This site uses cookies to provide you with a more responsive and personalised service. Please read our PRIVACY POLICY for more information on the cookies we use and how to delete or block them.
Home > Legal & Privacy > Privacy Statement - Newsletter
  • Privacy Statement - Newsletter

Privacy Statement - Newsletter

The members of the BDO Hungary company group (as data controllers) record and store some of your persona data in connection with their Newsletter service.

With regard to the data processing operations discussed in this statement, the data controllers are the members of the BDO Hungary company group:

BDO Magyarország Adótanácsadó Kft.,

BDO Magyarország Könyvelő és Bérszámfejtő Kft.,

BDO Magyarország Könyvvizsgáló Kft.

BDO Legal Jókay Ügyvédi Iroda

BDO Magyarország IT Megoldások Kft.,

BDO Magyarország ESG Tanácsadó Kft.,

BDO Magyarország Pénzügyi Tanácsadó Zrt.,

BDO Magyarország Solutions Tanácsadó Kft.,

BDO Magyarország FDI Advisory Kft., and

BDO Magyarország Vagyonkezelő Kft.

In the light of how the BDO Hungary company group is structured and how certain administrative and operative functions are allocated to entities within the group, the individual members and BDO Magyarország Vagyonkezelő Kft. act as joint controllers. With this being the case, the obligations and liabilities of each controller are clearly determined and allocated by the controllers in the relationship that is in place between them. Therefore, the purpose of this privacy statement is to set out the data processing rules that are applicable to every member of the BDO Hungary group in a uniform manner.

Personal data are recorded in the following cases:

  • where you have granted your consent in our engagement letter that we may send Newsletters to you; and
  • where you have filled out the relevant fields in the electronic from made available by the Controller and confirmed your consent by clicking on the “Send” button.

If your data are available in public databases (e.g. the company registration system), i.e. they qualify as information that is public out of public interest within the meaning of Sections 3.1, 3.2 and 3.6 of Hungary’s Act CXII of 2011 on Privacy and the Freedom of Information (Privacy Act), the data do not qualify as personal data pursuant to Section 6(1) of Hungary’s Act CLVIII on the Conditions of and Certain Limitations on Business Advertising.

 

1) Introduction

The purpose of this privacy statement (“Statement”) is to set out the data protection and data processing principles that are applied and observed by the members of the BDO Hungary group (hereinafter: Controller”) as the provider of the Newsletter service and that the Controller has agreed to be bound by in connection with the Newsletter service.

This Statement describes the principles applicable to the processing of personal data that were disclosed on the Controller’s website or in its application by persons who have subscribed to the service via such website or application, and provides information to data subjects about the processing of their personal data.

In the drafting of this Statement, the Controller paid particular attention to Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”), Hungary’s Act CXII of 2011 on Privacy and the Freedom of Information (“Privacy Act”) and Act V of 2013 on the Civil Code (“Civil Code”).

 

2) The Controller

In the processing of your personal data, the Controller is responsible and liable for ensuring that the processing is done lawfully.

You can contact us at the following addresses:

Controller’s name and registered office:

BDO Magyarország Adótanácsadó Kft.,

1103 Budapest, Kőér utca 2/a

BDO Magyarország Könyvelő és Bérszámfejtő Kft.,

1103 Budapest, Kőér utca 2/a

BDO Magyarország Könyvvizsgáló Kft.

1103 Budapest, Kőér utca 2/a

BDO Legal Jókay Ügyvédi Iroda

1124 Budapest, Apor Vilmos tér 11-12. 1. em.

BDO Magyarország IT Megoldások Kft.,

1103 Budapest, Kőér utca 2/a

BDO Magyarország ESG Tanácsadó Kft.

1124 Budapest, Apor Vilmos tér 11-12. 1. em.

BDO Magyarország Pénzügyi Tanácsadó Zrt.

1123 Budapest, Alkotás u. 53.F.II.

BDO Magyarország Solutions Tanácsadó Kft.,

1103 Budapest, Kőér utca 2/a

BDO Magyarország FDI Tanácsadó Kft.

1117 Budapest, Buda-part tér 2.B. 11. em.

BDO Magyarország Vagyonkezelő Kft.

1103 Budapest, Kőér utca 2/a

 

E-mail address: hirlevel@bdo.hu

Website: www.bdo.hu

 

3) Brief description of the data processing

By subscribing for the Newsletter, you grant your consent that the Controller may periodically send you Newsletters about news concerning the Controller in connection with certain topics that you have selected (such as summaries about legislative changes, trade and business news, invitations to trade and business events). The Controller records some of your personal data in order to provide the Newsletter service. The personal data is always obtained from you as the data subject. Profiling and automated decision-making does not take place in the processing of your data. The personal data is recorded electronically, with users filling out the relevant fields and accepting this Newsletter Privacy Statement by ticking the relevant box(es), and then confirming their subscription by clicking on the “Send” button.

