Last updated: October 17, 2022

Data management information of www.bridgebudapest.hu (hereinafter: Website).

Bridge Budapest Association (registered office: 1134 Budapest, Apály u. 3. 6th floor 4.A. door, Tax number: 18407969-1-41, registration number: 15.087, e-mail address: [email protected]), as the data controller (hereinafter: Data Controller or Service Provider), acknowledges the content of this data protection information.

The service is provided by the Hidden Design Limited Liability Company (registered office: 1095 Budapest, Gát utca 21. fsz./1), company registration number: 01-09-278702, tax number: 23089655-2-43 hereinafter: Hidden Design Kft.), and the data is stored on our own dedicated server installed in the Hidden Design server room, both physically and technically protected.

The Data Controller undertakes that its data management related to its service complies with the provisions set out in this prospectus and the applicable legislation.

The scope of this prospectus covers data management on the Data Controller’s website, www.bridgebudapest.hu. This privacy statement is available at all times from the following website: https://bridgebudapest.org/privacy-policy/

The data management principles of the Service Provider are in accordance with the applicable data protection legislation, in particular the Act CXII of 2011 on Informational Self-Determination and Freedom of Information (“Privacy Act”) (hereinafter: the Privacy Act) and complies with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016.

The Data Controller and its contacts:
Bridge Budapest Association
1134 Budapest, Apály u. 3.
[email protected]

1. Principles

  1. Personal data may only be processed for a specific purpose, in order to exercise a right and fulfill an obligation. At all stages of data processing, it must be appropriate to the purpose of the data processing, and the recording and processing of data must be fair and lawful.
  2. Only personal data that is necessary for the realization of the purpose of data processing and suitable for the achievement of the purpose may be processed. Personal data may only be processed to the extent and for the time necessary to achieve the purpose.
  3. The consent or subsequent approval of the legal representative of a minor who has reached the age of 16 shall not be required for the validity of his / her legal declaration containing the consent of the person concerned.
  4. If the purpose of consent-based data processing is to perform a written contract with the Data Controller, the contract must contain all information that the data subject must know about the processing of personal data under this Act, in particular the definition of the data to be processed, the duration of data processing, use purpose, the fact of the transmission of the data, the recipients, the fact of the use of the data processor. The contract must state unequivocally that, by signing, the data subject consents to the processing of his or her data as specified in the contract.
  5. In case of doubt, it shall be presumed that the data subject has not given his consent.
  6. The website and services are available in Hungarian and in English.

Principles for personal data:

The Data Controller declares that its data management is carried out in accordance with the principles set out in this section.

  1. it must be processed lawfully and fairly and in a manner which is transparent to the data subject (“legality, due process and transparency”);
  2. collected for specified, explicit and legitimate purposes and not treated in a way incompatible with those purposes; in accordance with Article 89 (1), further processing for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes (“purpose limitation”) shall not be considered incompatible with the original purpose;
  3. be appropriate, relevant and limited to what is necessary for the purposes of the processing (“data saving”);
  4. be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or rectified without delay (“accuracy”);
  5. stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for a longer period only if the personal data are processed in accordance with Article 89 (1) for archiving in the public interest, for scientific and historical research purposes or for statistical purposes, in accordance with this Regulation; subject to the implementation of appropriate technical and organizational measures to protect its freedoms (“limited storage capacity”);
  6. processed in such a way as to ensure, by appropriate technical or organizational measures, adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage (“integrity and confidentiality”).

The Data Controller is responsible for compliance with the above and must be able to demonstrate such compliance (“accountability”).

2. Data management – What data do we manage and why?

2.1. Contact – by filling in the contact form:

1. Fact of data collection, scope of data processed and purposes of data management:

Personal DataPurpose of data management
Name (surname and first name)Identification
E-mail addressContact
MessageRequired for response
Phone (optional)Contact
Date of contactPerform a technical operation
IP address at contactPerform a technical operation

2. Stakeholders: all stakeholders who fill in the form on the Website.

3. Duration of data processing, deadline for deletion of data: The data processing lasts until the data subject’s request for deletion. The Data Controller shall inform the data subject electronically pursuant to Article 19 of the GDPR of the deletion of any personal data provided by the data subject. If the deletion request of the data subject also covers the e-mail address provided by the data subject, the Data Controller will also delete the e-mail address after the notification.

