Skip to Content

InnOpen Group Kft.

Privacy Policy

Effective Date: 24 March 2026 Last Updated: 24 March 2026


Section 1

Who We Are

InnOpen Group Kft. (hereinafter "InnOpen", "we", "us", or "our") is an IT services and ERP consultancy company registered in Hungary, operating as Data Controller under the EU General Data Protection Regulation (GDPR).

Company name
InnOpen Group Kft.
Website
www.innopen.eu
Country
Hungary (EU)
Role
Data Controller under GDPR

Section 2

Scope of This Policy

This Privacy Policy applies to:

  • Visitors and users of www.innopen.eu
  • Users accessing our services through Google Sign-In (OAuth 2.0)
  • Clients and contacts using our Odoo-based portals and applications
  • Any person whose personal data we process in connection with our business activities

This policy complies with the EU General Data Protection Regulation (GDPR), the Hungarian Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, and Google's API Services User Data Policy.


Section 3

Data We Collect

We may collect the following categories of personal data:

Identity & Contact Data
  • Full name, email address, phone number, company name
  • Profile picture (when provided via Google Sign-In)
Authentication Data (via Google Sign-In)
  • Google account ID (sub), email address, name, and profile picture as returned by the Google OAuth 2.0 API
  • OAuth 2.0 access tokens and refresh tokens (stored securely; never shared with third parties)
  • We request only the minimum OAuth scopes necessary: openid, email, profile
Technical & Usage Data
  • IP address, browser type and version, operating system
  • Pages visited, timestamps, session duration, referrer URLs
  • Error logs and diagnostic information
Business & Transactional Data
  • Data entered into our Odoo ERP system: orders, invoices, support tickets, CRM records
  • Communications sent through our platform

Section 4

Google API Services & Google Sign-In

Google API Services User Data Policy
InnOpen Group Kft.'s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What We Use Google APIs For
  • Authentication: We use Google Sign-In (OAuth 2.0) to allow users to log in to our Odoo-based web portals securely without a separate password.
  • Identity verification: We retrieve your Google account's name, email address, and profile picture to pre-fill your user profile.
Limited Use Disclosure

Data obtained via Google APIs is used strictly to provide or improve the user-facing features of our service. We do not:

  • Use Google user data to serve advertising or for retargeting
  • Sell, rent, or transfer Google user data to third parties
  • Use Google user data for purposes unrelated to the authenticated service
  • Use Google user data to train machine learning or AI models
  • Allow humans to read Google user data unless (a) we have your explicit consent, (b) it is necessary for security or compliance, or (c) it is aggregated and anonymised
Revoking Google Access

You may revoke InnOpen Group Kft.'s access to your Google account at any time by visiting Google Account Permissions. Revoking access will sign you out of our services. Data previously collected will be handled according to Section 8.


Section 5

Legal Basis for Processing

Under GDPR Article 6, we process your personal data on the following legal bases:

Consent (Art. 6(1)(a))

When you choose to log in with Google Sign-In; when subscribing to communications.

Contract (Art. 6(1)(b))

Processing necessary to deliver the services you have requested or contracted.

Legal Obligation (Art. 6(1)(c))

Where required by Hungarian or EU law (e.g. invoicing, tax records).

Legitimate Interests (Art. 6(1)(f))

Security monitoring, fraud prevention, service improvement.


Section 6

How We Use Your Data

Account & Authentication
To create, manage, and authenticate your user account via Google Sign-In or Odoo portal login.
Service Delivery
To provide ERP, consultancy, and web services requested by you or your organisation.
Communication
To respond to enquiries, send service notifications, and provide support.
Security
To detect, investigate, and prevent fraudulent transactions, abuse, and security incidents.
Legal Compliance
To meet our obligations under Hungarian and EU law, including tax, accounting, and audit requirements.
Improvement
To analyse usage patterns (in aggregated, anonymised form) to improve our platform and services.

Section 7

Sharing & Disclosure of Data

We do not sell, rent, or trade your personal data. We may share data only in the following circumstances:

Service Providers
Trusted third-party processors who assist in operating our platform (e.g. hosting providers, email delivery services), bound by GDPR Article 28-compliant data processing agreements.
Google LLC
As the OAuth 2.0 identity provider. Please refer to Google's Privacy Policy.
Legal Authorities
Where required by applicable law, court order, or regulatory obligation.
Business Transfers
In the event of a merger, acquisition, or asset sale, personal data may be transferred; affected users will be notified.

We do not transfer personal data outside the European Economic Area (EEA) without appropriate safeguards (Standard Contractual Clauses or adequacy decisions).


Section 8

Data Retention

Account & authentication data

Duration of active account + 30 days after deletion request

Google OAuth tokens

Until revoked by user or session expiry

Financial / invoicing records

8 years (Hungarian Accounting Act)

Support & communication logs

3 years from last interaction

Technical / server logs

90 days

After the applicable retention period, data is securely deleted or anonymised. Requests for early deletion may be submitted as described in Section 9.


Section 9

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights. To exercise any of them, contact us as described in Section 14. We will respond within 30 days.

Right of Access (Art. 15)

Request a copy of the personal data we hold about you.

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete data.

Right to Erasure (Art. 17)

Request deletion of your personal data where no overriding legal basis exists.

Right to Restrict Processing (Art. 18)

Request that we limit how we use your data in certain circumstances.

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format.

Right to Object (Art. 21)

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Withdraw consent at any time where processing is consent-based, without affecting prior lawful processing.

Right to Lodge a Complaint

Complain to the Hungarian data protection authority: NAIH – naih.hu


Section 10

Security

We implement appropriate technical and organisational measures to protect your personal data. These include:

  • HTTPS/TLS encryption for all data in transit
  • Encrypted storage for OAuth tokens and sensitive credentials
  • Role-based access controls within our Odoo environment
  • Regular security reviews and dependency updates
  • Audit logging for sensitive data access events

In the event of a personal data breach posing a risk to your rights, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, in accordance with GDPR Articles 33–34.


Section 11

Cookies & Tracking

Our website and Odoo portal use cookies and similar technologies:

Strictly Necessary

Session management, CSRF protection, login state.

Basis: Legitimate interest / Contract

Functional

Language preferences, UI settings.

Basis: Consent

Analytics

Aggregated usage statistics to improve the platform.

Basis: Consent

Google OAuth

Authentication state cookies set by Google's login flow.

Basis: Consent (at login)

You can control cookie preferences through your browser settings. Blocking strictly necessary cookies may impair service functionality.


Section 12

Children's Privacy

Our services are intended for business users and are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data without parental consent, we will delete it promptly. Please contact us as described in Section 14 if you believe a child has shared data with us.


Section 13

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the updated policy at www.innopen.eu/privacy with a revised effective date
  • Displaying a prominent notice within the Odoo portal or application
  • Sending an email notification if the change materially affects how we process your data

Continued use of our services after the effective date constitutes acceptance of the updated policy.


Contact

Have a question? Get in touch.

For data protection enquiries, rights requests, or any questions about this policy.

Contact Us

Company

InnOpen Group Kft.

Budapest, Hungary

Website

www.innopen.eu

Supervisory Authority

NAIH – naih.hu

Hungarian data protection authority

This document was last reviewed on 24 March 2026.