Polaris
Privacy Policy
Polaris Innovation Technologies Kft.
Effective date: 15 June 2026
- Version: 1.1 This version has been expanded due to the introduction of the Barion online payment interface and Google reCAPTCHA v3 protection for public forms. This notice also clarifies that Google-based services are used exclusively in connection with public pages and public forms; such services continue not to be loaded on registered user interfaces.
1. Purpose and scope of this notice
The purpose of this Privacy Notice is to explain what personal data Polaris Innovation Technologies Kft. processes during the operation of the website, landing pages connected to the home page, public inquiry and contact forms, online payment processes, and registered user interfaces.
This notice applies in particular to website visitors, interested persons, persons completing contact or quote request forms, users initiating or completing online payment, and persons who create or use a user account.
On public websites and landing pages, Google Analytics may be used to measure the performance of the service, and Google reCAPTCHA v3 may be used to protect public forms against abuse. These Google services are connected exclusively to public pages and public forms.
Google Analytics, Google reCAPTCHA, and other Google-based analytics or form protection solutions are not loaded on registered user interfaces. During the normal use of these interfaces, the data controller does not transfer data to Google for analytics or reCAPTCHA purposes.
Online payment may take place through the Barion payment interface. Bank card data is entered and processed in Barion’s system; the data controller does not access or store full bank card data.
The detailed Cookie Notice and the presentation of cookie categories are published in a separate notice on the website.
Affected websites and interfaces: https://polarisinno.com, related Polaris landing pages, and registered user interfaces and product pages operated by Polaris Innovation Technologies Kft.
2. Data controller details
| Name | Data |
|---|---|
| Name of the data controller | Polaris Innovation Technologies Kft. |
| Registered office | 1031 Budapest, Kadosa utca 52., 3rd floor, door 10, Hungary |
| Company registration number | 01-09-450125 |
| Tax number | 32932207-2-41 |
| Representative | Zoltán Baji, managing director |
| Data protection contact e-mail | hello@polarisinno.com |
| Website | https://polarisinno.com |
3. Principles
The data controller processes personal data lawfully, fairly, and transparently. We only request data that is necessary for achieving the given purpose, and we do not use the data for purposes that are incompatible with the original purpose.
The data controller strives to ensure that the data is accurate, up to date, and processed securely. Access to the data is granted only to those who need it to perform their duties.
We separate the analytics and form protection solutions of public pages from registered user interfaces. When designing registered interfaces, data minimization and the avoidance of external analytics services are key considerations.
4. Detailed description of data processing activities
4.1. Operation of the website and basic technical data
| Aspect | Content |
|---|---|
| Data processed | IP address, browser and device data, time of visit, visited pages, technical log data, error messages. |
| Purpose of data processing | Operating the website and related interfaces, detecting errors, preventing abuse, and maintaining the security of the service. |
| Legal basis | The legitimate interest of the data controller in operating the website securely and reliably. |
| Retention period | 30 days; in case of a security incident, for the period necessary for the investigation. |
| Recipients / processors | Hosting provider, operational contributors. |
4.2. Contact and inquiry forms
| Aspect | Content |
|---|---|
| Data processed | Name, e-mail address, phone number, company name, position or role, subject of inquiry, message content, selected service, campaign source, and technical data related to the submission of the public form. |
| Purpose of data processing | Contact management, handling inquiries, preparing offers, business communication, presenting the appropriate service, and reducing the abusive use of public forms. |
| Legal basis | Taking steps prior to entering into a contract, and the legitimate interest of the data controller in handling business inquiries and protecting forms. |
| Retention period | Up to 2 years from the closure of the matter; in case of a business relationship, for the duration of the relationship or until the applicable legal or legitimate claim enforcement deadline. |
| Recipients / processors | Internal customer management system, e-mail service provider, hosting provider; in case of public forms, Google reCAPTCHA v3 service. |
4.3. Registered user account
| Aspect | Content |
|---|---|
| Data processed | E-mail address, name, password in non-reversible form, time of registration, account status, permission level, time of last login, notifications related to the account. |
| Purpose of data processing | Creating a user account, login, permission management, ensuring access to the service, maintaining account security. |
| Legal basis | Performance of a contract or taking steps prior to entering into a contract. |
| Retention period | For the duration of the account; in case of a deletion request, until deletion is completed; in case of a legal claim, until the end of the claim enforcement period. |
| Recipients / processors | Hosting provider, e-mail service provider, internal operational contributors. Google Analytics and Google reCAPTCHA are not loaded on registered user interfaces. |
4.4. Login protection and security logging
| Aspect | Content |
|---|---|
| Data processed | Time of failed login attempt, submitted e-mail address or username, IP address, browser identifier, number of attempts, temporary lockout status. |
| Purpose of data processing | Preventing unauthorized access attempts, automated attempts, and abuse; protecting user accounts. |