4. The identity of the potential data controllers entitled to access the data, the recipients of the personal data: The personal data may be processed by the authorized employees and agents of the Data Controller and the data processors listed in point 4 in accordance with the provisions of this prospectus.

5. Description of data subjects’ rights in relation to data processing:

6. The data subject may initiate access to personal data, their deletion, modification or restriction of their processing, and the portability of the data in the following ways: by post to 1134 Budapest, Apály u. 3. by e-mail to [email protected].

7. Legal basis for data processing: Article 6 (1) (b) of the GDPR.

8. Please be informed that data management

The Service Provider does not misuse the personal data managed by it in any way.

2.2. To participate in the Bridge Leaders program – by filling out the application form:

1. Fact of data collection, scope of data processed and purposes of data management:

Personal DataPurpose of data management
Name (surname and first name)Identification
E-mail addressContact
Phone (optional)Contact
Date of contactPerform a technical operation
IP address at contactPerform a technical operation

2. Stakeholders: All stakeholders who fill in the “Bridge Leaders” application form.

3. Duration of data processing, deadline for deletion of data: The data processing lasts until the data subject’s request for deletion. The Data Controller shall inform the data subject electronically pursuant to Article 19 of the GDPR of the deletion of any personal data provided by the data subject. If the deletion request of the data subject also covers the e-mail address provided by the data subject, the Data Controller will also delete the e-mail address after the notification.

4. The identity of the potential data controllers entitled to access the data, the recipients of the personal data: The personal data may be processed by the authorized employees and agents of the Data Controller and the data processors listed in point 4 in accordance with the provisions of this prospectus.

5. Description of data subjects’ rights in relation to data processing:

6. The data subject may initiate access to personal data, their deletion, modification or restriction of their processing, and the portability of the data in the following ways: by post to 1134 Budapest, Apály u. 3. by e-mail to [email protected].

7. Legal basis for data processing: Article 6 (1) (b) of the GDPR.

8. Please be informed that data management

The Service Provider does not misuse the personal data managed by it in any way.

2.3. Donation through the Website:

1. Fact of data collection, scope of data processed and purposes of data management:

Personal DataPurpose of data management
Surname, first name, e-mail address, in the case of a legal entity, company name and tax numberContact, acknowledgments

2. Stakeholders: Individuals and legal entities who donate through the Website.

3. Duration of data processing, deadline for deletion of data: The duration of data processing lasts until the data subject’s consent is withdrawn.

4. The identity of the potential data controllers entitled to access the data, the recipients of the personal data: The personal data may be processed by the authorized employees and agents of the Data Controller on the basis of the contents of this prospectus. Personal data will not be transferred to third parties by the data controller.

5. Description of data subjects’ rights in relation to data processing:

6. The data subject may initiate access to personal data, their deletion, modification or restriction of their processing, and the portability of the data in the following ways: by post to 1134 Budapest, Apály utca 3. or by e-mail to [email protected].

7. Legal basis for data processing: Article 6 (1) (a) and (b) of the GDPR.

8. Please be informed that

The Service Provider does not misuse the personal data managed by it in any way.

The Donor is able to pay through Barion’s online credit card payment system:

Barion: Barion is an electronic payment service that allows users to pay with a Visa, Visa Electron, Mastercard, Maestro or Amex credit card in their online store, even without registration. You can also pay the subsidy amount from Barion’s balance. Registration is not required for credit card payments, just enter your credit card number, expiration date and CVC code on the back, as well as a working email address. If the user does not have a credit card, you can use the prepaid Barion balance to pay which you can top up by bank transfer or cash deposit, or to which your friends can send money. In this case, payment can be initiated by entering an email address and password. Learn more »

If the Donor chooses the payment method operated by Barion Payment Zrt. one can enter the details of their bank card which is necessary for the payment at the Barion website. The Service Provider does not have access to the bank card data, they are managed in the system of Barion Payment Zrt.

