Border Quest

Privacy Policy

Regarding the Processing of Personal Data on the Website (www.border-quest.com)
Updated: February 17, 2025
I. INTRODUCTION
BQ Hungary Kft., as the data controller (registered seat: 1138 Budapest, Népfürdő utca 22. B. ép. 15. em.; hereinafter referred to as “Data Controller”) and operator of the website (www.border-quest.com) (hereinafter referred to as the “Website”), acknowledges and accepts the content of this privacy policy as binding. The Data Controller is committed to ensuring that all data processing activities related to its operations comply with the expectations set out in this notice and the applicable legal provisions.
The Data Controller is dedicated to protecting the personal data of its customers and partners, and highly values respecting the informational self-determination rights of those using its services. Personal data is processed confidentially, and the Data Controller implements all necessary security, technical, and organizational measures to guarantee the safety of the data.
This policy provides an overview of the data processing practices employed by the Data Controller in connection with its activities.
II. CONTACT DETAILS OF THE DATA CONTROLLER
Data Controller
Name:
BQ Hungary Kft.
Registered Address:
1138 Budapest, Népfürdő utca 22. B. ép. 15. em.
Tax Number:
32682036-2-41
Company Registration Number:
01 09 437136
Phone Number:
+36 30 111 8745
Email:
info@border-quest.com
III. APPLICABLE LEGAL FRAMEWORK
The Data Controller's data processing principles comply with the applicable data protection regulations, including but not limited to:
• Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR);
• Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Infotv.);
• Act V of 2013 on the Civil Code (Ptk.);
• Act C of 2000 on Accounting (Accounting Act);
• Act CVIII of 2001 on Electronic Commerce and Information Society Services (Ektv.);
• Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising (Grt.).
IV. CATEGORIES OF PERSONAL DATA, PURPOSE, LEGAL BASIS, AND RETENTION PERIOD OF DATA PROCESSING
1. Data Processing Related to Contact Requests
The Website allows users to contact the Data Controller for any purpose.
Data subjects:
Individuals who use the ‘Contact Us’ feature on the Website.
Purpose:
Identification of the sender and responding to their inquiry.
Legal basis:
Voluntary consent of the data subject.
Categories of personal data processed:
Name, email address, message.
Retention period:
Until the completion of the inquiry, but no longer than 1 year.
Consequences of non-provision:
Contact cannot be established without the provision of data.
Recipients of data:
BQ Hungary Kft.
Transfer to third countries:
None
Data processors:
Name: Rackforest Informatikai Kereskedelmi Szolgáltató és Tanácsadó Kft.
Seat: 1132 Budapest, Victor Hugo u. 11., 5. emelet
Task: Hosting services.

2. Use of Cookies
The Website uses cookies, and details regarding this data processing can be found in the Cookie Policy.
3. Other Data Processing Activities
For data processing activities not listed in this policy, information will be provided at the time of data collection.
The Data Controller may be requested by courts, prosecutors, law enforcement, regulatory agencies, or other authorities, as authorized by law, to disclose information, share data, or provide documents. The Data Controller will only release as much personal data as is absolutely necessary for fulfilling such requests.
V. RIGHTS OF DATA SUBJECTS
Data subjects have the following rights concerning the processing of their personal data:
• Transparent communication and access to information about data processing.
• Right to access personal data processed by the Data Controller.
• Right to rectification of inaccurate or incomplete data.
• Right to erasure ('right to be forgotten').
• Right to restrict data processing.
• Right to data portability.
• Right to object to data processing.
• Right to withdraw consent at any time.
• Right to file complaints and seek legal remedies.
1. Transparent information
The Data Controller is obliged to provide you with information on the processing of your personal data within the scope of the GDPR. The Data Controller fulfils this obligation through this Privacy Policye. Please note that if you have any further questions about the processing of your personal data, you may exercise your right of access.
2. Right of access
You may request information on whether the Data Controller is processing your personal data and, if so, you may request a detailed information notice which will include
• for what reason;
• what data are processed;
• the source of the personal data;
• with whom it discloses your processed data,
• for how long it will retain the processed data; and
• if it transfers your data in the context of an international data transfer, the safeguards of the transfer; and
• you will be informed again of your rights concerning the processing of your personal data and that you can lodge a complaint with the data protection authority.
Upon your request, the Data Controller will provide you, free of charge, with a copy of your personal data processed.
