[domain_name capitalized='yes'] In order to ensure full compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act CXII of 2011 on the Right to Self-Determination in Information and Freedom of Information (Infotv.), we provide the following privacy notice regarding the processing of personal data.
[website_name] may unilaterally amend this Privacy Policy at any time. This Privacy Policy and any amendments thereto will be published on the [website_name] website (az investinbaranya.hu).
It is also important to check regularly to see if our Privacy Policy has been updated. The most recent version of the Privacy Policy is always available at the web address above. You can easily determine when our privacy policy was last updated by checking the “effective date” (at the top of the page).
Details of the data controller
Név: Baranya Vármegyei Fejlesztési Ügynökség Nonprofit Kft. (továbbiakban: „investinbaranya.hu” vagy „Szolgáltató”)
Cégjegyzékszám: 02-09-079600
Adószám: 24185369-2-02
Székhely: 7621 Pécs, Széchenyi tér 9.
E-mail: info@investinbaranya.hu
Weboldal: Invest In Baranya
1. What personal data we process, for how long, for what purposes, and on what legal basis
The legal bases for our data processing may include the following:
in accordance with Article 6(1)(a) of the GDPR, the user’s voluntary consent to data processing, based on adequate information (hereinafter: Consent);
In accordance with Article 6(1)(b) of the GDPR, the processing is necessary for the performance of a contract to which the User, as a data subject, is a party (hereinafter: performance of a contract)
In accordance with Article 6(1)(c) of the GDPR, the processing is necessary for compliance with a legal obligation to which the controller is subject (such as compliance with accounting or bookkeeping obligations—hereinafter referred to as “compliance with a legal obligation”)
In accordance with Article 6(1)(f) of the GDPR, the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter: Legitimate Interests)
We set forth the legal basis for data processing below, separately for each category of data and each purpose of data processing, with reference to the list above.
| Service used by the data subject | Scope of personal data processed | Purpose of data processing | Legal basis for data processing | Duration of data processing |
| Sending electronic direct marketing messages, such as newsletters and advertisements, using direct marketing methods (email, push notifications) | Email address Name | Identification of the data subject Ensuring communication | Consent | Until consent is withdrawn. |
| User account and registration | Email address Name Billing address Shipping address | Creating, defining the content of, modifying, and fulfilling the contract Billing for fees arising from the contract Enforcement of claims and rights Identification of the data subject Ensuring communication | Performance of the contract Compliance with legal obligations – issuing invoices Legitimate interest | Name – for contract performance and invoicing: for 8 years from the date the account and registration are deleted by the User (reason: billing data). Email address – For contract performance and invoicing: for 3 months from the date the User deletes the account and registration, and for legitimate interests: for an additional 6 months thereafter. Billing address – for contract performance and billing: for 8 years from the date the User deletes the account and registration (reason: billing data). Shipping address – for contract fulfillment: for 3 months from the date the User deletes the account and registration, and based on legitimate interest: for an additional 6 months thereafter. |
| User account and registration | Phone number Password Email address associated with Facebook account (if different from the user account email address) Name associated with Facebook account (if different from the user account name) Email address associated with Google account (if different from the user account email address) Name associated with Google account (if different from the user account name) | Identification of the data subject Ensuring communication | Performance of the contract | For contract performance and billing: for 3 months from the date the User deletes the account and registration. |
| Comment | Name Email address Website IP address Browser identifier string | Identification of the data subject Ensuring communication | Consent | When submitting a comment, in addition to the information provided in the comment form, the commenter’s IP address and browser identifier string are collected to filter out unwanted content. |
| General use of the online store | Identifier of the completed transaction | Establishment, definition, modification, and fulfillment of the contract Billing of fees arising from the contract Enforcement of claims and rights | Performance of the contract Legitimate interest | For contract performance and billing: for 3 months from the date the User deletes their account and registration. For legitimate interests: for an additional 6 months thereafter. |
