This Privacy Policy sets out the privacy principles of BlackBelt Technology Ltd. Hereinafter,  BlackBelt Technology Ltd. shall be referred to as “Data Controller”.

The Data Controller is committed to fully respecting the website visitors’ (hereinafter: “Data Subjects”) rights related to processing their data. Accordingly, we control the Data Subjects’ personal data in accordance with the provisions of  the General Data Protection Regulation  (EU) 2016/679 of European Parliament and of the Council (hereinafter: “GDPR”).

The Data Controller’s details and contacts:

BlackBelt Technology Ltd.

The Data Controller’s representative: Róbert Sövegjártó

Registered seat: 16 Ganz utca, Budapest 1027

Office: 16 Ganz utca, Budapest 1027.

Telephone: +36 1 611 0462

E-mail address and website:,

Managing cookies

Cookies are small data files placed on the user’s computer by the visited website. Cookies are designed to make using a particular info communication or online service easier and more convenient by enabling the website to recognise the visitor’s browser the next time the website is visited. Cookies can store user preferences (e.g. the selected language) and other information. Among others, they collect information about the visitor and his or her device, remember the visitor’s personal preferences and can be used, for example, for online shopping carts. Generally, cookies make using a website easier, they allow websites to ensure users a better online experience and an efficient source of information; also, they allow website operators to control the operation of their website, to prevent breaches and to provide smooth and high-quality services through their website.

Our website records and manages the following information about visitors and the device used to visit the website:

  • the IP address used by the visitor,
  • the type of browser,
  • the settings of the operation system of the device used for browsing (selected language),
  • the date and time of the visit,
  • the visited (sub)page, function or service,

It is not obligatory to accept or allow the use of cookies. You can reset the settings of your browser to reject all the cookies or to warn you when the system sends a cookie. Although most browsers automatically accept cookies by default, these settings can usually be changed to reject the automatic acceptance of cookies and to offer options each time.

To learn more about the cookie settings of the most popular browsers, please follow this link:

Please note, however, that certain website features or services may not work properly without the cookies.

The cookies used by the Data Controller’s website

Technical cookies (session cookies)

These cookies are necessary to allow visitors to browse the website, to use the features and services offered by the website smoothly and without limitation, including, particularly, remembering the visitor’s activities on the website during a visit. The duration of data processing by these cookies is restricted to the visitor’s given visit to the website, and after closing the session or the browser, this cookie type is automatically deleted from your computer.

The legal basis for data processing: the Service Provider’s legitimate interests in the proper operation of the website.

The purpose of data processing: to ensure the proper operation of the website.

Session cookies used:

Cookie type Device Data collected
_gat (http) Google Analytics used to throttle the speed of requests to the server
_gid (http) Registers a unique ID that is used to generate statistical data on how the visitor uses the website
test_cookie (http) Google Doubleclick Checks whether the visitor’s device supports cookies
_hjTLDTest Detects the SEO-ranking for the current website. This service is part of a third-party statistics and analysis service Tracks the individual sessions on the website, allowing the website to compile statistical data from multiple visits.This data can also be used to create leads for marketing purposes.

Unsubscribe option:

Cookies requiring consent

They allow the Data Controller to remember the user’s preferences related to the website. The visitor can refuse this processing any time before or during using the service. These data shall not be linked to the identification data of the recipient of the service, and shall not be made accessible for a third party without the consent of the recipient of the service.

The purpose of the data collection is to prepare analyses and statistics about how users use the website (e.g. what sources they had come from, which web pages they visited, how much time they spent on the website, what devices and browser they used to visit the website, etc.), as well as to understand the website visitors’ purposes. The legal basis of data processing: the voluntary consent of the Data Subject.

