Privacy and Data Protection Policy

Privacy and Data Protection Policy

Last update: June 18, 2025

The Privacy Policy of www.bridgebudapest.org (hereinafter: Website or Homepage).

Bridge Business Ltd. (Registered office: 1134 Budapest, Apály street 3, 6th floor, 4.A door, Tax number: 14349827-2-41, Company registration number: 01-09-399061, Email address: [email protected]) and Bridge Budapest Association (Registered office: 1134 Budapest, Apály street 3, 6th floor, 4.A door, Tax number: 18407969-1-41, Registration number: 01-02-15087, Email address: [email protected]), as data controllers (hereinafter as Data Controller or Service Provider), acknowledge the content of this privacy policy as binding upon themselves.

The service is provided by Hidden Design Ltd. (registered office: 1095 Budapest, Gát street 21. ground floor, door 01., company registration number: 01 09 278702, tax number: 23089655-2-43, hereinafter as: “Hidden”).

The Data Controller undertakes to ensure that its data management practices in relation to its services comply with the provisions set out in this notice and in the applicable legislation.

The scope of this notice covers the data processing carried out on the website of the Data Controller, www.bridgebudapest.org. This privacy policy is continuously available from the following website: https://bridgebudapest.org/en/adatvedelmi-nyilatkozat/

The data processing principles of the Service Provider are in accordance with the applicable data protection legislation, in particular Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: the Information Act), and in compliance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016).

The Data Controller and its contact information:

Name: Bridge Business Ltd.

Registered Office: 1134 Budapest, Apály utca 3, 6th floor, 4.A door

Tax Number: 14349827-2-41

Company Registration Number: 01-09-399061

Name: Bridge Budapest Association

Registered Office: 1134 Budapest, Apály street 3, 6th floor, 4.A door

Tax Number: 18407969-1-41

Registration Number: 01-02-15087

I. Principles

  1. Personal data may only be processed for specified purposes, for the exercise of rights and the performance of obligations. Data processing must comply with its intended purpose at all stages of processing, and the collection and processing of data must be fair and lawful.
  1. Only personal data that is essential for achieving the purpose of the data processing and suitable for accomplishing that purpose may be processed. Personal data may only be processed to the extent and for the duration necessary to achieve the purpose.
  1. A minor who has reached the age of 16 does not require the consent or subsequent approval of their legal representative for the validity of their declaration of consent.
  1. If the purpose of data processing based on consent is the execution of a written contract with the Data Controller, the contract must include all information that the data subject needs to know regarding the processing of personal data under this Act, in particular, the specification of the data to be processed, the duration of data processing, the purpose of use, the fact and recipients of data transfer, and the fact of the use of a data processor. The contract must unambiguously state that the data subject, by signing it, consents to the processing of their data as specified in the contract.
  1. In case of doubt, it shall be presumed that the data subject has not given their consent.
  1. The website and the services are available in Hungarian.

Principles Related to Personal Data:

The Data Controller declares that its data processing activities comply with the principles outlined in this section.

a) it shall be carried out lawfully and fairly and in a transparent manner for the data subject (“lawfulness, fairness and transparency”);

b) its collection must be conducted for specified, explicit and legitimate purposes and must not be processed in a manner incompatible with those purposes; further processing for archiving purposes of the public interest, scientific and historical research purposes or statistical purposes, in accordance with Article 89(1), shall not be considered incompatible with the original purposes („principle of purpose”);

c) they must be adequate, relevant and limited to what is necessary for the purposes for which they are processed („data minimisation”);

d) they must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or rectified forthwith („accuracy”);

e) it must be stored in a form that permits the identification of data subjects for no longer than is necessary for the purposes of personal data processing; personal data may be stored for longer periods only if the personal data will be processed for archiving purposes of the public interest, scientific and historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organisational measures as provided for in this Regulation to safeguard the rights and freedoms of data subjects („storage limitation”);

f) processing must be carried out in a manner that ensures adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by implementing appropriate technical or organisational measures („integrity and confidentiality”).

The Data Controller is responsible for compliance with the above principles and must be able to demonstrate such compliance („accountability”).

II. Data Processing – What Data Do We Process and Why?

2.1. Contacting – By filling out the contact form:

1. The fact of data collection, the scope of processed data, and the purposes of data processing:

Personal DataPurpose of Data Processing
Name (first and last name)Identification
Email addressContacting
MessageRequired for providing a response
Date and time of contactPerforming technical operation
IP address at the time of contactPerforming technical operation

2. The scope of data subjects: all data subjects who fill out a form on the website.

3. Duration of data processing, data deletion deadline: data processing lasts until the data subject’s request for deletion. The Data Controller will notify the data subject electronically, in accordance with Article 19 of the GDPR, of the deletion of any personal data provided by the data subject. If the data subject’s request for erasure also includes the e-mail address they provided, the Data Controller will also erase the email address after the notification.