| General use of the online store | Amount of completed transaction Subject of completed transaction (purchased product, service) Billing name and address (if different from what was provided during registration) | Establishment, determination of content, modification, and performance of the contract Invoicing of fees arising from the contract Enforcement of claims and rights | Performance of the contract Compliance with a legal obligation – issuing invoices Legitimate interest | For contract performance and invoicing: for 8 years from the date the User deletes the account and registration (reason: billing data). |
| General use of the online store | Shipping address (if different from the one provided during registration) | Establishment, determination of content, modification, and performance of the contract Enforcement of claims and rights | Performance of the contract Legitimate interest | For contract performance and billing: for 3 months from the date the User deletes the account and registration. For legitimate interests: for an additional 6 months thereafter. |
| Contacting customer service, complaints | Name Email address | User identification Communication with the user during the inquiry Performance of the contract Responding to and handling the inquiry Enforcement of claims and rights | Legitimate interest | In the case of a complaint, within the general civil law statute of limitations, i.e., for 5 years from the date of the complaint. For inquiries for other purposes: for 6 months from the date of the inquiry or for 3 months from the date the account and registration are deleted by the User. |
| Contacting Customer Service, Complaints | Subject of the inquiry or complaint | Responding to and resolving the inquiry Enforcement of claims and rights | Legitimate interest | In the case of a complaint, within the general civil law statute of limitations, i.e., for 5 years from the date the complaint was filed. For inquiries for other purposes: for 6 months from the date of the inquiry or for 3 months from the date the User deletes their account and registration. |
| System messages via email or push notification | Name Email address For push notifications: User account | Sending system messages for the purpose of fulfilling the contract | Performance of the contract | For 3 months from the termination of the contract. |
| Contest, promotional game | Name Email address | Participation in promotions and prize draws Communication, notifying the user of the results User identification | Consent | Until consent is withdrawn. |
| Warranty and guarantee claims | Name/billing name Address/billing address Email address Phone number Purchased goods, services Bank account number Transaction ID | Identification of the data subject Communication Modification and performance of the contract Enforcement of claims and rights | Performance of the contract Compliance with legal obligations – issuing invoices Legitimate interest | Within the general civil law statute of limitations, i.e., for 5 years from the fulfillment or adjudication of the claim. |
| Career database | Name Email address Other data provided by the user in the resume and cover letter | Identification of the applicant Communication Participation in the selection process If selected – Creation, determination of content, modification, and performance of the contract | Consent If selected – Performance of the contract | Until consent is withdrawn, but for no longer than 1 year from the date the resume is uploaded or submitted electronically to the system. |
The Service Provider sends system messages from time to time to Users registered at az investinbaranya.hu. A system message is any message related to the operation of the Service Provider’s website, potential service outages, maintenance, the website’s features, changes to existing and new features, new features, the range of services available on the website and how to use them, the General Terms of Use, the Privacy Policy, or any amendments thereto, Users’ rights and obligations regarding the website, and matters related to the services used, including confirmation messages, certificates, notifications, confirmations, electronic receipts, and invoices sent regarding the specific services used.
2. Automatic data collection: why it happens and what it entails
What tools do we use, and what data do we collect automatically?
When you visit the Service Provider’s website and use its services, we place small programs, known as cookies, in your browser and in HTML-based emails in accordance with this Privacy Notice.
In general, a cookie is a small file consisting of letters and numbers that we send from our server to the User’s device. A cookie allows us to recognize when the User last logged in to the website; the main purpose of the cookie is to enable us to provide the User with personalized offers and advertisements that tailor the User’s experience while using the website and reflect the User’s personal needs.
The purpose and use of cookies.
Security: promoting and enabling security, and assisting the Service Provider in detecting unlawful conduct.
Preferences, features, and services: Cookies can tell the Service Provider which language the User prefers and what the User’s communication preferences are; they also help the User fill out forms on the website, making the process easier.
