PRIVACY POLICY

This Privacy Policy sets out the privacy principles of BlackBelt Holding Plc. and BlackBelt Technology Ltd. (BlackBelt Group). Hereinfter,  BlackBelt Technology Ltd. and BlackBelt Holding Plc. shall be collectively referred to as “Data Controller” or “Group”. The reason is that the two organisations provide their services in overlapping and close cooperation, and all the companies belonging to BlackBelt Group are engaged in joint data processing.

Having regard to the fact that the purpose and manner of the data controlling activities conducted by BlackBelt Holding Plc. and BlackBelt Technology Ltd. (BlackBelt Group) are jointly determined by the above Data Contollers, in accordance with Regulation (EU) 2016/679 of the European Parliament, BlackBelt Holding Plc. and BlackBelt Technology Ltd. shall be regarded joint data controllers.

The Data Controller is committed to fully respecting the website visitors’ (hereinafter: “Data Subjects”) rights related to processing their data. Accordingly, we control the Data Subjects’ personal data in accordance with the provisions of  the General Data Protection Regulation  (EU) 2016/679 of European Parliament and of the Council (hereinafter: “GDPR”).

1 The Data Contollers’ details and contacts:

The details of the companies involved in the joint data controlling within the BlackBelt Group and the parties to joint the joint data controlling agreement are as follows:

on the one hand:

BlackBelt Holding Plc.,

The Data Controller’s representative: Róbert Sövegjártó

Registered seat: 48/C Gábor Áron utca, Budakeszi 2092

Office: 4 Királyfürdő utca, Budapest 1027

Telephone: +36 1 611 0462

on the other hand:

BlackBelt Technology Ltd.

The Data Controller’s representative: Róbert Sövegjártó

Registered seat: 48/C Gábor Áron utca, Budakeszi 2092

Office: 4 Királyfürdő utca, Budapest 1027.

Telephone: +36 1 611 0462

The e-mail address and website of the companies collectively: info@BlackBelt.hu, www.BlackBelt.hu

2 Managing cookies

Cookies are small data files placed on the user’s computer by the visited website. Cookies are designed to make using a particular infocommunication or online service easier and more convenient by enabling the website to recognise the visitor’s browser the next time the website is visited. Cookies can store user preferences (e.g. the selected language) and other information. Among others, they collect information about the visitor and his or her device, remember the visitor’s personal preferences and can be used, for example, for online shopping carts. Generally, cookies make using a website easier, they allow websites to ensure users a better online experience and an efficient source of information; also, they allow website operators to control the operation of their website, to prevent breaches and to provide smooth and high-quality services through their website.

Our website records and manages the following information about visitors and the device used to visit the website:

  • the IP address used by the visitor,
  • the type of browser,
  • the settings of the operation system of the device used for browsing (selected language),
  • the date and time of the visit,
  • the visited (sub)page, function or service,

It is not obligatory to accept or allow the use of cookies. You can reset the settings of your browser to reject all the cookies or to warn you when the system sends a cookie. Although most browsers automatically accept cookies by default, these settings can usually be changed to reject the automatic acceptance of cookies and to offer options each time.

To learn more about the cookie settings of the most popular browsers, please follow this link:

Please note, however, that certain website features or services may not work properly without the cookies.

3 The cookies used by the Data Controller’s website

3.1 Technical cookies (session cookies)

These cookies are necessary to allow visitors to browse the website, to use the features and services offered by the website smoothly and without limitation, including, particularly, remembering the visitor’s activities on the website during a visit. The duration of data processing by these cookies is restricted to the visitor’s given visit to the website, and after closing the session or the browser, this cookie type is automatically deleted from your computer.

The legal basis for data processing: the Service Provider’s legitimate interests in the proper operation of the website.

The purpose of data processing: to ensure the proper opration of the website.

Session cookies used:

Cookie type Device Data collected
_gat (http) Google Analytics used to throttle the speed of requests to the server
_gid (http)   Registers a unique ID that is used to generate statistical data on how the visitor uses the website
GPS (http) YouTube Registers a unique ID on mobile devices to enable tracking based on geographical GPS location
test_cookie (http) Google Doubleclick Checks whether the visitor’s device supports cookies
YSC (http) YouTube Registers a unique ID for statistical purposes to track the YouTube videos which the visitor has viewed
yt-remote-cast-installed (html) YouTube Stores the user’s video player preferences for embedded YouTube videos
yt-remote-fast-check-period (html) YouTube Stores the user’s video player preferences for embedded YouTube videos
yt-remote-session-app (html) YouTube Stores the user’s video player preferences for embedded YouTube videos
yt-remote-session-name (html) YouTube Stores the user’s video player preferences for embedded YouTube videos

Unsubscribe option: https://tools.google.com/dlpage/gaoptout?hl=en

3.2 Cookies requiring consent

They allow the Data Controller to remember the user’s preferences related to the website. The visitor can refuse this processing any time before or during using the service. These data shall not be linked to the identification data of the recipient of the service, and shall not be made accessible for a third party without the consent of the recipient of the service.

