MagyarEnglishDeutschSrpskiRomânăSlovenčinaItalianoEspañolPolskiРусский
This is an informative translation. The Hungarian version is the legally binding one.

Privacy Policy

Effective from: May 8, 2026

1. Data Controller

Role:Data Controller
Company name:10x Akadémia Kft
Registered office:1136 Budapest, Tátra utca 5. A. ép. alagsor 2. ajtó, Magyarország
Company registry no.:01-09-453005
Tax number:32987953-2-41
Contact email:info@webinar4me.com

This Privacy Policy explains how 10x Akadémia Kft (the "Controller", "we") processes personal data through the webinar4me.com platform (the "Platform"), in accordance with Regulation (EU) 2016/679 (GDPR) and Hungarian Act CXII of 2011 on informational self-determination.

2. Data processed and legal bases

Data categoryPurposeLegal basis
User (admin) name, email, password hashAccount creation, authenticationContract (Art. 6(1)(b))
User billing details (name, address, tax ID)Invoicing, Hungarian e-invoice issuanceContract / legal obligation (Art. 6(1)(b), (c))
IP, user agent, session logSecurity, fraud preventionLegitimate interest (Art. 6(1)(f))
Viewer registration data (name, email, optional phone) — disclosed to the webinar organizer solely for service deliveryDelivering the webinar service (joining, reminders, replay); performance of the service relationship between the viewer and the webinar organizerContract (Art. 6(1)(b)) — by registering, the viewer enters into a service relationship with the webinar organizer; 10x Akadémia and the organizer act as separate (independent) controllers. The Platform does NOT pass through any marketing consent.
Viewer attendance and viewing analyticsReporting to the webinar organizer + Platform-level analyticsContract and legitimate interest (Art. 6(1)(b) and (f))
Marketing email to viewer (sent by the webinar organizer)Newsletter, offers, customer follow-up — under the organizer's own controllershipConsent (Art. 6(1)(a)) — collected by the organizer directly via its own channel, NOT through the Platform's registration form. 10x Akadémia neither collects nor transmits this consent and is not responsible for the organizer's marketing processing.
Marketing email to user (admin)Newsletter, offersConsent (Art. 6(1)(a))

3. Retention periods

  • Accounting and invoicing records (issued e-invoices, payment logs): 8 years (Hungarian Act C of 2000 on Accounting, § 169).
  • User account data (name, email, password hash, profile settings): until account deletion plus up to 30 days of technical archiving (backup-rotation window).
  • Webinar configurations and viewing logs: up to 12 months after account deletion.
  • Transactional email logs and security (audit) logs: up to 12 months.
  • Marketing consents and withdrawals: 3 years from withdrawal of consent (for evidentiary purposes, under Hungarian Grtv. — Act XLVIII of 2008 — § 6(5)).

After the retention periods expire, data is permanently and irreversibly deleted.

4. Data processors

We use the following processors. Four of them are EU-based; data transfers to Resend (USA) rely on Commission Implementing Decision (EU) 2023/1795 (EU–U.S. Data Privacy Framework adequacy decision) together with Resend, Inc.'s active DPF certification (Data Privacy Framework List).

SCC fall-back: if the adequacy decision is invalidated or suspended, or if Resend, Inc.'s DPF certification is withdrawn, the U.S. transfer continues under the EU Standard Contractual Clauses pursuant to Commission Implementing Decision (EU) 2021/914 (Module 2: controller-to-processor). The SCC are pre-incorporated into the Data Processing Agreement signed between 10x Akadémia Kft and Resend, Inc., so the legal basis for the transfer remains uninterrupted.

  • Hetzner Online GmbH (DE) — hosting and storage (EU)
  • Stripe Payments Europe, Limited (IE) — card payment processing (PCI DSS)
  • KBOSS.hu Kft (Számlázz.hu) (HU) — Hungarian e-invoice issuance and delivery
  • Resend, Inc. (US) — transactional email delivery
  • BunnyWay d.o.o. (SI, Bunny.net) — video hosting and streaming

5. Security

Servers operate within the European Union (Hetzner, Germany). All transmission uses HTTPS/TLS. Passwords are stored only as bcrypt hashes. Access controls, audit logs and routine security updates safeguard data integrity.