Comments: When you post a comment on the website, the name, email address, and website URL you provide are stored in cookies. This is done for convenience, so you won’t have to fill in these fields the next time you post a comment. When you post a comment, the comment and its metadata remain in the system for an indefinite period. The purpose of this is to ensure that any subsequent comments are recognized and approved by us, meaning they will not be added to the list of comments awaiting moderation.
Advertising: The Service Provider may use cookies to show the User relevant advertisements both on and off the website. Cookies may also be used to track whether Users who have seen an advertisement on the website subsequently visit the advertiser’s website. Similarly, the Service Provider’s business partners may use cookies to determine whether the Service Provider displayed their ad on the website and how it performed, and may send information to the Service Provider regarding how the User interacts with the ads. The Service Provider may also collaborate with a partner that displays advertisements to the User on or off the website after the User has visited the partner’s website.
Performance, analytics, and research: These cookies help the Service Provider understand how the website performs in different locations. The Service Provider may also use cookies that evaluate, improve, and research the website, products, features, and services, including when the User accesses the website from other websites or devices, such as the User’s computer or mobile device.
With regard to the use of cookies, we consider the Data Protection Working Party established pursuant to Article 29 of Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter: the Data Protection Directive) Article 29 Working Party—an independent European advisory body dealing with issues related to data protection and the protection of privacy, whose opinions on EU law serve as a basis for interpreting the national legislation of all Member States — in its Opinion 2012/4 on the exemption from consent for cookies (hereinafter: Opinion 2012/4, http://ec.europa.eu/justice/data-protection/article-29/documentation/opinionrecommendation/files/2012/wp194_hu.pdf).
Based on the classification set forth in Opinion No. 2012/4, it is not necessary to obtain consent for the following types of cookies; instead, it is sufficient to simply inform the User of their use.
Based on the above, the types of cookies we use are:
A. Cookies necessary for the website to function (Essential cookies):
- Cookies that store user-provided data (“user-input cookies”): These are session cookies based on a session ID (a random temporary identifier) that expire at the latest at the end of the session, when the user closes the browser. They ensure user data entry, meaning they are linked to the user’s activity during interactions with the service provider (e.g., filling out a form or clicking a button).
- Multimedia player session cookies: We use these to store technical data necessary for playing back video or audio content (image quality, network connection speed, and buffering parameters). These cookies also expire when you close your browser.
- Social media sharing cookies: These allow social media users to share content they like with their friends. These cookies are deleted when the user “logs out” of the social media platform or closes the browser.
B. Cookies required for “convenience features” (Functional cookies):
Cookies used for these purposes are not considered “strictly necessary” for the provision of services explicitly requested by the user; therefore, their use requires separate consent.
- Social media tracking cookies: if members of social networks have, while logged in, enabled “tracking” in the settings of the respective social network, for example, to display behavior-based ads.
- In-house web analytics tools: Web analytics tools are statistical tools that measure website traffic and use cookies. These tools estimate the number of unique visitors, identify the most frequently used keywords on search engines that lead to the website, and track specific browsing patterns. They are used exclusively for the purpose of compiling our own aggregate statistics, to serve visitor needs more quickly and accurately.
C. Cookies required for performance measurement (Performance cookies):
Management of cookies for analytical purposes (Google Analytics): This website uses Google Analytics, an analytics service provided by Google Inc. (“Google”). Google Analytics (hereinafter: GA) uses “cookies” (see above) stored on users’ computers to analyze user interactions on the website; in other words, these cookies collect information about the use of the website, such as which pages the visitor viewed, where they clicked, how many pages they visited, how long each visit lasted, what error messages they encountered, etc. When using the GA service, the Service Provider does not collect personal data, does not store your name or address, and the collected data cannot be used to identify you. These cookies cannot—and do not intend to—specifically identify visitors (they only partially record the IP address currently in use). The information regarding website usage stored in the “cookies” is transferred to and stored on Google’s servers in the United States.