| Legal basis | The legitimate interest of the data controller in protecting the security of the IT system and user accounts. |
| Retention period | 12 months; in case of a security incident, for the period necessary for the investigation. |
| Recipients / processors | Hosting provider, internal operational contributors. |
4.5. Google Analytics-based traffic measurement on public pages
| Aspect | Content |
|---|---|
| Data processed | Page views, events, clicks, device and browser data, approximate geographical location, time of visit, campaign parameters. |
| Purpose of data processing | Measuring the performance of the public website and landing pages, preparing visitor statistics, analyzing the effectiveness of campaigns. |
| Legal basis | Consent of the data subject. |
| Retention period | 14 months, or the period according to the current Google Analytics settings. |
| Recipients / processors | Google Ireland Limited, Google LLC. |
| Note | Google Analytics is activated only if analytics consent has been given, and it is used only on public websites and landing pages. Google Analytics does not run on registered user interfaces. |
4.6. Protection of public forms using Google reCAPTCHA v3
| Aspect | Content |
|---|---|
| Data processed | IP address, browser and device data, technical interaction data related to the use of the public form, reCAPTCHA token, risk score or assessment result, timestamp, and other technical data necessary for anti-abuse checks. |
| Purpose of data processing | Protecting public contact, quote request, and other public forms against automated bots, spam submissions, mass or malicious submissions, and other abuses. |
| Legal basis | The legitimate interest of the data controller in protecting public forms and the IT system, and in preventing abuse. |
| Retention period | In the data controller’s own system, the result of the reCAPTCHA check and related technical log data are retained for up to 30 days, except in case of a security incident or suspected abuse, when they may be processed for the period necessary for the investigation. |
| Recipients / processors | Google Ireland Limited, Google LLC, hosting provider, operational contributors. |
| Important restriction | Google reCAPTCHA v3 may be used exclusively for protecting public forms. reCAPTCHA is not loaded on registered user interfaces, and no data is transferred from them to Google for reCAPTCHA purposes. |
| Note | reCAPTCHA v3 evaluates in the background, without interrupting the user, whether the form submission may originate from a real user or an automated source. Based on the result of the check, the form submission may be accepted, rejected, or subject to further manual review. The check does not involve automated decision-making that produces legal effects concerning the data subject or similarly significantly affects them. |
4.7. Online payment through the Barion payment interface
| Aspect | Content |
|---|---|
| Data processed | Payment transaction identifier, payment status, time of payment, amount payable, currency, order or subscription identifier, billing data, buyer’s name and e-mail address, and technical data necessary for completing the payment. The data controller does not access or store full bank card data. |
| Purpose of data processing | Providing online payment, identifying and confirming the payment transaction, fulfilling the order or subscription, complying with billing and accounting obligations, handling payment-related administration. |
| Legal basis | Performance of a contract, compliance with legal obligations regarding billing and accounting data, and the legitimate interest of the data controller in tracking payments and handling potential disputes. |
| Retention period | For payment and billing documents, the retention period required by accounting laws; for data related to payment status and administration, for the duration of the contractual relationship or until the legal claim enforcement deadline. |
| Recipients / processors | Barion Payment Zrt., accountant, billing or accounting contributor, hosting provider, internal customer management system. |
| Note | When using the Barion payment interface, the payment service provider may also act as an independent data controller according to its own Privacy Notice. Barion’s Privacy Notice is available on Barion’s website: https://www.barion.com/hu/adatvedelmi-tajekoztato/ |
4.8. E-mail communication
| Aspect | Content |
|---|---|
| Data processed | Name, e-mail address, message content, replies, related customer or inquiry data. |
| Purpose of data processing | Contact, responding to inquiries, providing information about services, sending offers. |
| Legal basis | Steps prior to entering into a contract, performance of a contract, or legitimate interest. |
| Retention period | Up to 2 years from the closure of the matter; in case of a contractual relationship, the retention period required by law. |
| Recipients / processors | E-mail service provider, internal customer management system. |
4.9. Handling legal claims and compliance obligations
| Aspect | Content |
|---|---|
| Data processed | Personal data related to the given matter, communication, contractual, inquiry, payment or billing data, log data. |
| Purpose of data processing | Presenting, enforcing, and defending legal claims, handling complaints, complying with legal obligations. |
| Legal basis | Compliance with a legal obligation or the legitimate interest of the data controller. |
| Retention period | According to the applicable limitation or statutory retention period, generally up to 5 years; in case of accounting documents, the retention period required by the applicable law. |
| Recipients / processors | Accountant, legal representative, authorities, if necessary or required by law. |
5. Processors and independent controller recipients
In order to operate the website and provide the services, the data controller may use processors and, in certain cases, service providers acting as independent data controllers. Processors may act only on the instructions of the data controller. Service providers acting as independent data controllers process data according to their own Privacy Notices and legal obligations.