3. Cookie Management

In accordance with European Union law, we must draw your attention to the fact that this website is using so-called “cookies” in order to provide you with personalized content. Cookies are small, perfectly harmless files that the Website places on your computer to make browsing as easy as possible for you. You can disable cookies in your browser settings. If you do not do this, or if you click the “I Accept” button, you accept the use of cookies.

The user can delete the cookie from his / her own computer or disable the use of cookies in his / her browser. Cookies can usually be managed in the Tools / Settings menu of browsers under Privacy Settings, under the name of a cookie or cookie.

  1. The fact of data management, the scope of data managed: Unique identification number, dates, times.
  2. Stakeholders: All stakeholders who visit the Website.
  3. The purpose of data management is to identify users and track visitors.
  4. Duration of data management, deadline for deleting data:
Cookie typeLegal basis for data managementDuration of data management
Session cookieAct CVIII of 2001 on certain issues of electronic commerce services and information society services (in particular Secction 13/A)The period until the end of the relevant visitor session
  1. Identity of potential data controllers entitled to access the data: The Data Controller does not process personal data using cookies.
  2. Description of the data subjects’ rights related to data management: The data subject has the possibility to delete cookies in the Tools / Settings menu of the browser, usually under the settings of the Privacy menu item.
  3. Legal basis for data processing: The consent of the data subject is not required if the sole purpose of the use of cookies is the transmission of communications via an electronic communications network or the provision of an information society service specifically requested by the subscriber or user.

Usage of Google Analytics

  1. This Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.
  2. The information generated by the cookie associated with the website you use is typically stored and stored on one of Google’s servers in the United States. By activating IP anonymization on the Website, Google will shorten the user’s IP address within the Member States of the European Union or in other States party to the Agreement on the European Economic Area.
  3. The full IP address will only be transmitted to and truncated to Google’s server in the U.S. in exceptional cases. On behalf of the website operator, Google will use this information to evaluate how you have used the website, to provide the website operator with reports on website activity and to provide additional services related to website and internet usage.
  4. Within the framework of Google Analytics, the IP address transmitted by the User’s browser is not reconciled with other data of Google. The user may prevent the storage of cookies by setting their browser appropriately, however, please note that in this case, not all functions of this website may be fully available. You may also prevent Google from collecting and processing your information about your use of the Website (including your IP address) by cookies by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=hu

4. Data processors

Hosting service

  1. Activity performed by data processor: Hosting service
  2. Name and contact details of the data processor: Hidden Design Korlátolt Felelősségű Társaság (registered office: 1095 Budapest, Gát utca 21. fsz./1), company registration number: 01-09-278702, tax number: 23089655-2-43 hereinafter: Hidden Design Kft .
  3. Fact of data processing, scope of data processed: All personal data provided by the data subject.
  4. Stakeholders: All stakeholders who use the website.
  5. The purpose of data management: To make the website available and to operate it properly.
  6. Duration of data processing, deadline for deletion of data: The data processing lasts until the termination of the agreement between the data controller and the hosting provider or until the data subject’s request for deletion to the hosting provider.
  7. Legal basis for data processing: Article 6 (1) (f) of the GDPR and Article CVIII of 2001 on certain aspects of electronic commerce services and information society services. Act 13 / A. § (3).
  8. Rights of the data subject:
    1. You can find out about the conditions of data management,
    2. You have the right to receive feedback from the Data Controller as to whether your personal data is being processed and to have access to all information related to data processing.
    3. You have the right to receive your personal information about you in a structured, widely used, machine-readable format.
    4. You have the right, at the request of the data controller, to correct your inaccurate personal data without undue delay.
    5. You may object to the processing of your personal data.