For additional copies, the Data Controller may charge a reasonable fee based on administrative costs. Upon your request, the information will be provided in electronic format. The right to information may be exercised in writing using the contact details below:
• By e-mail: info@border-quest.com
• By post: to the Data Controller's seat: 1138 Budapest, Népfürdő utca 22. B. ép. 15. em.
At your request, information can also be provided orally, after your identity has been verified and identified.
3. Right to rectification
At your request, the Data Controller will correct, rectify or complete any inaccurate personal data (e.g. incorrect date of birth, e-mail address has changed, name change, etc.).
4. Right to erasure
You may request that your personal data be deleted without delay if
• the purpose of the processing no longer justifies the processing of your data;
• the processing was based on consent and you have withdrawn your consent (and there is no other legal basis for the processing);
• you object to the processing and there is no overriding legitimate ground for the processing;
• where your data have been unlawfully processed; or
• the erasure of the data is required by law.
The erasure of the data may not be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with a legal obligation to which the controller is subject or for the performance of a task carried out in the public interest; for archiving, scientific or historical research purposes or statistical purposes in the public interest; or for the establishment, exercise or defence of legal claims.
5. Right to restriction of processing
If you wish to exercise this right and it is subject to restriction under the law, the Data Controller may only store your personal data, but may not perform any other operations on them (e.g. transfer them to third parties, or organise them) - unless you consent to these operations or they are based on a legal obligation.
When can this right be exercised?
• If you dispute the accuracy of the personal data we process, for the time it takes to verify whether the data is inaccurate.
• If your personal data is unlawfully processed but you request that it is not deleted but only blocked.
• If the Data Controller no longer needs your data, but you request that we retain the data because, for example, you need it to exercise a right at a later date.
• If you object to the processing of your personal data, for the period necessary to determine whether the Controller's legitimate grounds override your legitimate grounds.
• In any case, the Controller will inform you in advance if the restriction of processing is lifted in the cases mentioned above (for example, because your inaccurate data have been corrected or your request for restriction has been rejected).
6 Right to data portability
Where the processing is based on your consent or is necessary for the performance of a contract and the processing is carried out by automated means, you may request to receive personal data concerning you that you have provided to the Data Controller in a structured, commonly used, machine-readable format and that the Data Controller transfers this data to another data controller.
7 Right to object
You have the right to object to the processing of your personal data at any time on grounds relating to your particular situation, if the processing is based on the legitimate interests of the Controller. In case of your objection, your personal data will only be further processed if justified by compelling legitimate grounds which override your interests, rights and freedoms.
Where your personal data is processed for direct marketing purposes (e.g. sending a newsletter), you have the right to object at any time to the processing of your personal data for these purposes. In the event of your objection, your personal data will no longer be processed by the Data Controller for these purposes.
8. Right to withdraw consent
You have the right to withdraw your consent at any time during the processing, however, the withdrawal of your consent does not affect the lawfulness of the processing based on your consent prior to the withdrawal.
You can exercise your rights in the following ways:
• By e-mail: info@border-quest.com
• By post: to the Data Controller's seat: 1138 Budapest, Népfürdő utca 22. B. ép. 15. em.
In the event of exercising your rights, the Data Controller will contact you as set out in point 9.
9. Procedural rules
Please note that the Data Controller will inform you of the action taken on your request without undue delay, but in any event within one month of receipt of your request. If necessary, this period may be extended by a further two months, taking into account the complexity of the request and the number of requests.
You will be informed of the extension within one month of receipt of your request.
If you have submitted your request by electronic means, the Data Controller will provide you with information by electronic means (unless you request otherwise).
If the Data Controller does not take action on your request, you will be informed without delay, but at the latest within one month of receipt of your request, of the reasons for this and of the possibility to lodge a complaint with the NCA and exercise your right to judicial remedy.
I inform you that the Data Controller will provide the requested information and notification free of charge. If your request is manifestly unfounded or excessive, in particular because of its repetitive nature, the Controller may charge a reasonable fee for administrative costs or refuse to act on your request.
The Data Controller will inform any recipient to whom or with which your personal data have been disclosed of the rectification, erasure or restriction of processing of your personal data (unless this proves impossible). We will also inform those recipients at your request.
10. Compensation and damages
The Data Controller will compensate you for any damage caused to you by unlawful processing of your data or by a breach of data security requirements. In the event of a violation of your personal rights, you may claim damages in accordance with the provisions of the Civil Code. The Data Controller shall be exempted from liability for the damage caused and from the obligation to pay the damages if it proves that the damage or the harm caused by the infringement of your personality rights was caused by an unforeseeable cause outside the scope of the processing.