4. Possible data processors authorized to access the data, recipients of personal data: personal data may be processed by the Data Controller’s authorised employees and agents and by the data processors listed in point 4, in accordance with the provisions of this notice.

5. Description of the rights of Data Subjects regarding data processing: the data subject may request the Data Controller to access, rectify, erase their personal data or restrict its processing, and the data subject has the right to data portability and to withdraw consent at any time.

6. Data Subjects may request the access to, deletion, modification of their personal data or the restriction of its processing and data portability in the following ways: by sending an email to the [email protected] email address. If the data subject wishes to exercise their rights exclusively by postal mail, we kindly ask them to contact us in advance via electronic means in order to confirm the appropriate mailing address.

7. Legal basis for data processing: is Article 6(1)(b) of the GDPR.

8. Please be informed, that

  • data processing is necessary to provide a response.
  • you are required to provide your personal data in order for us to respond to your request.
  • failure to provide the data will result in our inability to respond to your inquiry.
  • the Service Provider will not misuse the personal data it processes in any way.

2.2. Newsletter:

1. Pursuant to Article 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities, the data subject may provide prior and explicit consent to be contacted by the Service Provider at the contact details provided during registration regarding updates from Bridge Budapest.

2. Furthermore, the data subject may, in accordance with the provisions of this privacy notice, consent to the Service Provider processing their personal data necessary for the activities specified in point 1.

3. The Service Provider does not send unsolicited newsletters, and the data subject may unsubscribe from receiving offers at any time, without restriction, justification, and free of charge. In such a case, the Service Provider shall delete all personal data necessary for sending newsletters from its records and shall not contact the data subject with further newsletters. The data subject may unsubscribe from the newsletter by clicking on the link in the message.

4. The fact of data collection, the scope of processed data, and the purposes of data processing:

Personal DataPurpose of Data Processing
Name, email addressIdentification, enabling newsletter subscription.
Subscription date and timePerforming technical operation

5. Scope of data subjects: all data subjects who subscribe to the newsletter.

6. Purpose of data processing: sending informative electronic messages (e-mails) to the data subject regarding programs, events, and updates organized by the Service Provider, and providing information on current affairs.

7. Duration of data processing, data deletion deadline: data processing lasts until the withdrawal of consent, i.e. until unsubscribing.

8. Possible data processors authorized to access the data, recipients of personal data: personal data may be processed by the employees and agents of the Data Controller, as well as data processors specified in point 6, in compliance with the above principles.

9. Description of the rights of Data Subjects regarding data processing:

  • the data subject may request the Data Controller to access, rectify, erase their personal data or restrict its processing,
  • may object to the processing of their personal data,
  • the data subject has the right to data portability and to withdraw consent at any time.

10. The data subject may request the access to, deletion, modification, or restriction of its processing, as well as data portability in the following way: by sending an e-mail to  [email protected]. If the data subject wishes to exercise their rights exclusively by postal mail, we kindly ask them to contact us in advance via electronic means in order to confirm the appropriate mailing address.

11. Legal basis for data processing: is Article 6 (1) (a) and (f) of the GDPR and Article 6 (5) of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities.

12. Please be informed, that

  • data processing is based on your consent and the legitimate interest of the Service Provider,
  • providing your personal data is mandatory, if you wish to receive newsletters from us,
  • failure to provide the required data will result in our inability to send you newsletters.

13. The data subject may unsubscribe from the newsletter at any time, free of charge.

If the mandatory data listed above are not provided or only partially provided, the services of the Website cannot be used. The listed data is stored in a separate database.

2.3. Contract Preparation and Conclusion – Provision of Electronic Signature via e-szerződés.hu system:

1. The fact of data collection, the scope of processed data, and the purposes of data processing:

Personal DataPurpose of Data Processing
Full nameIdentification, identifying the contracting parties
Email addressSending notifications related to the signing process
Company name and Signatory dataNecessary for contract preparation
IP address, time of signatureAuthentic documentation of the electronic signature
Metadata of the signed documentLegal admissibility of the contract

2. The scope of data subjects: Natural persons who, as part of the contract signing process, authenticate the documents prepared by us through electronic signature.

3. Duration of data processing, data deletion deadline: The Data Controller retains the data generated during the contract conclusion process for the period necessary to enforce legal claims arising from the contract, and — if the contract qualifies as an accounting document — in accordance with the legal requirements for the retention of accounting records.
If no legal obligation applies for data retention, data processing continues until the data subject’s request for deletion.

Please note that requests for the deletion of personal data cannot be fulfilled if legal obligations require the Data Controller to retain personal data (in particular, pursuant to Section 6:22 of the Hungarian Civil Code, Section 169 of Act C of 2000 on Accounting, and Article 17(3) of the GDPR).

