.png)
PRIVACY POLICY
PRIVACY POLICY
Effective date: 14.05.2026
Last updated: 14.05.2026
This Privacy Policy explains how Odd Hours collects, uses, stores, and protects personal data of visitors to oddhoursagency.com and individuals who interact with our services. We process personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and Hungarian Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information ("Infotv.").
1. WHO WE ARE (DATA CONTROLLER)
Odd Hours is operated by Mata Zsófia Valentina, a sole proprietor (egyéni vállalkozó) registered in Hungary.
Registered seat: 8600 Siófok, Bókay u. 6
Registration number: 54877704
Tax number: 56242531-1-34
Contact email for privacy matters: info@oddhoursagency.com
For the purposes of the GDPR, Mata Zsófia Valentina e.v. is the Data Controller in respect of all personal data processed via this website and in connection with services delivered under the Odd Hours brand.
2. KEY TERMS
"Personal data" means any information relating to an identified or identifiable natural person. "Processing" means any operation performed on personal data — including collection, storage, use, disclosure, and deletion. "Data subject" means the individual to whom the personal data relates (for example, a website visitor, newsletter subscriber, prospective client, or client contact). "Processor" means a third party that processes personal data on our behalf (for example, our hosting provider or email marketing platform).
3. WHAT DATA WE COLLECT AND WHY
We process personal data only for clearly defined purposes and only on a valid legal basis.
3.1 Website Contact Form
When you submit our contact form, we process the personal data you provide in order to respond to your enquiry and explore whether we can work together. Data processed: name, email address, company name (if provided), message content, and any other information you choose to share. Legal basis: Article 6(1)(f) GDPR — our legitimate interest in responding to enquiries and assessing potential client relationships. You have the right to object to this processing at any time.
Retention: Up to two (5) years from the last meaningful interaction, after which the data is deleted. If a client relationship begins, the data is
retained under section 3.4 instead.
3.2 Newsletter Subscription
When you subscribe to the Odd Hours newsletter, we process your data to send you the marketing communications you have signed up for.
Data processed: first name, email address, subscription date and IP address (stored as proof of consent), and engagement data such as opens and clicks. Legal basis: Article 6(1)(a) GDPR — your explicit consent, together with Section 6 of Hungarian Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Commercial Advertising Activity (Grtv.). Retention: Until you unsubscribe or otherwise withdraw your consent. You can unsubscribe at any time via the link in any newsletter, or by emailing info@oddhoursagency.com.
3.3 Discovery Calls and Pre-Contract Communications
When you book a discovery call or otherwise engage with us before signing a contract, we process your data to schedule the call, prepare for it,
and follow up. Data processed: name, email address, company name, role, scheduling preferences, call notes, and any information you share during the call. Legal basis: Article 6(1)(b) GDPR — steps taken at your request prior to entering into a contract. Retention: Up to two (2) years from the last meaningful interaction if no contract is signed. If a contract is signed, data moves under section 3.4.
3.4 Client Service Delivery
When you become a client, we process the personal data of you and your designated contacts to deliver our services and manage the engagement. Data processed: name, role, business email and phone, payment information, communications related to the project, and any access credentials or business information you provide to enable the work. Legal basis: Article 6(1)(b) GDPR — performance of a contract to which you are a party. Retention: For the duration of the engagement plus the periods required by law (see section 3.5).
3.5 Invoicing and Bookkeeping
We process limited personal data in order to issue invoices and comply with Hungarian tax and accounting law. Data processed: name, billing address, tax number (where applicable), invoice details. Legal basis: Article 6(1)(c) GDPR — compliance with a legal obligation, specifically Hungarian Act C of 2000 on Accounting (Számv. tv.) and related tax legislation. Retention: Eight (8) years from the end of the accounting year in which the invoice was issued, as required by Section 169(2) of the Accounting Act.
3.6 Testimonials and Case Studies
Where you provide a testimonial or agree to be featured in a case study, we process your name, image (if applicable), job title, company, and the
content of your statement. Data processed: name, photo (if applicable), job title, company name, testimonial text. Legal basis: Article 6(1)(a) GDPR — your explicit consent. Retention: Until you withdraw consent, after which the testimonial is removed from public-facing materials within a reasonable time.
3.7 Cookies and Website Analytics
See section 7.
4. WHO HAS ACCESS TO YOUR DATA (PROCESSORS AND RECIPIENTS)
We do not sell personal data. We share data only with the service providers listed below, who act as processors on our behalf and are bound by data processing agreements as required under Article 28 GDPR.
Website hosting and contact form
Provider: Wix.com Ltd.
Location: Israel (with EU operations in the Netherlands)
Purpose: hosting the website, storing contact form submissions, basic visitor analytics.
Transfer safeguard: European Commission adequacy decision for Israel.
Email marketing
Provider: Kit (formerly ConvertKit), operated by SendQuick LLC d/b/a Kit
Location: United States
Purpose: managing newsletter subscribers, sending newsletters, tracking email engagement.
Transfer safeguard: EU–US Data Privacy Framework and Standard Contractual Clauses.