| Service provider / recipient | Task and location |
|---|---|
| DotRoll Kft. | Hosting, server operation - Hungary |
| DotRoll Kft. | Sending and receiving e-mails - Hungary |
| Google Ireland Limited / Google LLC | Google Analytics-based traffic measurement exclusively for public pages; Google reCAPTCHA v3 exclusively for protecting public forms - EU / USA |
| Barion Payment Zrt. | Providing online payment services, processing and confirming transactions - Hungary / EU. Barion may also act as an independent data controller when providing the payment service. |
| CRM / internal customer management system | Managing inquiry, user, and customer data - Hungary / EU |
| Accountant or legal representative based on occasional assignment | Legal, accounting, and compliance tasks - Hungary |
The use of Google services does not extend to registered user interfaces. On registered interfaces, the data controller does not use Google Analytics measurement, Google reCAPTCHA protection, or Google-based marketing measurement.
The Barion payment service is connected to the data subject’s data only if the data subject initiates or completes an online payment process.
6. Data transfer to third countries
Certain external services of the website, especially the use of Google Analytics and Google reCAPTCHA, may involve data transfer to third countries. In such cases, the data controller uses service providers that apply appropriate data protection safeguards.
Google Analytics is activated only if analytics consent has been given, and it is connected only to public pages. Google reCAPTCHA v3 is used exclusively for protecting public forms. These Google services do not run on registered user interfaces; therefore, no data transfer to Google for analytics or reCAPTCHA purposes takes place from those interfaces.
Barion Payment Zrt. is a Hungarian financial service provider. During the payment process, Barion acts according to its own Privacy Notice and legal obligations.
7. Cookies and consent
The operation of the website, the measurement of public pages, and the protection of public forms may involve the use of cookies or similar technologies. Strictly necessary cookies may support the basic operation of the website, security, and the checks required for form protection. The use of analytics or other non-essential cookies is subject to consent.
Google Analytics is activated only if the visitor gives consent. Consent may be withdrawn at any time through the Cookie settings interface.
Google reCAPTCHA v3 operates as a security check necessary for protecting public forms. Its use is related to the protection of public forms and does not serve marketing or traffic measurement purposes.
Google Analytics, Google reCAPTCHA, and Google-based measurement code are not loaded on registered user interfaces. Cookies related to registered interfaces may be necessary exclusively for login, session management, security, and the operation of the service.
During the payment process, Barion’s payment interface may use its own cookies or similar technologies, which are described in Barion’s own notices.
The exact list, purpose, provider, lifetime, and management method of cookies are presented in a separate Cookie Notice.
8. Data security
The data controller applies appropriate organizational and technical measures to protect personal data against unauthorized access, alteration, disclosure, deletion, or loss.
Data security measures may include, in particular, access restrictions, protected storage of passwords, security logging, permission checks, regular backups, and protection of public forms against automated abuse.
In case of online payment, bank card data is entered on the Barion payment interface. The data controller does not store full bank card data and does not process it in its own system.
Avoiding external analytics and form protection services on registered user interfaces also serves as a data minimization and security measure.
9. Rights of data subjects
Data subjects may exercise the following rights in relation to data processing:
- they may request information about the data processing;
- they may request access to personal data concerning them;
- they may request the rectification of inaccurate data;
- they may request the deletion of their personal data;
- they may request the restriction of data processing;
- they may object to data processing based on legitimate interest;
- they may withdraw their consent if the data processing is based on consent;
- in cases defined by law, they may request data portability;
- they may lodge a complaint with the supervisory authority.
The data controller handles data subject requests without undue delay, but no later than within the deadline specified by law.
E-mail address for receiving data subject requests: hello@polarisinno.com
Regarding the Barion payment service provider’s own data processing, the data subject may also exercise their rights directly through Barion’s data protection contact details.
10. Lodging a complaint
The data subject has the right to lodge a complaint with the data controller if they believe that the processing of their personal data is not carried out properly.
E-mail address for submitting complaints: hello@polarisinno.com
The data subject also has the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information.
| Authority | Contact details |
|---|---|
| Hungarian National Authority for Data Protection and Freedom of Information | 1055 Budapest, Falk Miksa utca 9-11. Postal address: 1363 Budapest, P.O. Box 9. E-mail: ugyfelszolgalat@naih.hu Phone: +36 1 391 1400 Website: www.naih.hu |
11. Modification of this notice
The data controller reserves the right to modify this Privacy Notice, especially in case of a new service, new processor, new payment solution, new analytics or form protection solution, new registration function, or a change in law.
The Privacy Notice in force at any given time is available on the website.
Polaris Innovation Technologies Kft.