The purpose of the data collection is to prepare analyses and statistics about how users use the website (e.g. what sources they had come from, which web pages they visited, how much time they spent on the website, what devices and browser they used to visit the website, etc.), as well as to understand the website visitors’ purposes. The legal basis of data processing: the voluntary consent of the Data Subject.

Cookies used:

Cookie type Device Data collected Expiry
_ga Registers a unique ID that is used to generate statistical data on how the visitor uses the website 2
years
fr (http) Facebook advertising service for third party advertisers 3
months
IDE (http) Google Doubleclick records and reports the visitor’s activity after viewing an advertisement in order to measure the effectiveness of the advertisement 2
years
PREF (http) YouTube Creates a unique ID for statistical purposes to track the way the visitor views YouTube videos on various websites 8 months
VISITOR_INFO1_LIVE (http) YouTube Estimates the visitor’s bandwidth on pages with embedded YouTube videos 179
days
yt-remote-connected-devices (html) YouTube Stores the user’s video player preferences for embedded YouTube videos no expiry
yt-remote-device-id (html) YouTube Stores the user’s video player preferences for embedded YouTube videos no expiry
__cfduid (http) Cloudflare (hs-analytics.net) Identifies reliable data traffic 1 year
__cfduid (http) Cloudflare (hscollectedforms.net) Identifies reliable data traffic 1 year
__cfduid (http) Cloudflare (hs-scripts.com) Identifies reliable data traffic 1 year
__cfduid (http) Cloudflare (hubspot.com) Identifies reliable data traffic 1 year
__cfduid (http) Cloudflare (usemessages.com) Identifies reliable data traffic 1 year

 

Unsubscribe option: https://tools.google.com/dlpage/gaoptout?hl=en

4 Contact

The Data Subject can send BlackBelt an e-mail to info@BlackBelt.hu.

Sending an e-mail message requires a name and an e-mail address; these data will be processed for contact purposes, and – in case the Data Subject gives his or her express consent – for newsletter subscription.

BlackBelt Group shall process the contact data until the purpose of data processing is fulfilled, that is, until the subject of the message (the question to which the sender expects a reply) is deemed achieved but not longer than one year of sending the message.

In case the Data Subject subscribes to the newsletter, the Data Controller shall process the data until unsubscription.

5 Data security

The Data Controller shall take the necessary technical and organisational measures and imlement appropriate rules of procedure in order to ensure the security of the personal data during the entire process of data processing.

The Data Controller shall select and operate the IT tools used for data processing with a view to

  • allow authorised parties access to the data processed (availability);
  • ensure the authenticity and the authentification of the data processed (authenticity of data processing);
  • be able to verify the integrity of the data processed (data integrity);
  • protect the data processed against unauthorised access (data confidentiality).

The Data Controller shall

  • take appropriate measures to protect the data against accidental or unlawful destruction, loss, alteration, damage, unauthorised disclosure or access,
  • restrict access to the personal data by specifying levels of authorisation,
  • protect the IT systems with a firewall and ensure virus potection,
  • make sure that during the electronic data processing the data are only accessible for specific purposes, under controlled circumstances and only by persons who need such access to carry out their duties.
  • in order to protect the data sets processed electronically in its various records, use appropriate technical solutions to ensure that the data stored cannot be directly linked and assigned to the Data Subject, unless permitted by law.

Taking into account the state of the art, the Data Controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

The Data Controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. In the case of a personal data breach, the Data Controller shall, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter: the Authority), unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

6 The rights of the Data Subject and the enforcement thereof

The Data Subject can request information about the processing of his or her personal data, and request the rectification or erasure thereof – except in cases where the data processing is required by law – following the procedure described at the time of data collection or via Customer Service.

