Privacy Policy


Last updated: May 2025

The purpose of this privacy policy is to establish the privacy and data management principles applied by https://www.csomaajna.com.

This document does not apply to services and data processing which relate to promotions, prize games, services, or other campaigns by third parties advertising on the website mentioned below or appearing in other ways, or to content published by them. Similarly, unless otherwise stated, this document does not apply to the services and data processing of websites and service providers linked from csomaajna.com. For such services, the provisions of the privacy policy of the third parties operating the service shall apply, and csomaajna.com assumes no responsibility for such data processing or content.

Data Protection Principles

  • We process personal data lawfully, fairly, and transparently.
  • We collect personal data only for specific, clear, and legitimate purposes, and do not process them in a way incompatible with these purposes.
  • The personal data we collect and process are adequate and relevant to the purposes of data processing and limited to what is necessary.
  • The website takes all reasonable measures to ensure that the data we process is accurate and up to date when necessary, and we immediately delete or correct inaccurate personal data.
  • We store personal data in a form that allows identification of data subjects only for the time necessary to achieve the purposes of personal data processing.
  • We ensure appropriate security of personal data through technical and organizational measures, protecting against unauthorized or unlawful processing, accidental loss, destruction, or damage. We protect the security of the website to a reasonable extent but do not accept liability for damage resulting from cyber-attacks.

Data Protection Definitions

Data Subject
Any identified or identifiable natural person, directly or indirectly, based on personal data.
Personal Data
Any data that can be associated with the data subject, in particular the data subject’s name, identification number, and one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity, as well as conclusions drawn from the data relating to the data subject.
Special Data
a) Personal data revealing racial or ethnic origin, political opinions or party affiliation, religious or philosophical beliefs, trade union membership, sexual life; b) personal data concerning health status, addictions, and criminal personal data.
Consent
Voluntary and definite expression of the data subject’s will based on appropriate information, by which they give unambiguous consent to the processing of their personal data.
Objection
A statement by the data subject objecting to the processing of their personal data and requesting the termination of data processing and/or the deletion of the processed data.
Data Controller
A natural or legal person, or organization without legal personality, who or which alone or jointly with others determines the purposes of data processing, makes and executes decisions concerning data processing.
Data Processing
Any operation or set of operations performed on data, regardless of the procedure used, such as collection, recording, organization, storage, modification, use, retrieval, transmission, disclosure, coordination or combination, blocking, deletion and destruction.
Data Transfer
Making data accessible to a specific third party.
Disclosure
Making data accessible to anyone.

Data Processing Principles

Personal data may only be processed for a specific purpose, to exercise rights and fulfil obligations. Data processing must comply with the purpose of data processing at all stages, and the collection and processing of data must be fair and lawful.

Personal data may be processed if: a) the data subject consents to it, or b) it is ordered by law or, based on legal authorization, within the scope specified therein, by local government decree for purposes of public interest.

Only personal data essential for achieving the purpose of data processing and suitable for achieving the goal may be processed. Personal data may only be processed to the extent and for the duration necessary to achieve the purpose.

Purpose and Legal Basis of Personal Data Processing

You may visit the website without providing any personal information. Data processing related to the website’s services is based on voluntary consent, and personal data comes directly from the data subjects. The scope of data processing includes registered users, those requesting quotes, newsletter subscribers, those wishing to download e-books, those applying for online or personal services, cookie users, purchasers of downloadable products, course students, and consultancy clients.

The purpose of data processing is to provide services, send confirmation emails, handle billing, course registration, service provision, and consultancy delivery.

Newsletter

By choosing the “Subscribe” option on the website, csomaajna.com is entitled to process and record the data subject’s name and email address for direct contact, business acquisition, market research, and business communication, as well as sending electronic advertisements and offers, subject to acceptance of this privacy policy. The data subject can unsubscribe using the “Unsubscribe” function at the bottom of any newsletter email.

Sending Messages and Emails

If you contact csomaajna.com using the email address or contact form displayed on the website, you consent to the data controller processing any personal data provided in the message for the purpose specified in the message content. Providing data is voluntary, and csomaajna.com considers consent for data processing to be given by sending messages, complaints, observations, or inquiries.

csomaajna.com treats customer data received for service provision confidentially. Personal data is not transferred to third parties outside csomaajna.com, except as required by law or as described in the AI Processing section below.

New — May 2025

OnBrandi Consultancy Service

When you engage csomaajna.com for the OnBrandi brand intelligence service, we process the following data for the purpose of delivering the consultancy:

  • Contact person name and email address
  • Company name and basic business details
  • Brand-related information you provide, including brand materials, briefs, and questionnaire answers

The legal basis for this processing is contractual performance (GDPR Article 6(1)(b)). Data is retained for the duration of the engagement and up to 2 years after completion for legitimate business record-keeping purposes.