 

4) What types of personal data do we record?

The Controller records the following data in connection with your subscription for the Newsletter:

  • name (to identify you);
  • e-mail address (for the delivery of the Newsletter);
  • company name (to identify you, if there is a service contract in place between you and the Controller); and
  • position (to identify you, if there is a service contract in place between you and the Controller).

 

The disclosure of the above information is mandatory for the purpose of subscribing for the Newsletter. The above information qualifies as personal data under both the GDPR and the Privacy Act.

 

5) For what purposes do we collect personal data?

The Controller processes your personal data in connection with the Newsletter service for the purpose of providing information to you about news that concern the Controller or that it considers important in connection with certain topics that you have selected (such as summaries about legislative changes, trade and business news, invitations to trade and business events).

 

6) Legal basis for the data processing

In line with Article 6(1)a) of the GDPR, the legal basis for the processing of the personal data specified in Section 4 above is the consent granted by you as a data subject. The consent is voluntary in all cases. You can withdraw your consent at any time; however, this will not affect the lawfulness of processing performed before the withdrawal.

 

7) Duration of processing

The Controller will process your personal data for the purposes of sending you Newsletters until we discontinue the Newsletter service or you unsubscribe from it, or as long as you do not request the erasure of your personal data, or request a restriction of, or prohibit, our processing of your personal data.

You can unsubscribe from the Newsletter service at any time in any of the following ways:

  • sending a request to the hirlevel@bdo.hu e-mail address, or
  • mailing a request to the address of1103 Budapest, Kőér utca 2/A. C. ép., or
  • via the unsubscribe button at the end of the e-mails, if there is one.

 

8) Data security measures

The personal data recorded during the subscription for the Newsletter are entered in the Controller’s own database. Newsletters are sent from the kommunikáció@bdo.hu e-mail address.

Where Newsletters are sent via Mailchimp’s e-mail delivery and database management service, the personal data recorded while subscribing for the Newsletters are entered by the Controller in Mailchimp’s database and the Newsletters are sent to you from the central e-mail address of the relevant business line (group company).

Within the Controller’s organisation, only staff members who participate in activities associated with the sending of the Newsletters have access to your personal data. The Controller treats your personal data as confidential information, and will not make them public, or grant access to them to third parties (other than data transfers to Mailchimp) or to the Controller’s staff members, agents or volunteers who do not perform any functions, tasks or activities in connection with the sending of the Newsletters.

In both of the above cases, the personal data are kept on record in a password-protected database that is only accessible for authorised personnel and that is protected with state-of-the art firewall technology and antivirus software. Each of the databases is only accessible for authorised employees with individual, unique passwords.

 

9) Data Processor

Where Newsletters are sent via Mailchimp’s e-mail delivery and database management service, Mailchimp qualifies as a data processor, because it does not process data in its own name and for its own benefit during the entire period of processing. The Controller will be liable for the processing of the data in this case as well.

 

10) Your rights and remedies

As a data subject, you can contact the Controller at the adatkezelés@bdo.hu e-mail address to inquire about the rights described below.

  • Right to information and access

You have the right to obtain confirmation from the Controller as to whether or not your personal data are being processed, and, if that is the case, to obtain access to the personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients to whom the personal data have been or will be disclosed (including, in particular, data processors);
  • the envisaged period for which the personal data will be stored;
  • your rights in connection with the processing;
  • the source of the data if they were not collected from you;
  • information pertaining to automated decision-making. ​

In line with the applicable regulations, we will provide the information about your personal data free of charge. We will respond to your request in writing within a month. However, if a request is manifestly unfounded or excessive, in particular because of its repetitive character, the Controller may, taking into account the administrative costs of providing the information or communication or taking the action requested,

  • charge a reasonable fee, or
  • refuse to act on the request.

 

If you pay a fee, but your data is processed unlawfully or we have to rectify the data pursuant your request, will refund such fee to you. If, despite our efforts to protect your personal data with advanced data security measures, any person accesses, alters, transfers, publishes, erases or destroys your data without authorisation, causes them to be accidentally damaged or destroyed, or otherwise processes them unlawfully, we will inform you about the circumstances of such data breach at your request, including the date and potential consequences of the data breach and the measures that we have taken to prevent or  mitigate such consequences.

  • Right to rectification

If any personal data processed by us are not accurate, we will rectify them at your request without unreasonable delay. You also have the right to request the completion of your incomplete personal data in a relevant statement.