In accordance with Article 19 of the GDPR, we will notify the data subject electronically when personal data provided by them is deleted. If the request also includes their email address, we will delete the address after sending the notification.
The Data Controller will notify the data subject electronically, in accordance with Article 19 of the GDPR, of the deletion of any personal data provided by the data subject. If the data subject’s request for deletion also includes the e-mail address they provided, the Data Controller will also delete the email address after the notification.

4. Possible data processors authorized to access the data, recipients of personal data: personal data may be processed by the Data Controller’s authorised employees and agents and by the data processors listed in point 4, in accordance with the provisions of this notice.

5. Description of the rights of Data Subjects regarding data processing: the data subject may request the Data Controller to access, rectify, erase their personal data or restrict its processing, and the data subject has the right to data portability and to withdraw consent at any time.

6. Data Subjects may request the access to, deletion, modification of their personal data or the restriction of its processing and data portability in the following ways: by sending an email to the [email protected] email address. If the data subject wishes to exercise their rights exclusively by postal mail, we kindly ask them to contact us in advance via electronic means in order to confirm the appropriate mailing address.

7. Legal basis for data processing: is Article 6(1)(b) of the GDPR.

8. Please be informed, that

  • Without the provision of electronic signature, the contract cannot be concluded in this form.
  • Providing personal data is voluntary; however, failure to do so may hinder the conclusion of the contract.
  • the Service Provider does not misuse the personal data it processes in any way.

III. Use of Cookies

In accordance with European Union regulations, we must inform you that this website uses so-called “cookies” in order to provide you with personalized content. Cookies are tiny, perfectly harmless files that the Website places on your computer to make browsing as simple as possible for you.

Users are able to delete cookies from their own computers or disable the use of cookies in their browsers. Cookie management settings can usually be found in the Tools/Settings menu of the browser, under Privacy settings, labeled as “cookies” or “cookie settings.

IV. Data Processors

Hosting Service Provider

1. Activities performed by the Data Processor: Hosting services

2. Name and contact details of the Data Processor: Hidden Design Ltd., 1095 Budapest, Gát street 21., ground floor, door 1.

3. Fact of data processing, scope of processed data: All personal data provided by the data subject.

4. Scope of data subjects: All data subjects using the website.

5. Purpose of data processing: To make the website available and ensure its proper operation.

6. Duration of data processing and deadline for data deletion: Data processing lasts until the termination of the agreement between the Data Controller and the hosting service provider, or until the data subject’s deletion request to the hosting service provider.

7. Legal basis for data processing: Article 6 (1) (f) of the GDPR and Section 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Activities and Information Society Services.

8. Rights of the data subject:

a. You may obtain information regarding the circumstances of data processing.

b. You have the right to receive feedback from the Data Controller as to whether your personal data is being processed and to access all information related to the data processing.

c. You have the right to receive your personal data concerning you in a structured, commonly used, and machine-readable format.

d. You have the right to have your inaccurate personal data corrected by the Data Controller without undue delay upon your request.

e. You may object to the processing of your personal data.

Newsletter Service Provider

1. Activities performed by the Data Processor: Newsletter service

2. Name and contact details of the data processor: MailerLite, Inc. (MailerLite)

Address: 548 Market St, PMB 98174, San Francisco, CA 94104-5401, United States

3. Fact of data processing, scope of processed data: All personal data provided by the data subject.

4. Scope of data subjects: All data subjects using the website.

5. Purpose of data processing: To contact all data subjects subscribed to the newsletter.

6. Duration of data processing and deadline for data deletion: Data processing lasts until the termination of the agreement between the Data Controller and the newsletter service provider, or until the data subject’s deletion request to the newsletter service provider.

7. Legal basis for data processing: Article 6 (1) (f) of the GDPR and Section 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Activities and Information Society Services.

8. Rights of the data subject:

a. You may obtain information regarding the circumstances of data processing.

b. You have the right to receive feedback from the Data Controller as to whether your personal data is being processed and to access all information related to the data processing.

c. You have the right to receive your personal data concerning you in a structured, commonly used, and machine-readable format.

d. You have the right to have your inaccurate personal data corrected by the Data Controller without undue delay upon your request.

e. You may object to the processing of your personal data.

Technical Provider of Electronic Signature Services

1. Activities performed by the Data Processor: Operation of the electronic signature platform and facilitation of electronic contract conclusion.

2. Name and contact details of the Data Processor: Wiredsign Zrt., 2643 Diósjenő, Dózsa György Road 28./b; company registration number: 12-10-001683; tax number: 29277261-2-12; postal address: 2600 Vác, Deákvári avenue 35. Ground floor. 4.; e-mail: [email protected]; website: www.eszerzodes.hu; telephone: +36 20 886 13 09.

3. Fact of data processing, scope of processed data: Personal data required for the conclusion of contracts, including data related to the electronic signature process.