Google processes the above information on behalf of the website operator to evaluate users’ website browsing habits, compile reports on website usage, and provide other usage-related services to the operator. Nevertheless, you may choose at any time to disable the analytics cookies that track anonymous browsing activity on the website.
You can prevent cookies from being stored by adjusting the settings in your browser. Click the link below for more information on how to disable these cookies:
http://www.google.com/analytics/learn/privacy.html
Visitors who do not wish for GA to track their activity on this website can install the GA opt-out browser extension. This extension instructs GA not to send visit information to Google. If you wish to disable GA tracking, visit the Google Analytics opt-out page and install the extension for your browser. For more information on installing and removing the extension, please refer to the help section for your specific browser.
Please note that the blocking browser extension only works on the browser and computer used for the download; do not deactivate or delete the blocking extension after the download, otherwise your browser will revert to its default settings and the GA application will become active again. Data collection can also be prevented via Google Analytics. In this case, an “opt-out cookie” will be placed on your computer, which prevents the collection of future visit information.
D. “Remarketing” cookies (Advertising cookies):
The Service Provider uses Google AdWords, Criteo, and Facebook Pixel (so-called remarketing cookies) for advertising purposes to increase visitor traffic. These tools enable the display of targeted ads to visitors of the site. Google AdWords is Google’s pay-per-click advertising system, which displays personalized ads to internet users based on their search and browsing habits. The Facebook Pixel service requires the placement of cookies on users’ devices. You can control and configure this data processing activity by Facebook and Google in your Facebook and Google accounts.
These cookies do not link the data to any specific individual. Advertisers determine which ads are displayed based on your future browsing habits.
Managing and controlling cookies:
Most browsers allow users to control the use of cookies through their settings. However, if a User restricts the website’s use of cookies, this may impair the user experience, as the site will no longer be personalized for the user. The user may also disable the saving of personalized settings, such as login information.
If the User does not wish the Service Provider to use cookies when visiting the website, the User may disable the use of certain cookies in the settings menu. In order for the Service Provider to be aware that the User has disabled certain cookies, the Service Provider places a disabling cookie on the User’s device, so that the Service Provider will know not to place cookies the next time the User visits the website. If the User does not wish to receive cookies, the User may change the browser settings on their computer. If the User uses the website without changing the browser settings, the Service Provider will consider that the User consents to the sending of any cookies on the website. The website does not function properly without cookies.
For more information about cookies, including the types of cookies, how they are managed, and how to delete them, please visit www.allaboutcookies.org or www.aboutcookies.org.
Users can also manage and enable cookies via the following links: https://www.aboutads.info/choices and https://www.youronlinechoices.eu.
You can also disable cookies from other third-party providers by visiting http://www.networkadvertising.org/choices/.
Browser settings:
Internet Explorer Tools > Internet Options > Privacy > Websites
Mozilla Firefox Tools > Options > Privacy
Safari > Settings > Privacy
Google Chrome: Settings > Show advanced settings… > Privacy > Content settings… > Preferences > Advanced > Cookies
3. Who can process your data and who has access to it
The data controller
The data controller for the data specified in Section 1 is the Service Provider, whose contact information and company details are as follows:
Név: Baranya Vármegyei Fejlesztési Ügynökség Nonprofit Kft. (továbbiakban: „investinbaranya.hu” vagy „Szolgáltató”)
Cégjegyzékszám: 02-09-079600
Adószám: 24185369-2-02
Székhely: 7621 Pécs, Széchenyi tér 9.
E-mail: info@investinbaranya.hu
Weboldal: Invest In Baranya
On the part of the Service Provider, your data is accessible to the Service Provider’s employees only to the extent strictly necessary for the performance of their duties. Access rights to your personal data are governed by strict internal policies.
