PRIVACY POLICY
The present Policy may be modified and/or withdrawn unilaterally by the Data controller at any time, with the simultaneous information of the Parties. Information is considered as effected with the disclosure of information on the website or, depending on the nature of the modification, the direct notification of the persons concerned.
The Information was created based on Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”), the Act CXII of 2011 on the right to informational self-determination and on the freedom of information, and provisions of Act V of 2013 on the Civil Code.
- Data Controller
Data controller: B+N Referencia Zrt.
Registered company seat: 3644 Tardona, Katus domb 1.
Postal address: 1133 Budapest, Váci út 116-118. Agora TOWER 1, 15. em.
Phone: +36-30-670-8752
Fax: +36-1-877-9610
Contact: adatvedelem@bnref.hu
Webpage: www.bnref.hu
Unless otherwise stated, the present Policy does not apply to those services and data processing that are connected to the promotions, prize games, services, other campaigns and content published by third parties advertising or appearing on the websites listed below in the present Policy.
Unless otherwise stated, the present Policy does not apply to websites or the services and the data processing of service providers that are accessible by links embedded on the websites listed below in present Policy. In case of such services, the third party’s own data protection principles apply and the Data Controller is not liable for such data processing.
- Personal Data processing
We may collect and process your personal data in the following cases:
- In case of Users visits the Websites: the User’s IP address.
- In case of using the Services through the Websites: name, address, place of residence, telephone number, e-mail address.
- If the User sends a message/reaches out to or calls the Data Controller: the User’s address, email address, telephone number and the time and date of the call.
- If you decide to subscribe to our newsletters: e-mail address and any other contact information you share with us.
- In case you contact us via telephone, e-mail, post, in person: any contact information and free text that you choose to share with us.
- Please note that if you do not share the data necessary, do not leave any contact information, we may not be able to answer your inquiries and requests.
- Cookies
- When you visit our Website, we place a small file of letters and numbers (called “cookie”) on your computer with your consent. The purpose of the cookies is to distinguish you from other users, which helps provide you with a good experience when you browse our website and also allows us to improve our site. You may wish to disable cookies altogether, and you can do this in the settings/preferences/’help’ menus of your particular browser. Please note however that if you do this you may not be able to access all or parts of our site.
- Via cookies, we may collect the following personal data:
- demographical data,
- information related to personal interest, habits and preferences (based on browsing history),
- IP address,
- the operating system and browser used by the User,
- data of the websites that direct the User to our Websites and also the date of visits and time spent on our Websites.
cookie |
function |
session |
aim |
.AspNet.ApplicationCookie |
Technical cookies, essential for the operation of the website, storing the token required for authentication. |
Session level (At the end of the browsing session) |
Ensuring the proper functioning of the website. |
ASP.NET_SessionId |
Technical Cookie essential for the operation of the website. Configures the .NET Framework to record the user’s current session between page requests. Does not contain personally identifiable information. |
Session level (At the end of the browsing session) |
Ensuring the proper functioning of the website. |
Google Analytics |
Access to the anonymized, non-identifiable IP address of website visitors. |
2 years |
To make the website easier to use, save settings, and collect relevant and statistical information about visitors. |
PHPSESSID |
Used to identify a session, the purpose of which is to identify the browsing data of the user during the session. |
session |
Ensuring the proper functioning of the website. |
- Information on the data management, data processing and data transmission of the website
service |
processed personal data |
aim |
legal consent |
session |
Contact, newsletter, |
name, e-mail address and/or phone number |
User contact and business acquisition. The fact of subscription is indicated on the website as separate question, asking for confirmation. Unsubscribing is possible at the contacts provided, but is subject to identification under the GDPR. |
User’s voluntary consent |
up to 1 year |
Contact us, send a question |
name, e-mail address and/or phone number |
Contact the User in connection with his/her question. |
User’s voluntary consent |
up to 1 week |
- Data processors:
Websupport Magyarország Kft. |
H-1132 Budapest, Victor Hugo u. 18-22. |
Hosting |
B+N Referencia Zrt. |
3644 Tardona, Katus domb 1. |
Company services |
Google Ireland Ltd. |
Gordon House, Barrow Street, Dublin 4, Írország |
Internet search services |
- Purposes and legal grounds of the data processing
- We may process your personal data for one or more of the following purposes:
- To provide Users with a better service and customized content.
- To measure User’s preferences and behaviour when navigating through a Web Site.
- To allow third parties (such as advertisers) to deliver relevant advertisements and content.
- To provide general analytics.
- To gather information in both identifiable and anonymous forms.