4. Scope of data subjects: Natural persons involved in the conclusion of the contract, as well as data relating to legal entities involved in the contractual relationship.

5. Purpose of data processing: To facilitate electronic signatures and to operate the e-szerződés.hu platform.

6. Duration of data processing and deadline for data deletion: Until the end of the contract with the Data Controller or until the data subject’s request for deletion, unless it would violate legal obligations (in particular, in accordance with the relevant provisions of the Hungarian Civil Code, the Accounting Act and the GDPR)

7. Legal basis for data processing: Article 6(1)(b) of the GDPR (data processing necessary for the fulfillment of a contract), Article 6 (1) (f) of the GDPR and Section 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Activities and Information Society Services.

8. Rights of the data subject:

a. You may obtain information regarding the circumstances of data processing.

b. You have the right to receive feedback from the Data Controller as to whether your personal data is being processed and to access all information related to the data processing.

c. You have the right to receive your personal data concerning you in a structured, commonly used, and machine-readable format.

d. You have the right to have your inaccurate personal data corrected by the Data Controller without undue delay upon your request.

e. You may object to the processing of your personal data.

V. Rights of Data Subjects

1. Right of Access

You have the right to receive feedback from the Data Controller on whether or not your personal data are being processed and, if such processing is underway, you are entitled to access the personal data and the information listed in the regulation.

2. Right to Rectification

You have the right to have inaccurate personal data relating to you corrected by the Data Controller without undue delay upon your request. Taking into account the purpose of data processing, you have the right to request the completion of incomplete personal data – among others, by means of a supplementary declaration.

3. Right to Deletion

You have the right to upon your request, the Data Controller erase personal data concerning you without undue delay, and the Data Controller is obliged to delete personal data concerning you without undue delay under certain conditions.

4. Right to be Forgotten

If the Data Controller has made personal data public and is required to delete it, with taking into account the available technology and the cost of implementation, the Data Controller will take reasonable steps – including technical measures – to inform data controllers processing the data that you have requested the deletion of links to such personal data or copies or duplicates of these personal data.

5. Right to Restriction of Data Processing

You have the right to have the Controller restrict data processing at your request if any of the following conditions apply:

  • You contest the accuracy of the personal data, in which case the restriction shall apply for a period of time which allows the Controller to verify the accuracy of the personal data;
  • the data processing is unlawful and you oppose the erasure of the data and instead request the restriction of their use;
  • the Data Controller no longer needs the personal data for data processing purposes, but you require them for the establishment, exercise or defence of legal claims;
  • You have objected to the data processing;  in this case, the restriction shall apply for a period of time until it is determined whether the legitimate grounds of the Data Controller override your legitimate grounds.

6. Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to a data controller, in a structured, commonly used, machine-readable format, furthermore you have the right to transmit such data to another data controller without hindrance from the data controller to which the personal data were provided.

7. Right to Object

You have the right to object at any time, based on reasons related to your particular situation, to the processing of your personal data, including profiling based on the aforementioned provisions.

8. Objection in the case of direct marketing

If the processing of personal data is carried out for direct marketing purposes, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, where it is related to direct marketing. If you object to the processing of your personal data for direct marketing purposes, your personal data may no longer be processed for those purposes.

The Data Controller will inform you, without undue delay, and in any case within one month from the receipt of your request, about the actions taken in response to the above requests. If necessary, this may be extended by a further two months. The Data Controller shall inform you of the extension of the deadline, stating the reasons for the delay, within 1 month from the receipt of your request. If the Data Controller takes no action on your request, it will inform you without delay, but no later than one month from the receipt of the request, about the reasons for not taking action, as well as your right to lodge a complaint with a supervisory authority and to exercise your right to a judicial remedy.

VI. Remedy

If you have a complaint, please contact us first with confidence by sending an email to [email protected].

The Data Controller shall report any data protection incident to the relevant supervisory authority under Article 55 without undue delay, and if possible, no later than 72 hours after the Data Controller becomes aware of the incident, unless the data protection incident is unlikely to result in a risk to the rights and freedoms of natural persons. If the report is not made within 72 hours, it shall be accompanied by the reasons justifying the delay.

A complaint against a potential infringement by the Data Controller may be lodged with the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, P.O. Box 5.

Phone: +36 -1-391-1400

Email: [email protected] 

You may seek judicial remedy against the Data Controller, if you believe that the Data Controller has violated your rights under the GDPR due to improper processing of your personal data.

The Data Controller reserves the right to modify its privacy policy. This may occur, in particular if the scope of services is expanded or if required by law. Changes in data processing will not imply processing personal data for purposes other than those originally specified. The controller will publish the relevant information on its website 15 days in advance.

Budapest, June 18, 2025.


Bridge Business Ltd.

Bridge Budapest Association

No data was found