Privacy Policy
Effective Date: 27.03.2026
1. Content of the Notice
aHead Photonics Kft. (hereinafter: Data Controller) is an enterprise engaged in the research and development of augmented reality-based Head-Up Display (HUD) technologies, developing solutions for the display of driving-assistance information in order to enhance road safety and support the driving process. The Data Controller hereby informs Users as Data Subjects about the data processing activities carried out on the website www.aheadphotonics.com (hereinafter: Website) and in connection with the services provided by it, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR).
2. Definitions
The most important terms used in this notice and their interpretation:
Data Subject: a natural person identified or identifiable on the basis of any information,
Personal data: any information relating to an identified or identifiable natural person (the Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person,
Data Controller: the natural or legal person, public authority, agency, or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law,
Data processing (processing): any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction,
Data transfer: making data accessible to a specified third party,
Disclosure: making data accessible to anyone,
Data erasure: rendering data unrecognisable in such a way that its recovery is no longer possible,
Data destruction: the complete physical destruction of the data carrier containing the data,
Data set: the totality of data managed in a single registry,
Third party: a natural or legal person, or an organisation without legal personality, that is not identical to the Data Subject, the Data Controller, the Data Processor, or those persons who process personal data under the direct authority of the Data Controller or the Data Processor,
Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future,
Data processing (by a processor): the performance of technical tasks related to data processing operations carried out by the Data Controller, regardless of the method and means used to perform the operations, and the place of application, provided that the technical task is performed on the data,
Data Processor: a natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the Data Controller,
Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements,
Consent of the Data Subject: any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3. Data Controller Details and Place of Data Processing
Company name: aHead Photonics Kft.
Registered office: 2040 Budaörs, Ősz u. 1.
Company registration number: 19-09-524022
Tax number: 32362219-2-19
Representative: Dr. Pál Gábor Koppa
Email: info@aheadphotonics.com
Website: www.aheadphotonics.com
Place of data processing: Hungary.
4. Circumstances of Data Processing, Legal Basis, Purpose, and Categories
The Data Controller’s processing activities in the cases specified below are carried out on the following legal bases:
4.1. Contact
If the Data Subjects have any comments, questions, problems, or complaints, they may contact the Data Controller by email or by post.
Data Subjects | Types of Personal Data | Purpose of Processing | Duration of Processing | Legal Basis of Processing |
Persons submitting questions or comments by email or post. | name, email address or postal address, other data voluntarily provided in the email or letter | Responding to the enquiry. | No later than 1 year from the date of the data being provided, or until the withdrawal of the Data Subject’s consent. | The Data Subject’s consent pursuant to Article 6(1)(a) GDPR. |
4.2. Complaint Handling
Where a complaint has been submitted, it shall be processed and responded to.
Data Subjects | Types of Personal Data | Purpose of Processing | Duration of Processing | Legal Basis of Processing |
Persons submitting complaints by email or post. | name, email address or postal address, other data as specified in Section 17/A(5) of the Consumer Protection Act | Receipt, investigation, and handling of complaints. | The Data Controller shall draw up a record, which it is required to retain for 3 years pursuant to Section 17/A(7) of the Consumer Protection Act. | Compliance with a legal obligation pursuant to Article 6(1)(c) GDPR, on the basis of Sections 17/A and 17/B of Act CLV of 1997 on Consumer Protection (Consumer Protection Act). |
4.3. Personal Data Generated During Website Visits (Cookies)
In the interest of providing a personalised service, small data packets, known as cookies, are placed on the user’s computer (computing device) through the website operated by the Data Controller, in such a way that they are saved and stored by the Data Subject’s internet browser.
The cookie is read back during a subsequent visit. If the browser sends back a previously saved cookie, the Data Controller managing the cookie has the opportunity to link the user’s current visit with previous ones, but only in respect of its own content.
The general functions of cookies are: gathering information about visitors and their devices; remembering visitors’ individual settings that are used or may be used (e.g., when using online transactions, so they do not need to be re-entered); facilitating the use of the website; ensuring a quality user experience.
Most commonly used internet browsers (Chrome, Firefox, Edge, Explorer, Opera, Safari, etc.) accept and allow the downloading and use of cookies by default; however, it is up to the Data Subject to refuse or disable them by modifying the browser settings. The Data Subject can also delete cookies already stored on his or her computer. More detailed information about the use of cookies is available in the “help” section of each browser.
The legal basis for data processing in the case of strictly necessary cookies is the legitimate interest related to the operation of the website; in the case of statistical and marketing cookies, it is the Data Subject’s consent.
The Data Controller uses the following strictly necessary cookies:
Cookie Name | Cookie Purpose | Lifetime |
wordpress_test_cookie | Checking whether cookies are enabled in the user’s browser. Necessary for the basic operation of the WordPress content management system. | Session (deleted when the browser is closed) |
PHPSESSID | PHP server-side session identification, ensuring the basic operation of the website. | Session (deleted when the browser is closed) |
The Data Controller uses the following statistical cookies:
Cookie Name | Cookie Purpose | Lifetime |
_ga | A cookie used by Google Analytics for measuring visitors and sessions. | 2 years from activation |
ga* | A cookie used by Google Analytics for measuring page usage and events. | 2 years from activation |
The Data Controller does not use marketing cookies.
