Privacy Policy

Version: 1.0

Effective Date: 22 September 2025

1. Data Controller Information

Name: ALU-ÖNTŐ" Metal Casting and Metalworking Industrial and Commercial Ltd.

Registered Office: 1215 Budapest, Károli Gáspár utca 69.

Company Registration Number: 01 09 163170

Tax Number: 10695683-2-43

Representative: Gergely Hajas

E-mail: casting@alu-onto.hu

Phone: +36 24 531 830

Website: www.alu-onto.hu

2. Purpose of the Notice, Legal Bases, Definitions
  • Purpose: To provide transparent information about the personal data processed, the purposes, legal bases, retention periods, recipients, and data subject rights.
  • Applicable Laws: GDPR (EU) 2016/679; Act CXII of 2011 on Information Self-Determination (Hungary); Act C of 2000 (Accounting); Act CXXVII of 2007 (VAT); Hungarian Civil Code.
  • Definitions: As per Article 4 of the GDPR.
3. Data Processing Activities
3.1. Contract Conclusion and Fulfillment (B2C/B2B)

Purpose: Creation, registration, and fulfillment of contracts; management of warranty/guarantee and other claims; invoicing.

Data Subjects: Natural person clients / sole proprietors; contact persons of corporate partners.

Data Categories: Natural person / sole proprietor: name, address, place/date of birth, mother’s name, signature (for written contracts), business registry number, billing/shipping data, contact details, order/payment/performance/warranty details, performance confirmation, working time logs. Contact persons: name, position, company, email, phone.

Legal Basis: Contract performance (GDPR Art. 6(1)(b)); legal obligation – accounting/VAT (Art. 6(1)(c)); legitimate interest (contact persons) (Art. 6(1)(f)).

Retention: Contractual limitation period (typically 5 years); accounting records: 8 years (per Hungarian Accounting Act §169).

3.2. Customer Service and Communication (email/phone/mail, contact form)

Purpose: Record and respond to inquiries, ensure traceability if needed.

Data Subjects: Inquirers, clients, partners.

Data Categories: Name, email, phone, subject and content of the message, date/time; in case of postal letters: sender’s name/address, delivery date. Legal Basis: Legitimate interest (Art. 6(1)(f)).

Retention: Until the purpose ceases; up to 5 years if legal claims are expected; otherwise, a max. 30-day operational retention.

3.3. Social Media Presence (Facebook, LinkedIn, Instagram)

Purpose: Corporate presence, information sharing, recruitment, interaction.

Legal Basis: Legitimate interest (Art. 6(1)(f)).

Note: Due to platform operations, joint data controllership may arise with Meta, LinkedIn, etc. – refer to the platforms’ own privacy policies.

3.4. Website Logging

Purpose: Ensuring proper and secure operation of the website; monitoring traffic and misuse.

Data Categories: IP address (partial), time of visit, device/OS/browser type.

Legal Basis: Legitimate interest (Art. 6(1)(f)).

Retention: Typically 7 days, then automatic deletion.

3.5. Cookie Management

What is a cookie? A small file stored in the browser during website use.

Categories: Necessary cookies (legal basis: legitimate interest) Statistical cookies (legal basis: consent) Marketing/comfort cookies (legal basis: consent).

Cookie Name Purpose Legal Basis Retention
buildr_live_session Used by the site to retrieve session status between visits.

Legitimate interest — GDPR Art. 6(1)(f), based on a balancing test



 end of session
XSRF-TOKEN Used by the site to retrieve session status between visits. end of session
cookies-state Stores information about the user's cookie consent. end of session


4. Recipients and Data Processors

In addition to internal staff, external service providers (data processors) may be involved:

  • Hosting/Infrastructure: Hetzner Online GmbH (EU, Germany) – web server/infrastructure.
  • Web Analytics / Video: Google Ireland Ltd. (GA4), YouTube LLC – cookie-based statistics and embedded content.
  • Social Platforms: Meta Platforms Ireland Ltd. (Facebook/Instagram), LinkedIn Corporation.


International Data Transfers: Transfers outside the EEA may occur; legal basis: EU Standard Contractual Clauses (SCC) and supplementary safeguards.

5. Data Security

The Controller implements appropriate technical and organizational measures (access control, password protection, logging, regular backups, vulnerability management), in line with the principle of “necessity and proportionality.”

6. Handling Data Breaches

In case of an incident: risk assessment, remedial actions, and notification to the supervisory authority within 72 hours if required; in case of high risk, affected individuals will also be informed. A breach log is maintained.

7. Data Subjects’ Rights
  • Withdrawal of consent (where applicable)
  • Access to personal data and information
  • Rectification of inaccurate data
  • Erasure ("right to be forgotten") under GDPR conditions
  • Restriction of processing
  • Data portability (for contract/consent-based processing)
  • Objection (in case of legitimate interest as legal basis)


Submit requests via: Email: hajas.gergely@alu-onto.hu or Post: 1215 Budapest, Károli Gáspár utca 69.
Response deadline: 1 month (may be extended by 2 months in justified cases)

Complaints can be submitted to: Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
Address: H-1055 Budapest, Falk Miksa utca 9–11.
Phone: +36-1-391-1400
Email: ugyfelszolgalat@naih.hu
Website: https://naih.hu

Judicial Remedy: Can also be initiated before the competent court of your residence or place of stay.

8. Cookie Management Summary (see separate Cookie Notice)

Detailed and up-to-date information about cookies used on the website is provided in a separate Cookie Notice.

9. Final Provisions
  • This notice may be updated in line with changes in services or laws.
  • The current version is always available on the website.
  • This document exclusively applies to the data processing of ALU-ÖNTŐ" Metal Casting and Metalworking Industrial and Commercial Ltd.

2316 Tököl, Ráckevei u. 8. • +36 24 531 830 • casting@alu-onto.hu