletter preferences are retained until you unsubscribe and for up to two years afterward; billing and transaction records are stored for seven years to satisfy accounting and tax obligations; and support tickets are archived for up to three years for quality assurance and training purposes. Once the retention period expires, data is securely deleted or irreversibly anonymized.

Data Breach Response

In the unlikely event of a personal data breach, we maintain an incident response plan designed to promptly contain and assess the breach, evaluate potential harm to affected individuals, and notify the relevant supervisory authority within 72 hours if required by law. If the breach poses a high risk to user rights and freedoms, we will also communicate directly with affected individuals without undue delay, providing clear information about the nature of the incident and recommended protective measures.

Data Protection Impact Assessments

When our processing activities are likely to result in high risk to the rights and freedoms of data subjects—for instance, through large-scale profiling or the use of novel technologies—we conduct Data Protection Impact Assessments (DPIAs). DPIAs enable us to identify potential risks, evaluate their severity, and implement mitigating measures such as data minimization, pseudonymization, and additional security controls before processing begins.

Children’s Privacy

Our platform and services are not intended for children under the age of 16. We do not knowingly collect personal data from minors. If we become aware that personal information relating to a child under 16 has been collected, we will take prompt steps to delete such information unless retention is required by law.

Your Rights as a Data Subject

Under applicable data protection laws, you have a range of rights concerning your personal data. You may request access to the data we hold about you, seek rectification of any inaccurate or incomplete information, request the erasure of your data when it is no longer needed, and ask us to restrict or object to certain processing activities. Where processing is based on consent, you have the right to withdraw it at any time without affecting the lawfulness of prior processing. You also have the right to receive a copy of your data in a structured, machine-readable format and to transmit it to another controller where technically feasible. To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, or within three months for complex or numerous requests.

Supervisory Authority Complaints

If you are dissatisfied with our handling of your personal data or believe your rights have been infringed, you may lodge a complaint with your local data protection authority. For residents of the United Kingdom, this authority is the Information Commissioner’s Office (ICO), which can be reached via its website at https://ico.org.uk or by telephone at 0303 123 1113.

Privacy by Design and by Default

We embed data protection principles into the design of our products, services, and business processes, ensuring that, by default, only the personal data necessary for each specific purpose is processed. This “privacy by design and by default” approach helps us minimize data collection, reduce risk, and deliver strong protection from the outset.

Vendor Management and Audits

All third-party vendors who process personal data on our behalf undergo a rigorous selection process and are contractually required to implement appropriate technical and organizational safeguards. We maintain an inventory of these processors and conduct regular audits to verify ongoing compliance with our data protection requirements and contractual commitments.

Training and Awareness

We provide mandatory, periodic data protection and security training to all employees and contractors who handle personal data. Training covers GDPR principles, company policies, secure handling techniques, incident reporting procedures, and the importance of maintaining confidentiality at all times.

Policy Review and Updates

This Data Protection Policy is reviewed at least annually or whenever there are significant changes to our processing activities, legal obligations, or industry best practices. Any updates will be posted on this page, and the “Last Updated” date will be revised accordingly to reflect the most recent version.

Contact Information

For any questions about this policy or our data protection practices, please contact our Data Protection Officer at [email protected] or by mail at Budapest, Váci út 184, 1138 Hungary. We are dedicated to addressing your concerns and ensuring transparency in how we handle your personal data. By continuing to use egocalculation.com, you acknowledge that you have read and understood this policy and consent to the collection, use, and disclosure of your personal data as described herein.