- To assist in identifying possible fraudulent activities.
- We may process your personal data based on one or more of the following legal bases:
- In some cases, based on your consent (e.g. if you subscribe to our newsletters). If we share the data with any third-party we collected based on your consent, we make sure that your consent extends to this data sharing.
- We process personal data as is necessary to perform our contracts with you (e.g. if you register on our Websites or use our Services).
- We will process your personal data where necessary for the purposes of our legitimate interests (for example when operating our Websites, especially in order to screen for misuse or illegal content, facilitating our marketing/sales activities in a B2B manner).
- Based on a legal obligation to which we are subject (for example our statutory accounting obligations).
- If the data processing is necessary for the protection of your vital interests or those of another person.
- By providing their e-mail address or Personal Data during registration, every User takes responsibility for ensuring that:
- the data and consent given are given by the User and are accurate,
- only they will use the Service based on the data provided.
- Regarding this responsibility, all responsibilities regarding the entries made using a specified e-mail address and/or data are to be worn by the User who registered the e-mail address and data. If during registration the User has given the data of a third party for the use of the Service, the User is liable and the Company is entitled to seek damages from the User. In such case the Data Controller should provide all the help it can for the acting authorities with the aim of identifying the wrong-doer.
- Please note that we may conduct Research Activities and create anonymous statistics using the data processed by us with the aim of further development of products, evaluation, improvement and extension of services. When conducting Research Activities, we may only use data in an anonymous way where unique Users cannot be identified.
- Data disclosures and transfers to third parties
- We may disclose your personal data to the following entities and with the following purposes:
- With your specific consent, to the entities and for the purposes contained in your consent.
- To courts and other competent authorities, required by law or based on their official decision.
- To the following Data Processors, who help us in our data processing activities:
For the sending of newsletters we use MailChimp. Further information is available on the Data Processor’s website: https://mailchimp.com/legal/privacy/
The Data Controller’s servers are held in the server rooms of Magyar Hosting. Website: https://www.mhosting.hu/
- When conducting Research Activities we may use the services of additional Data Processors for processing, analysing and evaluating data. However, our Research Activities only include the processing of completely anonymized data. We may also disclose completely anonymized data for other purposes to third-parties.
- In many cases we use External Service Providers for the provision of certain Services, who are usually separate or joint data controllers:
- In the fields of web analytics and ad servers, our External Service Providers are entitled to access the User’s IP address. In addition, they ensure the personalisation and assessment of Services by using cookies in many cases and by using web beacons, clicktags and other click meters in some cases.
- The cookies placed by these External Service Providers may be deleted by the User at any point and Users can also opt to disable the application of cookies in their browsers. The identification of a cookie placed by the External Service Provider may be done based on the domain connected to given cookie. It is not possible to disable web beacons, clicktags and other click meters.
Google Analytics
Google AdExchange
Google Doubleclick for Publishers
- In order to provide us with other services adding value to ours (e.g. by connecting the User’s private account to the Services with the User’s consent).
Google LLC.
- In certain cases, for example in case of official judicial or police inquiries, legal proceedings, copyright-, property- or other infringements, or potential harm to our interests, etc. or endangerment regarding the provision of the Services due to the well-founded suspicion of these, we shall make the available Personal Data of the concerned User accessible to third parties.
- The Personal Data we process in relation to you may be transferred to a country outside the European Economic Area (“EEA”) that may not be subject to equivalent data protection law. In these cases, we take all steps reasonably necessary to ensure that your rights are afforded appropriate safeguards and that your personal data is treated securely and in accordance with this Policy, for example relying on a recognized legal adequacy mechanism.
- Rights of Parties concerned
- The Party concerned may make requests from the Data Controller via the contacts given in Point 1 in connection with the following issues:
- request for information on the management of their personal data,
- request for data modification,
- request for deletion of personal data or restriction on data controlling,
- objection to data controlling
- request for the transferring of their data to another data controller if data controlling is based on contract or permission and the Organization manages it in the framework of automated procedures.
- request for the withdrawal of permission for data controlling
- The Party concerned may exercise their rights listed above at any time.
- Furthermore, the Party concerned may make requests from the Data controller via the contacts given in Point 1 in connection with the following issues:
- request for the transferring of their data to another data controller if data controlling is based on contract or permission and the Organization manages it in the framework of automated procedures.
- request for the withdrawal of previously given permission for data controlling
- The Data controller shall investigate the report within a maximum of 1 month following the submission of the request and informs the Party concerned in writing.
