Company name: FENCE-EXPERT Építőipari és Szolgáltató Korlátolt Felelősségű Társaság
Short name: FENCE-EXPERT Kft.
Registered address: 1134 Budapest, Róbert Károly körút 47. 4th floor, door 14, Hungary
Company registration number: E18999397
Tax number: 32516164-2-41
E-mail: iroda@elkerites.hu
Website: nhscrm.com
nHsCRM is a business customer relationship management (CRM) software offered exclusively to business subscribers (companies). The subscribing company — not us — determines what personal data is recorded in the system, for what purpose, and for how long. In this context, the subscriber qualifies as an independent data controller; nHsCRM acts solely as a data processor.
If you are a person whose data has been recorded in the CRM (e.g. a customer of a subscribing business), please direct any requests regarding your data to the relevant subscribing company, not to us.
| Data category | Purpose | Legal basis | Retention |
|---|---|---|---|
| Name and e-mail of the subscriber's contact person | Account creation, login, communication | Performance of contract (GDPR Art. 6(1)(b)) | Until end of subscription + 90 days |
| Billing data (company name, address, tax number) | Invoicing, accounting obligations | Legal obligation (GDPR Art. 6(1)(c)) | 8 years (accounting law) |
| Login logs, IP address | Security, fraud prevention | Legitimate interest (GDPR Art. 6(1)(f)) | 90 days |
| Data uploaded by the subscriber into the CRM | Provision of the Service | Performance of contract (as data processor) | 30 days after end of subscription, then deleted |
| Cookie and session data | Session management (login state) | Legitimate interest / consent | Until end of session or max. 30 days |
We use the following sub-processors to operate the Service:
We do not sell or rent personal data to any third party. No data is transferred outside the EU. In the event of a lawful authority request, we comply with applicable legal obligations.
nhscrm lets users connect their own Google (Gmail/Calendar/Contacts) account to the CRM. We access the following Google data solely to provide user-requested features:
OAuth tokens are stored encrypted at rest (AES-256-GCM) and protected in transit by TLS. Google user data is used only for the user-facing features above: it is not used for advertising, not sold or transferred to third parties, not used to train AI/ML models, and is not read by humans except where the user explicitly requests it, for security/abuse handling, or as required by law.
Users can disconnect their Google account at any time in the CRM settings, which deletes the stored tokens. On account/company deletion, data is permanently removed after a 30-day recovery window.
nhscrm's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
nhscrm lets users connect their own Facebook Page to the CRM so that submissions from Facebook Lead Ads campaigns appear automatically as contacts. For this we access the following Meta data, solely to provide user-requested features:
Meta data is used only for the user-facing CRM features above: it is not used for advertising, not sold or transferred to third parties, and is not used to train AI/ML models.
Data deletion: you can disconnect your Facebook Page
in the CRM at any time (Settings → Facebook integrations → Disconnect)
— stored tokens are deleted immediately. You can also submit a data
deletion request from Facebook; nhscrm's registered
Data Deletion URL is the
/api/v1/fb/data-deletion endpoint; the status can be
tracked on the
data deletion status page.
Facebook-originated contacts are the CRM operating company's business
data — their full deletion is performed by the company's administrator
on request.
The Service applies industry-standard measures to protect personal data:
The Service is provided on an "as-is" basis. We do not accept liability for data breaches resulting from the subscriber's own negligence, weak password practices, or circumstances outside our systems.
Under the GDPR, you have the right to:
Submit your request to iroda@elkerites.hu. We will respond within 30 days. Where justified, this period may be extended by a further 60 days, of which we will notify you.
If your data was entered into the system by a subscribing company (e.g. you are a customer of a subscriber), please contact that company directly — they are the data controller; we are only the data processor in that relationship.
You have the right to lodge a complaint with the Hungarian data protection authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Address: Falk Miksa utca 9-11., 1055 Budapest, Hungary
Website: naih.hu
E-mail: ugyfelszolgalat@naih.hu
You may also lodge a complaint with the supervisory authority in your country of residence within the EU.
The Service uses only strictly necessary session cookies to maintain login state. No third-party marketing or tracking cookies are placed. Session cookies are deleted when the browser is closed.
The Service is intended exclusively for businesses and is not directed at private individuals. We do not knowingly process data of minors. If we become aware of such data, we will delete it immediately.
We reserve the right to update this Privacy Policy at any time. In the event of a material change, subscribers will be notified by e-mail at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
While we develop and operate the nHsCRM software with due care, we accept no liability for the content, accuracy, or lawfulness of data stored in the system by the subscriber. The subscribing company is solely responsible for uploading and managing data and for fulfilling its obligations towards data subjects. nHsCRM is not liable for data protection incidents caused by the subscriber, nor for data loss resulting from force majeure events (natural disasters, cyberattacks, infrastructure outages).
nHsCRM | nhscrm.com | iroda@elkerites.hu