Cookies used:

Cookie type Device Data collected Expiry
_ga Registers a unique ID that is used to generate statistical data on how the visitor uses the website 2 years
fr (http) Facebook advertising service for third party advertisers 3 months
IDE (http) Google Doubleclick records and reports the visitor’s activity after viewing an advertisement in order to measure the effectiveness of the advertisement 2 years
__cfduid (http) Cloudflare ( Identifies reliable data traffic 1 year
__cfduid (http) Cloudflare ( Identifies reliable data traffic 1 year
__cfduid (http) Cloudflare ( Identifies reliable data traffic 1 year
__cfduid (http) Cloudflare ( Identifies reliable data traffic 1 year
__cfduid (http) Cloudflare ( Identifies reliable data traffic 1 year
_gat Google Analytics Used by Google Analytics to throttle request rate 1 day
_gid Google Analytics Registers a unique ID that is used to generate statistical data on how the visitor uses the website 1 day
_hjAbsoluteSessionInProgress This cookie is used to count how many times a website has been visited by different visitors – this is done byassigning the visitor an ID, so the visitor does not get registered twice 1 day
_hjid Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes 1 year
_hjIncludedInPageviewSample Determines if the user’s navigation should be registered in a certain statistical place holder. 1 day

Used in context with Account-Based-Marketing (ABM). The cookie registers data such as IP-addresses, time spenton the website and page requests for the visit. This is used for retargeting of multiple users rooting from the same IP-addresses. ABM usually facilitates B2B marketing purposes. 2 years
_lfa_# Persistent
_lfa_expiry Contains the expiry-date for the cookie with corresponding name Persistent

Unsubscribe option:


The Data Subject can send BlackBelt an e-mail to

Sending an e-mail message requires a name and an e-mail address; these data will be processed for contact purposes, and – in case the Data Subject gives his or her express consent – for newsletter subscription.

BlackBelt shall process the contact data until the purpose of data processing is fulfilled, that is, until the subject of the message (the question to which the sender expects a reply) is deemed achieved but not longer than one year of sending the message.

In case the Data Subject subscribes to the newsletter, the Data Controller shall process the data until unsubscription.

Data security

The Data Controller shall take the necessary technical and organisational measures and implement appropriate rules of procedure in order to ensure the security of the personal data during the entire process of data processing.

The Data Controller shall select and operate the IT tools used for data processing with a view to

  • allow authorised parties access to the data processed (availability);
  • ensure the authenticity and the authentication of the data processed (authenticity of data processing);
  • be able to verify the integrity of the data processed (data integrity);
  • protect the data processed against unauthorised access (data confidentiality).

The Data Controller shall

  • take appropriate measures to protect the data against accidental or unlawful destruction, loss, alteration, damage, unauthorised disclosure or access,
  • restrict access to the personal data by specifying levels of authorisation,
  • protect the IT systems with a firewall and ensure virus protection,
  • make sure that during the electronic data processing the data are only accessible for specific purposes, under controlled circumstances and only by persons who need such access to carry out their duties.
  • in order to protect the data sets processed electronically in its various records, use appropriate technical solutions to ensure that the data stored cannot be directly linked and assigned to the Data Subject, unless permitted by law.

Taking into account the state of the art, the Data Controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

The Data Controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. In the case of a personal data breach, the Data Controller shall, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter: the Authority), unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

The rights of the Data Subject and the enforcement thereof

The Data Subject can request information about the processing of his or her personal data, and request the rectification or erasure thereof – except in cases where the data processing is required by law – following the procedure described at the time of data collection or via Customer Service.

Right to be informed

The Data Controller shall, upon request, inform the Data Subject of the data processed by the Data Controller or by a Data Processor commissioned by the Data Controller, of their source, of the purpose of the data processing, of its legal basis and duration, of the name, address and activity of the Data Processor concerning the data processing, as well as of the legal basis and recipients of the data transfer in cases where the Data Subject’s data are transferred to third parties. The Data Controller shall provide the information in writing and in an easy-to-understand manner within the shortest possible time, but not later than within 25 days of submitting the request. The provision of information is free of charge, unless in the given calendar year the person requesting the information has already filed a request with the Data Controller concerning the same information. In other cases, expenses may be charged. The Date Controller may only refuse providing information to the Data Subject in cases specified by law. When information is denied, the Data Controller shall inform the Data Subject in writing about which provision of the Act on Informational Self determination and Freedom of Information the denial was based on. When information is denied, the Data Controller shall inform the Data Subject of the opportunities of legal remedy and turning to the Authority.