5. Engagement of Data Processors
The Data Controller engages the following data processors for the processing and storage of data:
Accountant: Spectrum BT (8200 Veszprém, Budapest út 15, Tax number: 27219366-2-19). Role: provision of accounting and related services, acting on behalf of the Data Controller under a data processing agreement.
IT/hosting service provider: Google Ireland Limited (registered office: Gordon House, Barrow Street, Dublin 4, Ireland). Role: hosting and cloud service provider (e.g., email, document storage, backups), acting on the basis of our instructions, in accordance with the Google Workspace/Cloud service agreement and its GDPR-compliant data processing terms.
6. Data Transfers
The Data Controller does not transfer personal data to third countries, unless a separate legal basis and adequate safeguards are available, about which the Data Subject will be separately informed.
7. Rights of the Data Subject
The exercise of all rights associated with the legal basis of each data processing activity is ensured for Data Subjects. Requests by the Data Subject for the exercise of individual rights may be submitted in writing:
by post to the address 1111 Budapest, Budafoki út 2-8., or
by email to info@aheadphotonics.com.
The Data Controller shall inform the Data Subject of the measures taken in response to a request submitted to the Data Controller for the purpose of exercising the rights specified herein, without undue delay and in any event within one month of receipt of the request. Where necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months.
The Data Subject shall not be able to exercise the rights listed in this section if the Data Controller demonstrates that it is not in a position to identify the Data Subject. If the Data Subject’s request is manifestly unfounded or excessive, in particular on account of its repetitive character, the Data Controller may charge a reasonable fee for the fulfilment of the request or refuse to act on the request. The burden of demonstrating this shall be on the Data Controller. If the Data Controller has reasonable doubts concerning the identity of the natural person making the request, it may request the provision of additional information necessary to confirm the identity of the Data Subject.
7.1. Right to Information and Right of Access
The Data Subject has the right to access the personal data stored by the Data Controller and the information related to their processing, to request such data at any time, to verify what data the Data Controller holds about him or her, and to obtain access to the personal data.
Following the exercise of the right of access, the Data Subject is entitled to obtain confirmation from the Data Controller as to whether or not personal data concerning him or her are being processed. Where such processing is taking place, the Data Subject is entitled to access the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject, or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the Data Subject, any available information as to their source; the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.
In respect of processing activities where the Data Controller carries out profiling, it shall provide the Data Subject with the data used as input for the creation of the profile, and shall provide access to information about the profile.
7.2. Right to Rectification and Completion
The Data Subject may request the rectification of inaccurate personal data concerning him or her and the completion of incomplete data, or where a change has occurred in respect of any data, the amendment of such data. The Data Subject is solely responsible for the accuracy and truthfulness of his or her personal data.
7.3. Right to Erasure
The Data Subject has the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the Data Subject withdraws consent on which the processing is based, and there is no other legal ground for the processing; the Data Subject objects to the processing of his or her personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing; the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.
7.4. Right to Restriction of Processing
At the request of the Data Subject, the Data Controller shall restrict the processing where one of the following applies: the accuracy of the personal data is contested by the Data Subject; the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead; the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise, or defence of legal claims; the Data Subject has objected to processing.
7.5. Right to Data Portability
The Data Subject has the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another controller where the processing is based on consent or on a contract and the processing is carried out by automated means.
7.6. Right to Object
The Data Subject has the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is based on legitimate interest or public interest, including profiling. In such a case, the Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject, or for the establishment, exercise, or defence of legal claims.
7.7. Automated Individual Decision-Making, Including Profiling
The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This provision shall not apply where the decision is authorised by Union or Member State law to which the Data Controller is subject and which also lays down suitable measures to safeguard the Data Subject’s rights, freedoms, and legitimate interests, the decision is necessary for entering into, or performance of, a contract between the Data Subject and the Data Controller, or the decision is based on the Data Subject’s explicit consent. In the latter cases, the Data Controller shall implement suitable measures to safeguard the Data Subject’s rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the Data Controller, to express his or her point of view, and to contest the decision.
7.8. Right to Withdraw Consent
The Data Subject has the right to withdraw his or her consent to data processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
8. Legal Remedies
Under the Info Act, the GDPR, and the Civil Code, the Data Subject may:
- lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH),
Address: 1055 Budapest, Falk Miksa u. 9-11.
Email: ugyfelszolgalat@naih.hu
Website: www.naih.hu
- or enforce his or her rights, at his or her choice, before the court having jurisdiction over the defendant’s registered office or the Data Subject’s place of residence.
9. Data Security
The Data Controller undertakes to ensure the security of data, and shall take all technical measures necessary to ensure that the collected, stored, and processed data are protected, and shall do everything in its power to prevent their destruction, unauthorised use, and unauthorised alteration. The Data Controller also undertakes to call upon any third party to whom data may be transferred or disclosed to fulfil its obligations in this regard.
10. Other Provisions
The Data Controller reserves the right to unilaterally amend this Privacy Policy, subject to prior notification of the Data Subjects on the website and by email. Following the entry into force of the amendment, the Data Subject shall be deemed to have accepted the provisions of the amended Privacy Policy by implied conduct.
Please read the amendments to the Privacy Policy carefully in all cases, as they contain important information about the processing of your personal data.
This Privacy Policy is effective from 27th of March 2026.