Data Protection Statement
BAc & Co. Ltd. hereby informs you about its practices regarding the processing of personal data in connection with the use of the website www.bacsco.com (hereinafter referred to as the “Website”), about its data protection measures and about your rights and remedies with regard to data processing.
2. Basic concepts relating to personal data
- Personal Data: any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Data processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law.
- Processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
- Data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.
3. Principles of data protection
Personal data must be processed lawfully and fairly and in a transparent manner for the data subject.
Personal data should be collected only for specific, explicit and legitimate purposes.
The data processed must be adequate, relevant and limited to what is necessary for the purposes for which they are processed.
The data processed must be accurate and, where necessary, kept up to date. All reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes of processing are erased or rectified without undue delay.
Personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed.
Personal data must be processed in such a way as to ensure adequate security of personal data against unauthorized or unlawful processing, accidental loss, destruction (including damage) and destruction by technical or organizational means.
4. Data of the Data Controller
- Name: BAc & Co. Ltd.
- Address: 1053 Budapest, Képíró Street 9th. 3rd Floor
- E-mail: email@example.com
- Data Protection Officer: Dr Balázs Kiglics
5. Legislation applied
We will process your data in accordance with the applicable laws in force, in particular:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), also known as GDPR (General Data Protection Regulation)
6. Data processed when using this website
The public content of the Website can be viewed by anyone – without providing any personal data – and does not require registration or login.
The Website only stores general visitor data to the extent required by the user’s browser, which is necessary for its operation.
7. Detailed rules on data processing
The Data Controller processes the data for as long as it is necessary for the fulfilment of the order, contract, advice. Personal data provided during the contact will be kept for 1 year.
The data subjects concerned by the processing are the contact details provided on the Website, the persons interested in the services of the Data Controller and the persons visiting the Website.
Purpose of the processing: to contact interested parties, to inform the data subject about the services of interest to him/her.
Legal basis for processing.
7.2. Data processed in relation to visitors to the Website.
Purpose: the functioning of the site.
Legal basis: in the case of cookies that are technically necessary for the operation of the Website, for the use of the services and functions provided on the Website: Article 13/A of the Act on the Protection of Personal Data, Article 6 (1) (b) of the Regulation.
The Data Controller may also process the data subject’s data if this is necessary for the purposes of pursuing its legitimate interests, unless those interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data (Article 6(1)(f) of the Regulation).
If the personal data of the data subject are included in the invoice, the Data Controller is obliged to keep these records for 8 years pursuant to Article 169 of Act C of 2000 on Accounting. Data contained in tax-related documents (e.g. orders, contracts, etc.) must be kept until the limitation period for the right to tax assessment pursuant to Article 78 of Act CL of 2017 on the Rules of Taxation, or, in the case of deferred tax, for 5 years from the last day of the calendar year in which the deferred tax becomes due.
8. Processing of cookies
A cookie is a string of information, consisting of text, which the Website transfers to a small file on the hard disk of the computer or mobile device of the user concerned.
The cookies used on our website are so-called functional cookies, which support the operation of the website and contain the time of the visit to the website, the session ID and other information about the session that can be interpreted by the website’s program code (strings of numbers and characters, so-called session ID). The information stored in the functional cookies is not transferred to third parties.
You can manage cookies, disable or delete them in the settings of your Internet browser software, under the name of cookie. For more information on how to manage cookies, please refer to the help of the respective program or click on the program name in the following links.
9. Who has access to the data
The personal data may be accessed by authorized employees of the Data Controller, its contractors who need access to personal data in order to perform their duties, and by senior managers of the Data Controller.
The user has the right to modify the data at any time. The e-mail address of the data subject is not public and is not accessible to third parties.
Personal data will not be disclosed to third parties not entitled to know it, and will only be disclosed to third parties with your prior consent and where necessary to comply with legal requirements. An exception to this is in the case of an official request by the competent authority (e.g. police, prosecution, court, etc.) in the course of an official investigation, in which case we are obliged to provide the necessary data. This does not require the specific consent of the data subject, as this is a legal obligation.
10. Security of data handling
The Data Controller ensures the security of the processed and stored data, its protection against access by unauthorized persons and against unauthorized modification or alteration, by means of state-of-the-art measures (e.g., firewalls). The Data Controller shall provide the level of protection expected when processing the data.
11. Rights of data subjects in relation to data processing, legal remedies
All data subjects may request information about the processing of their personal data. The Data Controller shall inform the data subject by email or in writing of the data processed, the purposes, legal basis and duration of the processing, the name and address of the data processor and the data controller and the activities related to the processing, as well as the persons who receive or have received the data and the purposes for which the data are or have been processed. For additional copies, the Controller may charge a reasonable fee based on administrative costs.
The Controller will respond to these requests as soon as possible, but not later than 30 days, in particular by electronic means, unless you request otherwise.
Data subjects may request in writing the rectification, modification, erasure or restriction of the processing of their personal data (or part of it) and may object to the processing of such personal data.
Erasure is possible if the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing.
In the above cases, you may submit your request to the Controller, who will inform you as soon as possible, but not later than 30 days, of the action taken on the request or the reasons for non-action.
In the event of failure to act or in relation to the action taken, you have the right to initiate proceedings before the National Authority for Data Protection and Freedom of Information if there is a breach of rights relating to the processing of personal data or an imminent threat of such a breach. The contact details of the Authority are.
You may take legal action against the Data Controller in case of infringement of your rights. A court of law has jurisdiction to hear the case. You can also choose to bring the case before the court of your place of residence or domicile.
Before lodging a complaint with a supervisory authority or a court, please contact our Company in order to discuss and resolve the problem as soon as possible.
12. Final clause
The data controller reserves the right to change its privacy statement. In particular, this may be the case if the scope of services is extended or if required by law. A change in the processing shall not imply a processing of personal data for purposes other than those for which they were collected. The controller shall publish the relevant information on its website 30 days in advance.