  • ·Right to erasure

The Controller will erase your personal data without unreasonable delay if: 

  • the data are no longer needed for the purpose of sending Newsletters;
  • the Controller discontinues its Newsletter service;
  • the processing of the personal data is unlawful;
  • the erasure is necessary due to compliance with a legal obligation applicable to the Controller;
  • the consent to the processing of the personal data of a child under the age of 16 years old has not been given or has been revoked by the holder of parental responsibility over the child;
  • the Controller has made the personal data public; and
  • you request the erasure of the personal data by withdrawing your consent to the processing.

  • Right to restriction

The processing of the data may be restricted if:

  • you contest the accuracy of your data; in that case, the Controller will restrict the processing of your data for the period while it verifies their accuracy;
  • the processing is unlawful and you request the restriction of the of use data instead of erasure;
  • the Controller no longer needs the personal data but your require them for the establishment of your legal claims;

If you have requested the restriction of processing, the Controller will inform you before the restriction is lifted.

  • Right to data portability

You have the right to receive your personal data provided to the Controller in a structured, commonly used and machine-readable format (e.g. in .doc or .pdf format) and have the right to transmit those data to another controller without hindrance from the Controller.

  • What happens and what can you do if we deny your request?

If we deny your request for rectification, restriction or erasure, we will inform you in writing within a month about the reasons why we could not comply with your request, and inform you about your options to seek judicial remedy and that you can lodge a complaint with Hungary’s National Data Protection and Freedom of Information Authority. We will send our response to you by e-mail, if you give your consent to this.

  • What options of legal remedy are available to you?

If you believe that the Controller has infringed the provisions of the GDPR in the processing of your personal data, you as a data subject have the right to lodge a complaint with a supervisory authority (i.e. a public authority established by any Member State of the EU under Article 51 of the GDPR), and in particular, in the Member State of your habitual residence, place of work or the place of the alleged infringement. In Hungary, the supervisory authority that was established in accordance with the criteria specified in Article 51 of the GDPR is the National Data Protection and Freedom of Information Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság; hereinafter: “NAIH” or “Authority”).

Within the meaning of the GDPR, a supervisory authority concerned is a supervisory authority which is concerned by the processing of personal data because:

  • the controller or a processor is established on the territory of the Member State of that supervisory authority;
  • data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
  • a complaint has been lodged with that supervisory authority.

Consequently, the NAIH is the supervisory authority concerned by the data processing activities performed by the Controller, because the Controller is established on the territory of Hungary and the processing primarily affects data subjects who reside in Hungary.  Therefore, the following is a description of how complaints may be lodged with the NAIH. Nevertheless, we note that in line with the above, you can lodge a complaint not only with the NAIH but with any supervisory authority established in any EU Member State.

  • Notification to the National Data Protection and Freedom of Information Authority

Compliance with data protection regulations is monitored in Hungary by the National Data Protection and Freedom of Information Authority. If you believe that our processing activities are not in compliance with the applicable regulations or that there is an imminent danger that they might not be, you can submit a notification to the Authority using the following contact details:

Name: National Data Protection and Freedom of Information Authority

Address: 1055 Budapest, Falk Miksa utca 9-11.

Mailing address: 1363 Budapest, Pf. 9

E-mail address:ugyfelszolgalat@naih.hu

Telephone number: +36 (30) 683-5969; +36 (30) 549-6838; +36 (1) 391 1400

Fax number: +36 1 391 1410

Official government portal: short name: NAIH; KR ID: 429616918

 

You can find more information about data protection matters on the Authority’s website: http://naih.hu/

 

We also note that the Controller is required to notify any personal data breach (i.e. the accidental or unlawful destruction, loss, alteration or unauthorised disclosure of, or unauthorised access to, personal data) associated with the Newsletter service to the Authority without undue delay and, where feasible, not later than 72 hours after having become aware of it. If the personal data breach is likely to result in a high risk to the rights and freedoms of the data subjects, the Controller will communicate the personal data breach to you as a data subject without undue delay.

  • Enforcing your rights in court

You may seek judicial remedy against the Controller if you believe that the Controller’s processing practices have infringed your rights under the GDPR as a result of the processing of your personal data in non-compliance with the GDPR. You can decide to file such a lawsuit with the court that has jurisdiction over your domicile or your place of residence. Additionally, if you suffer any damage as a result of the unlawful processing of your data or a violation of data security requirements, you may, subject to the conditions specified in the relevant regulations, seek compensation from the Controller in court. If we violate your personal rights, personality rights or privacy, you may be entitled to grievance money (‘sérelemdíj’), which you can also claim in court.

Up next: