Data Processing Information – Professional Letters

The member companies of the BDO Hungary group of companies, as data controllers (hereinafter: Data Controller), process personal data for the purpose of sending professional newsletters and providing access to completed studies (hereinafter: Professional Information Service).

For the data processing detailed in this notice (hereinafter: Notice), the data controllers are the following member companies of the BDO Hungary group:

  • BDO Magyarország Compliance Szolgáltatások Kft.
  • BDO Magyarország Könyvvizsgáló Kft.
  • BDO Magyarország Digitális Szolgáltatások Kft.
  • BDO Magyarország ESG Tanácsadó Kft.
  • BDO Legal Jókay Ügyvédi Iroda
  • BDO Magyarország Pénzügyi Tanácsadó Zrt.
  • BDO Magyarország FDI Tanácsadó Kft.
  • BDO Magyarország Vagyonkezelő Kft.

Considering the organizational structure of BDO Hungary in Hungary and the sharing of administrative and operational functions among certain member companies, the individual member companies and BDO Hungary Asset Management Ltd. perform data processing tasks jointly, acting as so-called joint data controllers, meaning they clearly define their responsibilities and obligations among themselves.

The purpose of this Notice is to provide a unified framework for the data processing rules related to the Professional Information Service for all member companies of the BDO Hungary group. It sets out the data protection and data processing principles that the Data Controller recognizes as binding in its activities, includes the principles for handling the data of persons who provide personal data on the Data Controller’s website, in its applications, or within the framework of a service contract, and informs the data subjects about the manner in which their personal data is processed.

When drafting this Notice, the Data Controller paid special attention to Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR), Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Info Act), and Act V of 2013 on the Civil Code (hereinafter: Civil Code).

Data Controller Information

The Data Controller is responsible for the lawful processing of your personal data.

You can contact us at the following addresses:
 

BDO Magyarország
Compliance Szolgáltatások Kft.
 		 1103 Budapest, Kőér utca 2/a
BDO Magyarország
Könyvvizsgáló Kft.
 		 1103 Budapest, Kőér utca 2/a
BDO Legal
Jókay Ügyvédi Iroda
 		 1124 Budapest, Apor Vilmos tér 11-12. 1. em
BDO Magyarország
ESG Tanácsadó Kft.
 		 1124 Budapest, Apor Vilmos tér 11-12. 1. em
BDO Magyarország
Pénzügyi Tanácsadó Zrt.
 		 1123 Budapest, Alkotás u. 53.F.II.
 
BDO Magyarország
Digitális Szolgáltatások Kft.
 		 1103 Budapest, Kőér utca 2/a
BDO Magyarország
FDI Tanácsadó Kft.
 		 1117 Budapest, Buda-part tér 2.B. 11. em.
BDO Magyarország
Vagyonkezelő Kft.		 1103 Budapest, Kőér utca 2/a

Name and registered office of the Data Controller:

Email: hirlevel@bdo.hu
Website: www.bdo.hu

Processing of Personal Data

Your personal data is recorded in the following cases:

  • You or the data controller authorized by you consent to the Professional Information Service in the engagement contract,

  • You confirm your consent by filling in the required fields on the electronic interface and clicking the “send” button,

  • During a professional event, you explicitly request the Professional Information Service from the Data Controller.

Processing of Public Data: If your data appears in public databases (e.g., company register), such data is considered public due to public interest, and based on Section 3 (1)-(2) and (6) of the Info Act, and Section 6 (1) of Act XLVIII of 2008 on the Fundamental Conditions and Certain Limitations of Economic Advertising Activity, it is not considered personal data.

Purposes of Processing Personal Data

By initiating the use of the Professional Information Service, you consent to the Data Controller periodically sending information about services, market updates, and – if provided – topics of interest (e.g., summaries of legislative changes, professional/business news, and invitations to professional, business, or knowledge development events) and making professional studies available. The Data Controller records personal data from you or from a data controller authorized by you. Profiling and automated decision-making do not occur.

If you initiate subscription electronically, you fill in the appropriate fields, accept the data processing rules by ticking the checkbox(es), and confirm your subscription by clicking the “send” button.

Types of Processed Data

Data required to provide the Professional Information Service, which qualifies as personal data under the GDPR and Info Act:

  • Name (for identification)

  • Email address (for delivery of materials)

  • Company name and position (if a service contract exists or if you provided it)

Legal Basis for Data Processing

The legal basis is your voluntary consent or that of your authorized data controller under Article 6(1)(a) of the GDPR. Consent can be withdrawn at any time without affecting the lawfulness of processing based on consent before withdrawal.

Duration of Data Processing

Your personal data will be processed by the Data Controller until the Professional Information Service is terminated, or until you or your authorized data controller request its termination or deletion or otherwise prohibit its processing.

You may unsubscribe from the service at any time by:

  • Sending a request to hirlevel@bdo.hu,

  • Sending a postal request to 1103 Budapest, Kőér Street 2/A, Building C,

  • Clicking the unsubscribe button at the bottom of emails (if available).

Data Security

Personal data provided at the initiation of the service is recorded in the Data Controller’s internal database and emails are sent from kommunikacio@bdo.hu.

If emails are sent via Mailchimp, the personal data is stored in Mailchimp’s database, and newsletters are sent from the central email of the respective business unit (member company).

Only employees involved in the Professional Information Service have access to your data. The Data Controller treats personal data as confidential, does not disclose it, and does not grant access to third parties – except to Mailchimp – or to anyone not involved in the service.

Personal data is stored in a password-protected database, accessible only to designated individuals, protected by the latest firewalls and antivirus software.

Data Processor

If Mailchimp is used, it qualifies as a data processor since it does not process the data for its own purposes. The Data Controller remains responsible for the data processing.

Your Rights and Legal Remedies

You may contact the Data Controller regarding your rights at adatkezeles@bdo.hu.

Right to Information and Access
You have the right to know whether your data is being processed. If so, you may access:

  • Processing purposes,

  • Categories of personal data,

  • Recipients of the data (especially processors),

  • Planned storage duration,

  • Your rights,

  • Source of data (if not provided by you),

  • Info on automated decision-making.

The first request is free. Response is given in writing within one month. If the request is unfounded or excessive (especially repetitive), the Data Controller may:

  • Charge a reasonable fee, or

  • Refuse the request, considering administrative costs.

You’ll be refunded if your data was unlawfully processed or corrected as a result of your request.

If data is accessed, changed, transmitted, disclosed, deleted, or destroyed unlawfully – or lost – you’ll be informed upon request about the incident, including when it occurred, potential effects, and mitigation steps.

Right to Rectification
The Data Controller corrects inaccurate data upon request without undue delay. You may also request the completion of incomplete data.

Right to Erasure
Your data will be deleted without undue delay if:

  • It’s no longer needed,

  • The service has ended,

  • Processing is unlawful,

  • Legal obligations require deletion,

  • Parental consent is missing or revoked for minors under 16,

  • The data was made public and deletion is requested.

Right to Restriction of Processing
Restriction applies if:

  • You contest the accuracy (until verified),

  • Processing is unlawful and you request restriction instead of deletion,

  • The data is no longer needed by the Controller but is required by you for legal claims.

Right to Data Portability
You may receive your data in a structured, widely-used, machine-readable format (e.g., .doc or .pdf) and transfer it to another controller without obstruction.

Refusal of Request

If your request for correction, restriction, or deletion is refused, you will be informed within one month in writing, including reasons and options to appeal in court or to the National Authority for Data Protection and Freedom of Information (NAIH). Responses will be sent by email if you consented.

Remedies

If you believe the Data Controller violated the GDPR during processing, you may file a complaint with a supervisory authority – particularly in the EU member state of your residence, workplace, or the alleged infringement.