- If the legal basis of the objection is well-established, the Data controller terminates data management without delay – including data transfer and further data recording – and the data are locked. The Data controller informs of the objection everyone whom the data of the Party concerned have been sent to.
- If the Party concerned does not agree with the decision made by the Organization, they can resort to court within 30 days after receiving the decision.
- You may submit any of the above requests by contacting us in written form, by a postal letter or by a registered mail with return receipt requested, or by an e-mail sent to adatvedelem@bnref.hu We endeavour to answer your request as soon as possible, but always within the statutory deadlines.
- In addition to the above tools, subscriptions to our newsletters may be cancelled by using the unsubscribe link, which we display at the end of every newsletter we send. In case of a cancellation of a subscription we shall delete your Personal Data from the newsletter database.
- Denial of providing information
- If the request of the Party concerned is clearly unfounded, or they are not eligible for receiving information or the Organization, as the Data Controller, can prove that the Party concerned is in possession of the information requested, Data controller shall reject the request for information.
- If the request of the Party concerned is excessive, especially if overly repetitive (e.g. they request exercising of their rights according to Articles 15-22 for the third time within a month), the Organization may reject the request.
- Right to objection
- The Party concerned has the right to object to the use of their personal data based on legitimate interest or public authority.
- In that case the Organization may not manage the personal data any further, except if it can prove that further management of data is imperative due to justifiable reasons which are a priority compared to the interest, rights and freedoms of the Party concerned,
- or which are related to the presentation, enforcement or protection of legal rights.
- If the legal basis of the objection is well-established, the Data controller shall terminate data management without delay – including data transfer and further data recording – and the data shall be locked. The Data controller informs of the objection everyone whom the data of the Party concerned have been sent to.
- Handling of the request is free of charge except if unjustified or excessive, for which Data controller may charge appropriate and reasonable fee as administrative costs. If the Party concerned does not agree with the decision made by the Data controller, they can resort to court.
- Children under the age of 16
Where our data processing is based on consent, the Personal Data of a natural person under the age of 16 shall only be processed with the consent given by the holder of parental responsibility over the child. Please note that we do not inspect the legitimacy of the consenting person and the content of the statement. The User and the person exercising parental responsibility shall be exclusively responsible for the compliance of the content. In the absence of consent we do not knowingly process and collect data of persons under the age of 16. If you become aware that personal data of a child under 16 were collected, please contact us immediately at adatvedelem@bnref.hu
- Security
The Data Controller undertakes to ensure the security of Personal Data, furthermore, shall take all technical and organizational measures and establish the rules of procedure which ensure for the collected, stored and processed Personal Data to be protected, i.e. prevents their termination, unauthorized use and unauthorized alteration. The Data Controller also commits itself to notify every third party to whom the Personal Data shall potentially be forwarded or transferred, to fulfil their obligations in this regard.
- Automated decision-making, including profiling
Although we do not make use of automated decision-making, where the decision would have a legal or similar effect on you, our use of cookies and other tracking technologies may result in profiling your website usage and practices. Also, in case you share your marketing preferences with us, we may establish a profile about what kind of marketing material you wish to receive from us in order to personalize our marketing strategies.
- Amendment of the Privacy Policy
- The Company reserves the right to change the present Privacy Policy by a unilateral decision at any time.
- The User accepts the effective provisions of the Privacy Policy at the following login; furthermore it is not necessary to request the consent of the individual Users.
- Options for legal remedy
- You are free to contact us regarding any privacy issue by writing an e-mail to adatvedelem@bnref.hu
- In the case of any real or suspected legal injury with regard to the management of their personal data, any party concerned can turn to the Budapest Municipal Court or submit a request for investigation at the Hungarian National Authority for Data Protection and Freedom of Information.
- Registered company seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
- Postal address: 1530 Budapest, Pf.: 5
- E-mail: ugyfelszolgalat@naih.hu
- Phone: +36 (1) 391-1400
- Fax: +36 (1) 391-1410
- Website: naih.hu
- In case of user right violation, the user may resort to court. The lawsuit is under the competence and jurisdiction of the Court of Budapest. The lawsuit – according to the choice of the Party concerned – can be launched at the court closest to the permanent or temporary address of the Party concerned. Upon request, Data controllers inform the Party concerned about the ways and means of legal remedy.
- If you are from the European Economic Area (“EEA”) and have any complaint about how we use your Personal Data, you may contact the competent supervisory authority, in particular in the European Union member state of your habitual residence, place of work or place of the infringement of your rights took place. The list of competent supervisory authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en
Budapest, December 2021