Scheduling
Provider: Calendly LLC
Location: United States
Purpose: booking discovery calls, sending calendar invites and reminders.
Transfer safeguard: EU–US Data Privacy Framework and Standard Contractual Clauses.
Workspace and client collaboration
Provider: Notion Labs, Inc.
Location: United States
Purpose: client workspaces, project notes, internal documentation.
Transfer safeguard: EU–US Data Privacy Framework and Standard Contractual Clauses.
Payment processing
Providers (as applicable to each transaction):
- Stripe Payments Europe, Limited — registered in Ireland.
- Wise Payments Limited — registered in the United Kingdom, with EU entity Wise Europe SA in Belgium.
- Revolut Bank UAB — registered in Lithuania.
Purpose: receiving payments from clients.
Transfer safeguard: EEA / UK adequacy decision.
Accounting
Provider: Kovácsné Lukács Ildikó
Location: Hungary
Purpose: bookkeeping, invoicing support, tax compliance.
We may also disclose personal data where required by law, court order, or to defend our legal interests.
5. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA
Some of the processors listed in section 4 are based outside the European Economic Area, primarily in the United States. Where personal data is transferred outside the EEA, we rely on the following safeguards as required by Chapter V of the GDPR:
(a) European Commission adequacy decisions, where applicable (for example, Israel for Wix);
(b) the EU–US Data Privacy Framework (DPF) for transfers to certified organisations in the United States; and
(c) Standard Contractual Clauses approved by the European Commission, together with any supplementary measures we deem necessary.
Details of each provider's transfer mechanisms are available in their own privacy documentation, or on request from us.
6. YOUR RIGHTS
Under the GDPR you have the following rights in respect of personal data we hold about you:
Right of access — to be told whether we process your data, and to receive a copy of it.
Right to rectification — to have inaccurate or incomplete data corrected.
Right to erasure ("right to be forgotten") — to have your data deleted in the circumstances set out in Article 17 GDPR.
Right to restriction of processing — to have processing paused in the circumstances set out in Article 18 GDPR.
Right to data portability — to receive your data in a structured, commonly used format, where processing is based on consent or contract and carried out by automated means.
Right to object — to object, on grounds relating to your particular situation, to processing based on our legitimate interests (Article 6(1)(f)).
Right to withdraw consent — where processing is based on consent, you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Right to lodge a complaint — you can complain to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH), or to
the supervisory authority of your country of residence:
NAIH
Address: 1055 Budapest, Falk Miksa utca 9-11.
Postal: 1374 Budapest, Pf. 603.
Phone: +36-1-391-1400
Email: ugyfelszolgalat@naih.hu
Web: https://naih.hu
To exercise any of these rights, email us at info@oddhoursagency.com. We will respond without undue delay and in any case within one month of receiving your request. Where a request is particularly complex, we may extend this period by a further two months and will let you know if so.
7. COOKIES AND SIMILAR TECHNOLOGIES
This website uses cookies and similar technologies. A cookie is a small text file stored on your device when you visit a website.
7.1 Categories of cookies used on this site
Strictly necessary cookies — required for the website to function (for example, security, load balancing, and session management set by Wix).
These are set on the basis of our legitimate interest under Article 6(1)(f) GDPR and do not require consent.
Analytics cookies — help us understand how visitors use the website (for example, Wix's built-in visitor analytics). Set only with your consent.
Marketing cookies — used to measure ad performance and build audiences for remarketing (for example, Meta or TikTok Pixel). Set only with your consent.
7.2 How to manage cookies
When you first visit the site you are presented with a cookie banner that allows you to accept all, reject all, or customise your choices. You can
change your choices at any time via the "Cookie Settings" link in the website footer. You can also manage cookies through your browser settings. Legal basis for consent-based cookies: Article 6(1)(a) GDPR and Section 155(4) of Hungarian Act C of 2003 on Electronic Communications (Eht.).
8. AUTOMATED DECISION-MAKING
We do not carry out automated decision-making, including profiling, that produces legal or similarly significant effects on you.
9. DATA SECURITY
We apply appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit (TLS/SSL), secure password practices, two-factor authentication where available, and limiting access to data on a need-to-know basis. No transmission over the internet is fully secure, but we take reasonable steps to minimise risk. If a personal data breach is likely to result in a risk to your rights and freedoms, we will notify NAIH within 72 hours of becoming aware of it and, where the risk is high, inform you directly without undue delay.
10. CHILDREN
Our services are directed at businesses and professional contacts. We do not knowingly collect personal data from children under the age of 16. If you believe we have inadvertently done so, please contact us and we will delete the data.
11. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. The current version is always available on this page, with the "Last updated" date at the top. Material changes will be communicated where appropriate (for example, via the newsletter if you are subscribed).
12. CONTACT
For any questions about this Privacy Policy or how we process personal data, please contact:
Mata Zsófia Valentinaegyéni vállalkozó (Odd Hours)
8600 Siófok Bókay u 6
Email: info@oddhoursagency.com