Data Privacy Notice Version CSBON/1.0

Data Controller

Name: Bakó Csaba Stefan
Address: 1096 Budapest, Haller Utca 23-25 A2/202
Email: dataprivacy@bakocsaba.com
Phone:
Website: https://www.bakocsaba.com

Hosting Provider

Name: GoDaddy.com LLC
Address: 2155 E GoDaddy Way, Tempe, Arizona 85284, USA
Email: privacy@godaddy.com
Phone: +1-480-366-3546
Website: https://www.godaddy.com

Cookie Settings for https://www.bakocsaba.com

Cookie Name: CookieBot
Cookie Consent Link: View Cookie Consent

General Contact Scenario

Details: Manages data processing for all contact channels including phone, web forms, email, and digital communications.

Purpose of Data Processing (WHY)

Case Name: General Contact and Communication
Description: Covers data processing for contact through phone, web portal forms, email, Microsoft Teams, instant messaging, and chatbots.
The Data Controller processes information provided during these interactions for communication and request purposes.
Purpose: -Process and respond to inquiries/questions
-Manage communication requests
-Facilitate follow-up interactions

Legal Basis:
-Primary: Article 6(1)(a) GDPR - Consent
-Secondary: Article 6(1)(b) GDPR - Contract performance (where applicable)
Processed Data: -Personal Identifiers: Name, email address, phone number
-Contact Details: Physical address (if provided)
-Communication Content: Message content, attachments, chat logs
-Technical Data: Timestamp, communication channel used
Operational Objective: -Ensure timely response to inquiries
-Maintain communication records
-Facilitate communication and contact
Legal Basis: Article 6(1)(a) GDPR - Consent
Base Retention Period: 2 years
Retention Justification: null
Data Classification: Low Risk
Data Classification Justification: Contains basic contact information without sensitive personal data
Security Level: Standard data protection measures apply (e.g. Using MFA for Microsoft 365 services, access controls, encryption where applicable, secure communication channels).

Data Processing Activities (HOW)

Microsoft Corporation Data Processor
Data Processor General Details:
Address: One Microsoft Way, Redmond, Washington 98052, United States European Representative: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
Website: https://www.microsoft.com
Data Processing Details
Activity: Providing cloud-based productivity and collaboration tools through Microsoft 365 services, including Exchange Online, SharePoint Online, and Teams. Services involve:
- Email communication and storage
- Document storage and processing
- Team collaboration and communication
- Business data management
- Microsoft Teams based communication
Data Processed: Contact information provided during interactions
- Email content and attachments
- Documents and files stored in SharePoint
- Teams chat messages and shared content
- Business data processed through Microsoft 365 services
All data is stored and processed on European servers through EEA Microsoft 365 licenses.
Legal Basis: Art. 6(1)(b) GDPR - Processing is necessary for the performance of a contract
Art. 28 GDPR - Processing by a data processor
Microsoft acts as a data processor under a formal data processing agreement, complying with GDPR requirements and implementing appropriate technical and organizational measures.
Retention Period: 2 years

Social Media Communication

Details: Covers data processing related to the company's social media presence and interactions on Facebook, LinkedIn, and Twitter platforms.

Purpose of Data Processing (WHY)

Case Name: Social Media
Description: The Data Controller maintains an official presence on social media platforms such as Facebook, LinkedIn, and Twitter. These pages are used to share information, news, services, products, and other relevant content. Visitors can engage with the Data Controller on social media platforms by liking, sharing, commenting on posts, or sending private messages.

We process data related to social media interactions when users interact with our company profiles on platforms such as Facebook, LinkedIn, and Twitter. This includes comments, direct messages, likes, shares, and other platform-specific activities. Each platform functions as an independent Data Processor, handling user interactions in accordance with its own privacy policies.
Purpose: Primary Purposes:
-Manage social media communications
-Process user inquiries and feedback
-Monitor and respond to social media engagement
Processed Data: -Profile Information: Public username, profile picture, professional title (LinkedIn)
-Interaction Data: Comments, likes, shares, reactions
-Message Content: Direct messages, chat history
-Professional Data (LinkedIn): Job title, company, professional experience
-Network Information: Followers, connections, mutual contacts
-Engagement Metrics: Interaction timestamps, frequency of engagement
-Technical Data: Device type, app version, interaction timestamps
Operational Objective: -Provide customer support via social channels
-Build and maintain professional networks
-Share company updates and information
-Analyze engagement patterns for service improvement
Legal Basis: -Primary: Article 6(1)(a) GDPR - Consent through platform interaction
-Secondary: Article 6(1)(f) GDPR - Legitimate interests for business communications
Base Retention Period: Direct messages: 2 years from last interaction
Retention Justification: Base Retention Period:

Active business relationship duration
Platform-specific retention policies apply
Direct messages: 2 years from last interaction
Public interactions: Per platform policy

Additional Notes:

Each platform (Facebook, LinkedIn, Twitter) maintains its own privacy policy
Users should refer to platform-specific data processing terms
Company has limited control over platform-side data processing
Data Classification: Medium Risk
Data Classification Justification: Public and semi-public social interactions; potential for sensitive professional information
Security Level: Enhanced protection for direct messages and private communications

Data Processing Activities (HOW)

Meta Platforms Ireland Ltd (Facebook) Data Processor
Data Processor General Details:
Address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Website: https://www.facebook.com/help/contact/540977946302970
Data Processing Details
Activity: -User interaction data processing
-Message content storage and delivery
-Analytics and insights generation
-Post and comment management
-Audience targeting and reach metrics
Data Processed: User profile information
Interaction history (likes, comments, shares)
Direct messages
Page insights data
Visitor analytics
Ad interaction data (if using ads)
Legal Basis: GDPR Article 6(1)(a) - Consent
Retention Period: According to Meta Data Policy (typically active account + 90 days)

Your Rights in Relation to Data Processing

Right to Withdraw Consent

You have the right to withdraw your consent to data processing at any time. Upon withdrawal, your personal data will generally be erased unless another legal basis exists for its continued processing.

Note: The right to withdraw consent must be assessed on a case-by-case basis, as it may be impacted or overridden by ongoing contractual obligations, legal requirements, or legitimate interests (e.g., invoicing data retention, debt collection). In such cases, you must contact the Data Controller to determine how withdrawal affects your data processing.

Right of Access

You have the right to request confirmation from the Data Controller as to whether your personal data is being processed. If so, you are entitled to receive access to the following information:

  • The purposes of processing.
  • Categories of personal data being processed.
  • Recipients or categories of recipients to whom the personal data has been or will be disclosed.
  • The envisaged period of retention or the criteria used to determine it.
  • Your rights regarding rectification, erasure, restriction, or objection to processing.
  • The right to lodge a complaint with a supervisory authority.
  • The source of the data if not collected from you directly.
  • The existence of automated decision-making, including profiling, along with meaningful information about the logic involved and the potential consequences of such processing.

The Data Controller will provide this information within 30 days. If additional time is needed due to complexity or volume of requests, you will be informed accordingly.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you have the right to request correction or completion without undue delay.

Right to Restriction of Processing

You may request limited processing under the following circumstances:

  • You contest the accuracy of the data, for a period allowing verification.
  • The processing is unlawful, and you oppose erasure, opting instead for restriction.
  • The Data Controller no longer needs the data, but you require it for legal claims.
  • You have objected to processing, pending resolution of the legitimacy of the Data Controller’s grounds.

Restricted data will only be processed with your consent or for legal claims, protection of others’ rights, or important public interests.

Right to Erasure (Right to Be Forgotten)

You may request deletion of your data under the following conditions:

  • The data is no longer necessary for the original purpose.
  • You withdraw consent, and no other legal basis applies.
  • You object to processing, and there are no overriding legitimate grounds.
  • Your data was unlawfully processed.
  • Erasure is required for compliance with a legal obligation.

If your data has been made public, reasonable steps will be taken to inform other data controllers of your erasure request.

Exceptions: Erasure is not applicable if processing is required for freedom of expression, legal compliance, public interest tasks, or legal claims.

Legal Remedies

If you believe your data protection rights have been violated, you may file a complaint with the **Hungarian National Authority for Data Protection and Freedom of Information (NAIH)**:

  • Mailing address: **H-1363 Budapest, Pf. 9.**
  • Email: **ugyfelszolgalat@naih.hu**
  • Phone numbers: **+36 (30) 683-5969, +36 (30) 549-6838, +36 (1) 391 1400**

Additionally, you may file a **civil lawsuit** against the Data Controller in court.

Amendment of the Privacy Policy

The Data Controller reserves the right to modify this Privacy Policy without altering the purpose and legal basis of data processing. By continuing to use the website after modifications, you accept the updated policy.

GDPR Full Version: Version CSBON/1.0
Valid From: 2025-02-15

Powered by GDPR Management System by CSE Business Kft