6.1 Right to be informed

The Data Controller shall, upon request, inform the Data Subject of the data processed by the Data Controller or by a Data Processor commissioned by the Data Controller, of their source, of the purpose of the data processing, of its legal basis and duration, of the name, address and activity of the Data Processor concerning the data processing, as well as of the legal basis and recipients of the data transfer in cases where the Data Subject’s data are transferred to third parties. The Data Controller shall provide the information in writing and in an easy-to-understand manner within the shortest possible time, but not later than within 25 days of submitting the request. The provision of information is free of charge, unless in the given calendar year the person requesting the information has already filed a request with the Data Controller concerning the same information. In other cases, expenses may be charged. The Date Controller may only refuse providing information to the Data Subject in cases specified by law. When information is denied, the Data Controller shall inform the Data Subject in writing about which provision of the Act on Informational Self-determinationand Freedom of Information the denial was based on. When information is denied, the Data Controller shall inform the Data Subject of the opportunities of legal remedy and turning to the Authority.

6.2 Right to rectification

When the personal data are incorrect and the correct personal data are available to the Data Controller, the Data Controller shall rectify the personal data.

6.3 Right to erasure

The personal data shall be erased if the processing thereof is unlawful; when the Data Subject requests so (except obligatory data processing); if they are incomplete or inaccurate and there is no legal remedy for this situation, provided that the law does not exclude erasure; when the purpose of processing has ceased to exist, or the time limit for the storage of data specified by law has expired; or when it has been ordered by court or the Authority.

6.4 Right to restriction of processing

Instead of erasure, the Data Controller may restrict processing the personal data if the Data Subject requests so, or if – based on the information available – the erasure would possibly injure the Data Subject’s legitimate interests. The personal data so restricted can only be processed as long as the purpose of data processing which excluded erasure still exists. The Data Controller shall mark the personal data if the Data Subject disputes their correctness or accuracy, but the incorrectness or inaccuracy of the personal data cannot be established beyond doubt.

6.5 Notification obligation regarding the rectification or erasure of personal data or the restriction of processing

The Data Controller shall notify the Data Subject of the rectification, restriction or erasure of the data. Such information may be dispensed with if, in view of the purpose of processing, no legitimate interests of the Data Subject are infringed thereby. In case the Data Controller does not fulfill the Data Subject’s request concerning the rectification, restriction or erasure of the data, the Data Controller shall inform the Data Subject of the factual and legal reasons for denying such request within 30 days of receiving the request. In case the request for the rectification, erasure or restriction of the data is denied, the Data Controller shall inform the Data Subject of the opportunities of legal remedy or turning to the Authority.

6.6 The right to objection

The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing personal data concerning him or her, carried out in the public interest, in the exercise of official authority vested in the Data Controller or processing necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, including profiling based on those provisions.

In the case of an objection, the Data Controller shall no longer process the personal data, unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.

The Data Controller shall, within the shortest possible time but not later than 15 days of submitting the request, examine the objection, determine whether the request is justified and notify the Data Subject of its decision. Where the objection is justified, the Data Controller shall discontinue the processing of data, including further collection or transfer, and block all data; also, he shall inform of the objection and the measures taken on the basis thereof all those to whom the personal data the objection aimed at were previously transferred, and who, on their part, shall take the necessary measures for the enforcement of the right to object. If the Data Subject does not agree with the decision of the Data Controller or if the Data Controller fails to comply with the statutory deadline, the Data Subject may refer the case to the court within 30 days of the notification of the decision or of the last day of the deadline. The Data Controller may give third party notice to the Data Subject, as well. The Data Controller shall not erase the data of the Data Subject if processing is required by law. The data, however, shall not be transferred to the recipient if the Data Controller agrees with the objection or if the court has found the objection justified.

6.7 Right to data portability

The Data Subject shall have the right to receive the personal data which he or she has provided to the Data Controller in a structured, commonly used and machine-readable format, as well as to transfer those data to another controller.

6.8 Legal remedy

In the case of infringement of his rights, the Data Subject may institute court proceedings against the Data Controller in cases specified by law. The court shall hear the case out of turn.

In case the Data Subject has suffered material or non-material damage as a result of an infringement of the General Data Protection Regulation, he or she shall have the right to receive compensation from the Data Controller or the Data Processor for the damage suffered. The Data Controller or the Data Processor shall be exempted from liability if he proves that the damage was the result of force majeure beyond the sphere of data processing. No compensation shall be paid for the part of damage suffered by the injured party as a result of his or her intentional or grossly negligent conduct.

The objection and filing a complaint shall not affect the Data Subject’s other rights regulated by data protection laws.

Complaints shall be dealt with with the involvement of the Data Protection Representative (hereinafter: DPR). The Data Subject may file a complaint with

  • BlackBelt Technology Ltd. / BlackBelt Holding Plc.,
  • the Authority (22/C Szilágyi Erzsébet fasor, Budapest 1024), or
  • turn to court.
Marker icon

How to find us

Address:

1st-2nd-3rd floor
Canada Square
4 Kiralyfurdo street
H-1027 Budapest