Privacy Policy

INTRODUCTION

 

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (hereinafter: “GDPR Regulation“, “Regulation“, “General Data Protection Regulation“) stipulates that the Data controller shall take appropriate measures to provide the data subject with all information relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form, using clear and plain language, and that the Data Controller facilitates the exercise of the rights of the data subject.

Who is the Data controller?

This is set out in Chapter I of this Privacy notice.

What is the purpose of the Privacy notice?

The Data Controller processes personal data for several purposes in accordance with its legal obligations in the course of operating its website that will be elaborated on below.

What is the legal basis for the processing of personal data?

Personal data is only processed for specific purposes and on an appropriate legal basis, the details of which can be found below.

Who are the recipients of the data?

The Data Controller may use data processors for certain data processing operations.


CHAPTER I

THE DATA CONTROLLER
Publisher of this Privacy noitce and Data Controller:

Name: BHE Kft.

Registered office: 1044 Budapest, Ipari park u. 10.

Company registration number: 01-09-077587

Tax number: 10571017-2-41

Represented by: SCHRECK Gábor, Managing Director

Email: info@bhe-mw.eu

Website: https://bhe-mw.eu/

(hereinafter: “Data Controller”, “Company”)

 

If you have any questions regarding the Data controller’s data processing activities or wish to exercise your rights under this Privacy notice, please contact us using one of the contact details above.

 

 

CHAPTER II

DATA PROCESSORS

Data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller (GDPR Article 4(8)).

The use of a data processor does not require the prior consent of the data subject, but the data subject must be informed. Accordingly, we provide the following information:

We use the following data processors in the operation of our website:

  • Headquarters: Barcelona, Spain

Hosting service


CHAPTER III

SPECIFIC DATA PROCESSING

Contact form on the website (https://bhe-mw.eu/)

  • By filling in the contact form on the website, natural persons sending messages can give their consent to the processing of their personal data by ticking the box.
  • The scope of personal data that can be processed: The natural person’s name, telephone number, email address, message.
  • Purpose of personal data processing: to maintain contact with the person, to provide quotations
  • Legal basis for data processing: The voluntary consent of the data subject [GDPR Article 6(1)(a)]. Consent may be withdrawn at any time. Withdrawal of consent does not affect the lawfulness of data processing prior to withdrawal.
  • Recipients of personal data or categories of recipients: the data processors listed above.
  • Period for which the personal data will be stored: 5 years or until the data subject withdraws their consent (requests erasure).
 

Data processing related to the newsletter service

  • By ticking the box, the person registering for the newsletter service acknowledges that, based on their consent, the Data controller will process their data for the purpose of sending newsletters until a request for deletion or withdrawal of consent is received. The data subject may unsubscribe from the newsletter at any time by sending a message to the Data controller. In such cases, all data of the objecting person must be deleted immediately.
  • Scope of personal data that can be processed: name of the natural person (surname, first name), e-mail address.
  • Scope of data subjects: Anyone subscribed to the newsletter.
  • Purpose of personal data processing:
    • Sending newsletters about the Company’s services
    • Sending advertising and informational materials
  • Legal basis for data processing: Voluntary consent of the data subject. [GDPR Article 6(1)(a)]. Voluntary consent may be withdrawn at any time. Please note that the withdrawal of your consent does not affect the lawfulness of data processing prior to the withdrawal. The data subject must include their name and email address in the deletion request for identification purposes.
 

Legal consequences of failure to give consent: the service will not be provided.

  • Recipients of personal data and categories of recipients: the Company’s data processors, in particular its newsletter sender, marketing and IT service providers, for the purpose of providing hosting services.
  • Duration of storage of personal data: In the case of newsletters, the Data controller will process the data provided by the data subject when subscribing to the newsletter until the data subject unsubscribes from the newsletter by clicking on the “Unsubscribe” button at the bottom of the newsletter. In the event of unsubscribing, the Data controller will no longer contact the data subject with the newsletter. The data subject may unsubscribe from the newsletter at any time free of charge and withdraw their consent.
  • The data subject acknowledges that the provision of data is not a prerequisite for concluding a contract and that they are not obliged to provide their personal data. The possible consequence of not providing data is that the newsletter service will not be provided.


CHAPTER IV

VISITOR DATA PROCESSING ON THE COMPANY’S WEBSITE – INFORMATION
ON THE USE OF COOKIES

1On our website, we inform our visitors about the use of cookies and ask for their consent, except for technically essential session cookies.

A cookie is a small text file that is stored on the long-term data storage device (HDD, SSD) of the computer or mobile device of the person concerned for the set expiry period and is reactivated during subsequent visits. Its purpose is to record data related to the visit and personal settings, but this data cannot be linked to the visitor’s identity. It helps to create a user-friendly website and enhance the visitor’s online experience. If the data subject does not agree to the Data controller’s use of cookies, they must discontinue using the website or set their browser to restrict the installation of cookies to session cookies.