Right to rectification

When the personal data are incorrect and the correct personal data are available to the Data Controller, the Data Controller shall rectify the personal data.

Right to erasure

The personal data shall be erased if the processing thereof is unlawful; when the Data Subject requests so (except obligatory data processing); if they are incomplete or inaccurate and there is no legal remedy for this situation, provided that the law does not exclude erasure; when the purpose of processing has ceased to exist, or the time limit for the storage of data specified by law has expired; or when it has been ordered by court or the Authority.

Right to restriction of processing

Instead of erasure, the Data Controller may restrict processing the personal data if the Data Subject requests so, or if – based on the information available – the erasure would possibly injure the Data Subject’s legitimate interests. The personal data so restricted can only be processed as long as the purpose of data processing which excluded erasure still exists. The Data Controller shall mark the personal data if the Data Subject disputes their correctness or accuracy, but the incorrectness or inaccuracy of the personal data cannot be established beyond doubt.

Notification obligation regarding the rectification or erasure of personal data or the restriction of processing

The Data Controller shall notify the Data Subject of the rectification, restriction or erasure of the data. Such information may be dispensed with if, in view of the purpose of processing, no legitimate interests of the Data Subject are infringed thereby. In case the Data Controller does not fulfill the Data Subject’s request concerning the rectification, restriction or erasure of the data, the Data Controller shall inform the Data Subject of the factual and legal reasons for denying such request within 30 days of receiving the request. In case the request for the rectification, erasure or restriction of the data is denied, the Data Controller shall inform the Data Subject of the opportunities of legal remedy or turning to the Authority.

The right to objection

The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing personal data concerning him or her, carried out in the public interest, in the exercise of official authority vested in the Data Controller or processing necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, including profiling based on those provisions.

In the case of an objection, the Data Controller shall no longer process the personal data, unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims.

The Data Controller shall, within the shortest possible time but not later than 15 days of submitting the request, examine the objection, determine whether the request is justified and notify the Data Subject of its decision. Where the objection is justified, the Data Controller shall discontinue the processing of data, including further collection or transfer, and block all data; also, he shall inform of the objection and the measures taken on the basis thereof all those to whom the personal data the objection aimed at were previously transferred, and who, on their part, shall take the necessary measures for the enforcement of the right to object. If the Data Subject does not agree with the decision of the Data Controller or if the Data Controller fails to comply with the statutory deadline, the Data Subject may refer the case to the court within 30 days of the notification of the decision or of the last day of the deadline. The Data Controller may give third party notice to the Data Subject, as well. The Data Controller shall not erase the data of the Data Subject if processing is required by law. The data, however, shall not be transferred to the recipient if the Data Controller agrees with the objection or if the court has found the objection justified.

Right to data portability

The Data Subject shall have the right to receive the personal data which he or she has provided to the Data Controller in a structured, commonly used and machine-readable format, as well as to transfer those data to another controller.

6.8 Legal remedy

In the case of infringement of his rights, the Data Subject may institute court proceedings against the Data Controller in cases specified by law. The court shall hear the case out of turn.

In case the Data Subject has suffered material or non-material damage as a result of an infringement of the General Data Protection Regulation, he or she shall have the right to receive compensation from the Data Controller or the Data Processor for the damage suffered. The Data Controller or the Data Processor shall be exempted from liability if he proves that the damage was the result of force majeure beyond the sphere of data processing. No compensation shall be paid for the part of damage suffered by the injured party as a result of his or her intentional or grossly negligent conduct.

The objection and filing a complaint shall not affect the Data Subject’s other rights regulated by data protection laws.

Complaints shall be dealt with with the involvement of the Data Protection Representative (hereinafter: DPR). The Data Subject may file a complaint with

  • BlackBelt Technology Ltd.
  • the Authority (9-11. Falk Miksa street, Budapest 1055), or
  • turn to court.
Marker icon

How to find us


3rd floor
16 Ganz street
H-1027 Budapest