For any damage caused by a processor engaged by the Data Controller in the processing of your personal data, the Data Controller and the processor engaged by or on behalf of the Data Controller, as well as the joint controllers and the processors engaged by or on behalf of the joint controllers,
• shall be jointly and severally liable to the data subject for the damage; and
• shall be jointly and severally liable to pay to the data subject the damages for personal injury.
The Data Controller shall not compensate the damage and shall not claim any damages to the extent that the damage results from the intentional or grossly negligent conduct of the data subject or the infringement of a personality right.
11. Right of redress
11.1. Right to apply to the courts
If you have suffered damage in the exercise of your rights in relation to the processing of your personal data (e.g. you have not been able to exercise your rights, you have not been informed about the processing, etc.), you may bring a lawsuit. As a data subject, you may also choose to bring a claim against the controller before the courts of the place of residence or domicile of the data subject. In the action, the controller or processor will have the burden of proving that it has acted in accordance with the relevant legislation and EU binding legal acts. Legal proceedings relating to the protection of personal data are free of charge.
11.2. Procedure before the data protection authority
In the event of a breach of your rights in relation to the processing of your personal data in the exercise of your rights, you may, at your option, also refer the matter to the National Authority for Data Protection and Freedom of Information.
Contact details of the Authority:
Name: National Authority for Data Protection and Freedom of Information
Headquarters: 1055 Budapest, Falk Miksa utca 9-11.
Address for correspondence: 1363 Budapest, PO Box 9.
Phone: +36 (30) 683-5969; +36 (30) 549-6838; +36 (1) 391 1400
E-mail: ugyfelszolgalat@naih.hu
VI. SECURITY MEASURES FOR PERSONAL DATA STORAGE AND PROCESSING
The Data Controller and its processors shall implement appropriate technical and organisational measures to ensure a level of data security appropriate to the scale of the risk, taking into account the availability of technology and the cost of implementation, the nature, scope, context and purposes of the processing, and the varying degrees of probability and severity of the risk to the rights and freedoms of natural persons.
The Data Controller shall select and operate the IT tools used for the processing of personal data in such a way that the processed data:
• is accessible to authorised persons (availability);
• its authenticity and authenticity are ensured (authenticity of processing);
• its integrity can be verified (data integrity);
• protected against unauthorised access (data confidentiality).
The Data Controller shall take appropriate measures to protect the data against, in particular, unauthorised access, alteration, disclosure, disclosure, erasure or destruction, accidental destruction, damage or loss, and inaccessibility resulting from changes in the technology used.
The Data Controller shall ensure, by appropriate technical means, that, except where permitted by law, the stored data cannot be directly linked and attributed to data subjects in order to protect the data files managed electronically in its various registers.
In order to protect the data files managed electronically in its various registers, the Data Controller shall ensure, by appropriate technical means, that the data stored cannot be directly linked and attributed to data subjects, except where permitted by law.
The Data Controller shall ensure the security of data processing by technical, organisational and organisational measures, taking into account the state of the art, which provide a level of protection appropriate to the risks associated with the processing.
The Data Controller shall ensure during the processing:
• confidentiality: it protects the information so that only those who are entitled to access it have access to it;
• integrity: to protect the accuracy and integrity of the information and the processing method;
• availability: ensures that the information is available and that the means to access it are available when the authorised user needs it.
The information technology systems and networks of the Data Controller and its partners involved in data processing are protected against computer fraud, espionage, sabotage, vandalism, fire and flood, computer viruses, computer intrusions and attacks that could lead to denial of service. The operator ensures security through server-level and application-level protection procedures. The Data Controller informs the data subjects that electronic messages transmitted over the Internet, regardless of the protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that could lead to fraudulent activity, contract disputes, or disclosure or modification of information. The Data Controller will take all reasonable precautions to protect against such threats. It monitors systems in order to record any security discrepancies and to provide evidence of any security incidents. System monitoring also allows the effectiveness of the precautions taken to be checked.
The Data Controller shall keep a record of any data breaches, indicating the facts relating to the data breach, its effects and the measures taken to remedy it. The Data Controller shall notify a potential personal data breach to the National Authority for Data Protection and Freedom of Information without delay and, if possible, no later than 72 hours after the personal data breach has come to its attention, unless the personal data breach is unlikely to pose a risk to the rights and freedoms of natural persons.
VII. MODIFICATIONS AND UPDATES
This Privacy Policy is effective from February 17, 2025. The Data Controller reserves the right to amend this policy and will notify data subjects of significant changes in due time.