Purpose of data processing:

  • To facilitate navigation on the site and thus the use of the website.
  • To improve the user experience by processing browsing habits.
  • To collect statistics.
  • To further develop and fine-tune the website in line with visitor needs.
  • Identifying any malicious IT operations.

Legal basis for data processing: In the case of cookies that are essential for the proper functioning of the website, the Data controller’s legitimate interest [GDPR Article 6(1)(f)], which is embodied in the secure operation of the website.

In the case of legitimate interest as the legal basis, the data subject (i.e. you, the user of the website) has the right to object at any time to the processing of their personal data on this basis. The Data controller is obliged to examine the objection and, on the basis of a so-called balancing of interests (comparison of the interests of the data controller and the data subject), decide on the continuation, possible restriction or termination of data processing.


The legal basis for the processing of other cookies is the voluntary consent of the data subject (Article 6(1)(a) of the GDPR). Voluntary consent may be withdrawn at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Please include your name and email address in the deletion request for identification purposes.

Scope of data subject to data processing: We process data relating to visitors’ use of and browsing of the website and related information.

Duration of data processing: We distinguish between cookies that are stored until the end of a given session and cookies that are processed for a specified, longer period of time. The various cookies are only stored for a specified period of time in order to achieve their purpose. You can delete cookies stored on your computer or mobile phone at any time via your browser settings.


  • Types of cookies:
    • Essential/necessary cookies – these are necessary for the website to function (e.g. Hubspot basic functionality).
    • Functional cookies – improve the user experience (e.g. HubSpot session management).
    • Analytical cookies – collect visitor statistics (e.g. Google Analytics).
    • Marketing cookies – for advertising and remarketing purposes (e.g. Google Ads, Facebook Pixel)

You can find out more about Google Analytics cookies here:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usag

You can find out more about Google AdWords cookies here:

https://support.google.com/adwords/answer/2407785?hl=hu

  • You are not required to accept or enable cookies. You can reset your browser settings to reject all cookies or to notify you when a cookie is being sent, and you can change the automatic cookie acceptance setting.

Certain website features or services may not function properly without cookies.

  1. Information about cookies used on the Company’s website and data generated during visits
    • Data processed during your visit: When you use our website, we may collect and process the following data about you and the device you use to browse the website:
  • the IP address used by the visitor,
  • the type of browser,
  • the characteristics of the operating system of the device used for browsing (set language),
  • time of visit,
  • the (sub)page, function or service visited,
  • clicks,
  • device type (mobile, tablet, desktop),
  • session ID or visitor ID,
  • referrer URL, i.e. the page from which the visitor arrived.

We store this data for a maximum of 90 days and use it primarily to investigate security incidents.

 

 

 

CHAPTER V

INFORMATION ABOUT YOUR RIGHTS
  1. Your rights in brief:

You may request the following from the Data controller:

  • information about the processing of your personal data, which we provide by publishing this Privacy Notice.
  • access to your personal data (making your personal data available to you by the Data controller), correction and supplementation of your personal data,
  • the erasure or restriction (blocking) of your personal data, with the exception of mandatory data processing, data portability,
  • object to the processing of your personal data,
  • the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you,
  • you have the right to legal remedy.

You may submit your request in writing to the Data controller. The Data controller will comply with your lawful request within a maximum of 30 days and will notify you accordingly.

   

2. Your rights in detail:

Right to request information (Articles 13-14 of the GDPR)

You may request information in writing from the Data controller about what personal data it processes, on what legal basis, for what purpose, from what source, for how long, whether it uses a data processor, and if so, the name and address of any data processor and their activities related to data processing, to whom, when, on what legal basis, and to which personal data the Data controller has granted access or to whom it has transferred your personal data, the circumstances and effects of any data protection incident, and the measures taken to remedy it.


Right of access (Article 15 of the GDPR)

You have the right to obtain confirmation from the Data controller as to whether your personal data is being processed and, if so, you have the right to access your personal data. The Data controller shall provide you with a copy of the personal data undergoing processing, unless this conflicts with other legal provisions.

 

Right to rectification and completion (Article 16 of the GDPR)

You may request in writing that the Data controller modify any of your personal data or request that the Data controller supplement any incomplete personal data it processes.


Right to erasure (Article 17 of the GDPR)

The erasure of personal data can generally be requested if our data processing is based on your voluntary consent. In such cases, we will erase your personal data. Your consent can be withdrawn at any time. The withdrawal of consent does not affect the lawfulness of data processing prior to the withdrawal. Please include your name and email address in your request for erasure for identification purposes.


Right to restriction of processing (GDPR Article 18)

You may request in writing that the Data controller block your personal data (clearly indicating the limited nature of the data processing and ensuring that the data is kept separate from other data).

