Privacy and Data Processing Notice

Effective from: June 9, 2026

Website: https://fada-ai.com

Service: FADA AI services

Data Controller: Gergely Gábor Attila, sole entrepreneur

This notice explains what personal data is processed by the FADA website and services, for what purposes, on what legal basis, for how long, and what rights data subjects have.

1. Data Controller Details

Data Controller: Gergely Gábor Attila, sole entrepreneur

Registered address: 1131 Budapest, Dolmány u. 11/A. ground floor 5., Hungary

Registration number: 59172255

Tax number: 90039720-1-41

Website: https://fada-ai.com

Contact email: info@fada-ai.com

Alternative email: info@thegergely.com

Phone: +352 661 719 555; +36 30 312 4484

FADA is the brand under which GERGELY provides AI-based customer communication, chatbot, voice AI, automation, lead management, appointment booking, and related digital services.

2. FADA’s Role in Data Processing

FADA may act in two different roles:

As an independent data controller, when it processes data related to its own website, enquiries, customer relationships, billing, marketing communication, and support processes.

As a data processor, when it processes an end customer’s visitors, leads, end users, or customers on behalf of and according to the instructions of a FADA client.

Where FADA processes data on behalf of a client, the client is the data controller and FADA acts as data processor. In such cases, the parties enter into or accept a separate data processing agreement.

3. Categories of Personal Data Processed

Depending on the service and configuration, FADA may process the following categories of personal data:

  • name, company name, and contact details;
  • email address and phone number;
  • billing details, address, tax number, and payment status;
  • data submitted through website forms, enquiries, chat, phone calls, or messages;
  • content of chatbot and voice AI conversations, where the relevant service is enabled;
  • messages received through WhatsApp, Messenger, Instagram DM, email, or other communication channels, where such integrations are active;
  • appointment booking, lead qualification, and CRM-related data;
  • AI agent settings, prompts, knowledge base documents, website content, FAQs, and other text materials;
  • user account data, permissions, and login data;
  • technical data such as IP address, browser type, device data, log files, usage statistics, and cookie identifiers;

customer support-related data.

FADA does not request or expect special categories of personal data, including health data, biometric data, political opinions, religious beliefs, trade union membership, or data concerning sex life or sexual orientation. If a client nevertheless uploads or submits such data, this remains within the client’s responsibility unless otherwise agreed in writing in advance.

4. Purposes and Legal Bases of Processing

Contact and enquiries: to respond to enquiries, prepare offers, and communicate with prospects. Data processed may include name, company name, email, phone number, website, and message content. Legal basis: pre-contractual steps or legitimate interest.

Performance of contract: to provide FADA services, create customer accounts, operate chatbots, voice AI solutions and automations, and provide support. Legal basis: performance of contract.

Billing and accounting: to issue invoices, process payments, and comply with accounting and tax obligations. Legal basis: legal obligation.

Chatbot, voice AI, and AI agent operation: to provide automated replies, customer communication, lead capture, appointment booking, callback handling, knowledge-base responses, and customer service support. Legal basis: contract performance, legitimate interest, or consent, depending on the relationship between the client and the end user. Where FADA acts as processor, the client determines the applicable legal basis.

Customer support: to provide technical support, troubleshoot issues, and maintain service quality. Legal basis: contract performance and legitimate interest.

Marketing communication: to send newsletters, offers, educational content, and service-related updates. Legal basis: consent or, for existing customer relationships, legitimate interest with an unsubscribe option.

Website analytics, cookies, and security: to operate the website, measure performance, troubleshoot errors, prevent abuse, run analytics, and measure campaigns. Legal basis: legitimate interest or consent for non-essential cookies.

5. AI Services and Automated Operation

FADA may use AI-based systems to understand text, generate responses, pre-qualify leads, support appointment booking, handle calls, and automate customer communication.

AI-generated responses are produced by machine-based systems and may contain inaccuracies, errors, or incomplete information. FADA is not responsible if a client or end user makes a legal, medical, financial, professional, or other important decision solely on the basis of an AI-generated response. Human review is required for such decisions.

FADA does not use client data to train its own AI models unless this is separately, expressly, and in writing agreed with the relevant client. AI model providers used by FADA process data according to their own terms.

6. Third-Party Providers and Subprocessors

FADA may use third-party providers to deliver the service. These may include:

  • AI platform and chatbot infrastructure providers;
  • AI model providers;
  • hosting, cloud, security, and CDN providers;
  • payment service providers;
  • email, communication, and customer support providers;
  • appointment booking, CRM, and automation providers;

analytics and marketing providers, where enabled.

The current list of subprocessors is available in a separate document or on a separate webpage. FADA aims to use providers that apply appropriate technical and organisational measures to protect personal data.

7. International Data Transfers

Some data may be transferred to providers outside the European Economic Area, particularly where a technology provider or AI model provider operates in the United States or another third country.

In such cases, FADA aims to ensure that transfers take place under appropriate legal safeguards, such as an adequacy decision, standard contractual clauses, data processing agreements, provider privacy commitments, or other GDPR-compliant mechanisms. FADA does not claim that all services operate with EU-only data storage.

8. Data Retention

FADA processes data only for as long as necessary for the relevant purpose or as required by law.

Indicative retention periods:

Enquiry data: up to 2 years from the last contact if no contract is concluded.

Contractual and customer data: for the duration of the contract and thereafter until the end of the applicable limitation period.

Billing and accounting data: for the period required by accounting and tax laws.

Chat, call, and lead data: according to client settings, service purpose, and contract terms; deletion requests are handled without undue delay where no legal obstacle exists.

Marketing data: until withdrawal of consent or unsubscribe.

Technical logs: for a limited period for security and troubleshooting purposes.

Where FADA acts as processor, the client may request deletion or export of data according to the contract and technical possibilities.

9. Data Security

FADA applies appropriate technical and organisational measures to protect personal data. These may include:

  • access restrictions;
  • strong passwords and two-factor authentication where available;
  • encrypted data connections;
  • role-based access control;
  • logging and error tracking;
  • security settings provided by third-party services;

regular access reviews.

Data transmission over the internet and electronic storage can never be guaranteed to be 100% secure, but FADA aims to apply protection proportionate to the risks.

10. Data Subject Rights

Data subjects have the right to:

  • request information about data processing;
  • request access to their personal data;
  • request correction of inaccurate data;
  • request deletion of their data;
  • request restriction of processing;
  • object to processing based on legitimate interest;
  • withdraw consent at any time;
  • request data portability where applicable;

lodge a complaint with a supervisory authority.

Requests may be submitted to info@fada-ai.com. FADA handles requests without undue delay and within the deadline required by law.

11. Complaint Authority

In Hungary, the competent data protection supervisory authority is:

Hungarian National Authority for Data Protection and Freedom of Information

Website: https://www.naih.hu

Email: ugyfelszolgalat@naih.hu

Postal address: 1363 Budapest, Pf.: 9., Hungary

Seat: 1055 Budapest, Falk Miksa utca 9-11., Hungary

A data subject may also turn to a court if they believe that the processing of their personal data is unlawful.

12. Changes to This Notice

FADA may amend this Privacy and Data Processing Notice. Material changes will be communicated on the website or through another appropriate channel. The current version is available on the FADA website.