6. Viewer data — separate (independent) controllers; marketing consent is the organizer's responsibility

When an end-user ("Viewer") registers for a webinar hosted on the Platform, two distinct controllers receive that data, each for their own purposes:

  • The webinar organizer ("User") — as a webinar4me subscriber and an independent data controller: they receive the Viewer's name, email, optional phone number, and attendance/viewing analytics, and process them solely for the purpose of delivering the webinar service (joining the session, attendance reminders, replay access).
  • 10x Akadémia Kft — as platform operator and an independent data controller: we process Viewer data on our own legal bases for purposes essential to running the Platform: sending transactional emails, security/fraud prevention, audit logging, and reporting to the User. Legal bases: Art. 6(1)(b) (contract: enabling the registration service the Viewer signed up for) and Art. 6(1)(f) (legitimate interest: security and platform integrity).

The Platform does NOT collect or transmit any marketing consent on behalf of the webinar organizer. The mandatory acknowledgement that registrants tick on the registration form covers ONLY the use of their data for delivering the webinar service (joining, reminders, replay). It does NOT authorise newsletter, promotional, follow-up or any other non-transactional marketing communication. If the webinar organizer (User) wishes to send the Viewer marketing communications, the organizer must obtain valid GDPR-compliant consent (Art. 6(1)(a) + Art. 7) directly from the Viewer via its own channel — separately from and in addition to the registration on this Platform. The organizer's marketing activity, if any, is its own responsibility under its own privacy notice.

Recipients (Art. 13(1)(e) GDPR): the Viewer's personal data are disclosed to (i) the webinar organizer (as a separate controller, solely for service delivery) and (ii) the sub-processors listed in section 4 for the technical operation of the service.

Viewer Notice: the Platform-level Viewer Notice explains exactly who processes the Viewer's data, for what purpose and on what basis. The User's own marketing and customer-relationship processing is governed by the User's own privacy notice — which the User must provide to the Viewer directly when first contacting them via their own channel.

Withdrawal of marketing consent (Art. 7(3) GDPR): because any marketing consent is given to the webinar organizer (User), not to the Platform, marketing-consent withdrawal must be addressed directly to the webinar organizer — contact details are in the footer of the webinar landing page and/or in the User's own privacy notice. Transactional emails sent by 10x Akadémia (registration confirmation, reminders, invoice delivery, security notices) are necessary to perform the contract and cannot be unsubscribed from — they stop only on account/registration deletion. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

7. Your rights

Under the GDPR you have the following rights:

  • Access (Art. 15), rectification (Art. 16), erasure (Art. 17).
  • Restriction (Art. 18), data portability (Art. 20).
  • Objection (Art. 21), no automated decision-making (Art. 22).
  • Withdrawal of consent (Art. 7(3)).

Send your request to info@webinar4me.com for Platform-level processing (registration data disclosure, transactional email, security). For all marketing or follow-up matters — including withdrawing any marketing consent — contact the webinar organizer (User) directly; their imprint is on the webinar landing-page footer and/or in the User's own privacy notice. We respond within 30 days; complex cases may be extended by a further 60 days (with notice).

8. Right to lodge a complaint

Supervisory authority: National Authority for Data Protection and Freedom of Information (NAIH), 1055 Budapest, Falk Miksa utca 9-11., Hungary, naih.hu. EU-resident data subjects may also approach the supervisory authority of their habitual residence.

9. Cookies

We use strictly necessary cookies and — with your consent — analytics cookies. Details in our Cookie Policy.

10. Changes

We may unilaterally amend this Policy. Users are notified by email at least 30 days before any change takes effect.

11. Contact

Any question about this Policy or your data: info@webinar4me.com.

Last modified: May 8, 2026 · 10x Akadémia Kft