The blocking shall last as long as the reason indicated by you necessitates the storage of the data. In this case, the Data controller shall continue to store the personal data (e.g. the relevant submission) until requested by the authority or court, after which the data shall be deleted.


Right to data portability (Article 20 of the GDPR)

You may request in writing that the personal data provided to the Data controller be made available to you in a structured, commonly used and machine-readable format, and you are entitled to transfer this data to another data controller without the Data controller hindering this, if:

  • the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, or
  • the processing is based on a contract pursuant to Article 6(1)(b); and
  • the processing is carried out by automated means.

Right to object (Article 21 of the GDPR)

You may object in writing to the processing of your personal data for the purposes of the legitimate interests pursued by the Data controller or a third party, including profiling based on those provisions, pursuant to Article 6(1)(f) of the GDPR.

In this case, the Data controller shall no longer process the personal data unless the Data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.


Automated decision-making in individual cases, including profiling (Article 22 of the GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This right does not apply if the decision:

  1. is necessary for entering into, or performance of, a contract between you and the controller;
  2. is authorised by Union or Member State law to which the controller is subject, which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. is based on your explicit consent.

In the cases referred to in points (a) and (c) above, the data controller shall take appropriate measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain human intervention from the data controller, to express your point of view and to contest the decision.



CHAPTER VI

ENFORCEMENT OF RIGHTS, REMEDIES

Contacting the Data controller

We recommend that you send your request or complaint regarding the processing of your personal data to the Data controller before initiating court or administrative proceedings so that we can investigate it.


Initiating administrative proceedings

You have the right to initiate proceedings with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

In Hungary, the National Authority for Data Protection and Freedom of Information is the competent authority (1055 Budapest, Falk Miksa u. 9-11., website: http://naih.hu, postal address: 1363 Budapest, Pf.: 9.; telephone: +36-1-391-1400; fax: +36-1-391-1410; e-mail:ugyfelszolgalat@naih.hu ).


Initiating court proceedings

You may bring an action before a court if you believe that the Data controller is processing personal data in breach of the provisions of legislation or binding legal acts of the European Union governing the processing of personal data. Such proceedings may also be brought before the courts of the Member State in which the data subject has his or her habitual residence. In Hungary, such proceedings fall within the jurisdiction of the courts. The data subject may also initiate proceedings before the court competent for their place of residence or place of stay, at their discretion. Information on the jurisdiction and contact details of the court (tribunal) is available on the following website: https://birosag.hu/.



CHAPTER VII

DATA SECURITY

The Data controller shall ensure the security of the personal data it processes, take the technical and organisational measures and establish the procedural rules necessary to ensure the protection of the data recorded, stored and processed.

The Data controller shall request all third parties to whom it transfers or discloses data on any legal basis to comply with data security requirements.

The processed data may only be accessed by the Data controller, its employees, and the data processor(s) and recipients engaged by the Data controller, in accordance with their authorisation levels.

In order to ensure the security of its IT systems, the Data controller protects its IT systems with a firewall and uses antivirus and virus removal software to prevent external and internal data loss.

The Data controller classifies and treats personal data as confidential information.



CHAPTER VIII

TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANISATION
TRANSFER OF DATA
  •  Based on an adequacy decision (Article 45 of the GDPR)

Pursuant to Article 45 of the GDPR, personal data may be transferred to a third country or international organisation if the European Commission has determined in a decision that the third country, or a territory or one or more sectors within that third country, or the international organisation in question, ensures a level of protection equivalent to that provided by the EU.


  • Transatlantic Data Privacy Framework

On 10 July 2023, the European Commission adopted an adequacy decision on the new EU-US data protection framework, in which it concludes that personal data can be safely transferred from the European Union to US companies participating in the new framework, and that the United States provides an adequate level of protection for personal data transferred from the EU to participating US companies. A basic condition for joining the Transatlantic Privacy Shield is that US companies, as data controllers, commit to implementing data protection measures in line with the GDPR.

  • Data transfers based on appropriate safeguards (Article 46 of the GDPR) 
In the absence of an adequacy decision pursuant to Article 45 of the GDPR, the data controller or data processor may only transfer personal data to a third country or international organisation if it has provided appropriate safeguards with regard to the adequacy of the data transfer and if the data subjects have enforceable data protection rights and remedies.

The Data controller informs you that your personal data provided during data processing may be transferred to a third country.



CHAPTER IX

MISCELLANEOUS

The Data controller reserves the right to unilaterally amend this notice with future effect. The currently valid Privacy Notice is available on the Data controller’s website. The Data controller shall inform the data subjects of any amendments via its website.



Dated: Budapest, 10.09.2025

BHE Ltd.

sales@bhe-corp.com

Copy to clipboard