Brand information you provide is used exclusively for delivering your OnBrandi service. It is not shared with third parties for their own purposes, repurposed beyond service delivery, or used to train AI models.

Brand information provided during OnBrandi engagements typically consists of publicly available or business-published brand materials. However, any personal data contained within such materials, such as contact person names or email addresses, is handled in accordance with this privacy policy.

New — May 2025

AI Processing and Third-Party Processors

OnBrandi uses Claude, an AI model developed by Anthropic, PBC (USA), to process brand inputs and generate outputs. When you use the OnBrandi service, data you provide may be processed through Anthropic’s API. In this context, Anthropic acts as a data processor under GDPR.

Their data handling practices are governed by Anthropic’s Privacy Policy (anthropic.com/privacy) and their Data Processing Agreement.

csomaajna.com does not store client brand data beyond the active service engagement. We do not input special category personal data, sensitive financial information, or confidential third-party data into the AI system.

This processing is carried out in compliance with applicable obligations under the EU AI Act (Regulation (EU) 2024/1689) and GDPR. Outputs generated by the AI system are intended to support human decision-making and require human review and approval before use.

Scope of Processed Data

Name and email address provided during registration or service enquiry, and other data voluntarily provided by customers. In the case of legal entities, the contact person’s name, legal entity’s name, tax number, and other data voluntarily provided. For OnBrandi clients, brand materials and briefs as described above.

Rights of Data Subjects

Right to Rectification

You may request in writing through the provided contact details that we modify any of your data. We will act on your request immediately, but no later than within 30 days, and send notification to your provided email address.

Right to Request Information

You may request information in writing about what data of yours we process, on what legal basis, for what purpose, from what source, and for how long. We will respond no later than within 30 days.

Right to Erasure

You may request in writing that your data be deleted. We will do this immediately, but no later than within 30 days of your request, and send notification to your provided email address. Note that data we are required to retain for legal or billing obligations cannot be deleted before the applicable retention period expires.

Right to Restriction

You may request in writing that we restrict your data. The restriction lasts as long as the reason you specify makes it necessary to store the data. We will act within 30 days and notify you by email.

Right to Object

You may object in writing to data processing. We will examine the objection within 30 days, make a decision regarding its validity, and inform you of our decision by email.

Duration of Data Processing

Data processing for newsletter and contact purposes continues until consent is withdrawn. For consultancy services, data is retained for the duration of the engagement and up to 2 years after completion. You may withdraw your consent to data processing at any time by contacting us at hello@csomaajna.com.

Data Transfer

The data controller does not perform data transfer to third parties for their own purposes, with the exception of Anthropic, PBC acting as a data processor for OnBrandi service delivery as described above, and statutory or official data transfers required by law.

Data Security

Method of data storage: electronic. Data storage and processing take place securely at the data controller’s headquarters. The data controller takes all administrative, computational, and physical security measures to protect personal data from unauthorized access, loss, and all possible threats.

Cookies

If you write a comment on the website, we store the provided name, email, and website address in cookies for convenience purposes. Cookie expiration time is one year. When visiting the login page, we set temporary cookies to determine if the browser accepts cookies; these contain no personal information and are deleted when closing the browser. Login cookies are valid for two days; editor interface screen option cookies for one year.

Embedded Content from Other Websites

Posts on the website may use embedded content from external sources. Embedded content from external sources behaves exactly as if you had visited another website. These websites may collect data about visitors, use cookies or third-party tracking codes, and monitor user behaviour related to embedded content.

Comments

When submitting a comment, the commenter’s IP address and browser identifier string are collected to filter out unwanted content. A hash generated from the email address may be transmitted to the Gravatar service; their terms can be viewed at automattic.com/privacy.

Legal Remedy Options

In case of unlawful data processing, please notify the data controller first to allow for resolution. If the lawful status cannot be restored, you are entitled to notify the National Authority for Data Protection and Freedom of Information:

  • Postal address: 1530 Budapest, Pf.: 5
  • Visit: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
  • Phone: +36 (1) 391-400

Modifications to This Policy

The privacy policy may be modified at any time. The revised version will be uploaded to the website. If you do not agree with the changes, please indicate your intention to delete your personal data.

Data Controller Contact

Csoma Ajna Margaréta sole proprietor
Tax number: 56545827-1-43
hello@csomaajna.com
https://www.csomaajna.com

Privacy Policy · csomaajna.com · Last updated May 2025 · Version 2.0


Turn learning into earning

master the art of brand personality & Voice today

Enrol Now →