Web developer

  1. Activity performed by a data processor: development and maintenance of the Website
  2. Name and contact details of the data processor: Péter Patkó, individual entrepreneur (Headquarters: 2484 Gárdony, Május 1. tér 4., tax number: 69750674-1-27, hereinafter: Developer).
  3. Fact of data processing, scope of data processed: All personal data provided by the data subject.
  4. Stakeholders: All stakeholders who use the website.
  5. The purpose of data management: To make the website available and to operate it properly.
  6. Duration of data management, deadline for deletion of data: The data management lasts until the termination of the agreement between the data controller and the Developer, or until the data subject’s request for deletion to the Developer.
  7. Legal basis for data processing: Article 6 (1) (f) of the GDPR and Article CVIII of 2001 on certain aspects of electronic commerce services and information society services. Act 13 / A. § (3).
  8. Rights of the data subject:
    1. You can find out about the conditions of data management,
    2. You have the right to receive feedback from the Data Controller as to whether your personal data is being processed and to have access to all information related to data processing.
    3. You have the right to receive your personal information about you in a structured, widely used, machine-readable format.
    4. You have the right, at the request of the data controller, to correct your inaccurate personal data without undue delay.
    5. You may object to the processing of your personal data.

5. Rights of data subjects

1. Right of access

You have the right to receive feedback from the Data Controller as to whether your personal data is being processed and, if such data processing is in progress, you have the right to have access to the personal data and information listed in the Regulation.

2. Right to rectification

You have the right, at the request of the Data Controller, to correct inaccurate personal data concerning you without undue delay. Taking into account the purpose of the data processing, you have the right to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary statement.

3. Right of cancellation

You have the right, at the request of the Data Controller, to delete personal data concerning you without undue delay, and the Data Controller is obliged to delete personal data concerning you without undue delay under certain conditions.

4. The right to be forgotten

If the Data Controller has disclosed personal data and is required to delete it, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the data controllers that you have requested the personal data in question. deleting links or copies or duplicates of such personal data.

5. Right to restrict data processing

You have the right, at the request of the Data Controller, to restrict the data processing if one of the following conditions is met:

6. The right to data portability

You have the right to receive personal data about you provided by you to a data controller in a structured, widely used machine-readable format and to transfer this data to another data controller without being hindered by the data controller whose provided the personal data to him.

7. Right to protest

You have the right to object at any time to the processing of your personal data, including profiling based on the above provisions, for reasons related to your own situation.

8. Protest in case of direct business acquisition

If personal data is processed for the purpose of direct business acquisition, you have the right to object at any time to the processing of personal data concerning you for this purpose, including profiling, insofar as it relates to direct business acquisition. If you object to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for this purpose.

The Data Controller will inform you without undue delay, but in any case within 1 month from the receipt of the request, of the action taken on the above requests. If necessary, it can be extended by 2 months. The Data Controller will inform you of the extension of the deadline within 1 month from the receipt of the request, indicating the reasons for the delay. If the Data Controller does not take action on your request, it will inform you without delay, but no later than within one month of receipt of the request, of the reasons for the non-action and of the fact that you can lodge a complaint with a supervisory authority and have a judicial remedy.

6. Remedies

If you have any complaints, please contact us first with confidence, by sending an e-mail to [email protected] or by sending a letter to 1134 Budapest, Apály u. 3.

The data protection incident shall be reported by the Data Controller to the supervisory authority competent under Article 55 without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is not likely to jeopardize the rights of individuals. and freedoms. If the notification is not made within 72 hours, the reasons for the delay must be provided.

Complaints against possible breaches of the data controller can be lodged with the National Data Protection and Freedom of Information Authority:

National Data Protection and Freedom of Information Authority
1125 Budapest, Szilágyi Erzsébet avenue 22 / C.
Mailing address: 1530 Budapest, Mailbox: 5.
Phone: +36 -1-391-1400
E-mail: [email protected]
You may seek legal redress against the Data Controller if, in your opinion, the Data Controller has violated your rights under the GDPR as a result of improper handling of your personal data.

The Data Controller reserves the right to change its privacy statement. This may be the case, in particular, if the range of services is expanded or if it is made mandatory by law. A change in data management must not mean a different way of handling personal data. The data controller shall publish the relevant information on its website 15 days in advance.

Budapest, 17/10/2022

Bridge Budapest Association