Data processors
We use various service providers to process and store your data, with whom we have entered into data processing agreements in accordance with the law. The following data processors handle your data:
| Name of the data processor | Address | Activity |
| Dániel E.V. Dobos ('DB Group') | dbgroup.hu | Website operation and system administration |
| Facebook, Inc. (USA) | Palo Alto, California, USA | Profiling, advertising, analytics and measurement services, display of behavior-based advertising |
| GOOGLE LLC ( | USA – Google Data Protection Office, 1600 Amphitheatre Pkwy Mountain View, California 94043) | Profiling, advertising, analytics and measurement services, display of behavioral advertising |
Information regarding the transfer of data abroad:
Google LLC and its affiliates, as well as Facebook, Inc., are listed in the European Commission’s adequacy decision pursuant to Article 45 of the GDPR and Commission Implementing Decision 2016/1260, as well as on the U.S. -EU Privacy Shield List established on this basis; thus, data transfers to these entities do not constitute transfers to a third country outside the European Union and do not require the separate consent of the data subjects, and such transfers are permitted under Article 45 of the GDPR. These companies have committed to complying with the GDPR.
4. Rights Regarding Personal Data and Their Protection
a. Right of access: You may request information regarding what data we process about you, for what purposes it is used, how long we retain it, to whom we disclose it, and the source of the data we process.
b. Right to rectification: If your information changes or has been recorded incorrectly, you may request that it be corrected, amended, or clarified.
c. Right to erasure: In the cases specified by law, you may request that we erase the data we process about you.
d. Right to restriction of processing: In cases specified by law, you may request that we restrict the processing of your data.
e. Right to data portability: You may request the portability of your data by completing the data portability request form attached to this notice. By exercising this right, you may request that we provide you with the types of data specified by law, or, based on a specific request and authorization from you, transfer such data directly to another service provider designated by you.
If you submit any of the above requests, we will proceed in accordance with the law and will notify you within one month of the actions we have taken in response to your request.
f. Right to withdraw consent: When we process your data based on your consent, you have the right to withdraw your consent at any time; however, this does not affect the lawfulness of our data processing prior to the withdrawal of consent.
g. Right to lodge a complaint: If your rights have been infringed in connection with our data processing, you have the right to lodge a complaint with the competent supervisory authority:
National Authority for Data Protection and Freedom of Information
Website: http://naih.hu
Mailing address: 1530 Budapest, P.O. Box 5.
Email: ugyfelszolgalat@naih.hu
Phone number: +36 (1) 391-1400
(Article 79 of the GDPR): If you believe that your rights under the GDPR have been infringed in connection with the processing of your personal data, you may bring legal proceedings against the Service Provider before the courts of the Member State in which the Service Provider is established. Such proceedings may also be brought before the courts of the Member State in which you have your habitual residence.
Right to protest:
- If, based on the above, we process your data on the basis of a legitimate interest, you may object to such processing based on that legitimate interest.
- You may also object to data processing for profiling purposes.
If you object, we will no longer process your personal data.
5. How do we ensure the security of your data?
We have a comprehensive and detailed information security policy in place to ensure the security of the data and information we handle; this policy is mandatory for all our employees, and all of them are familiar with it and adhere to it.
We regularly educate and train our employees on data and information security requirements.
5.1. Data Security in the IT Infrastructure
We store personal data on on-premises servers, which are accessible only to a very limited group of authorized personnel in accordance with strict access control policies. We test and monitor our IT systems on a recurring and regular basis to ensure and maintain data and IT security.
Office workstations are password-protected; the use of external storage devices is restricted and permitted only under secure conditions and following an inspection.
Regular and continuous protection against malware is provided for all of the Service Provider’s systems and system components.
We treat security features as a top priority and handle them separately during the design, development, testing, and operation of programs, applications, and devices.
We store and transmit access keys for the information system (e.g., passwords) in encrypted form, and we ensure the protection of data affecting system security (e.g., passwords, permissions, logs) when assigning access permissions.
5.2. Physical Data Security
To ensure physical data security, we ensure that our doors and windows are properly locked and secured, and we enforce strict visitor and access policies.
The rooms used to house data storage devices have been designed to provide adequate protection against unauthorized or forced entry, fire, or natural disasters. Data storage devices used for data transfer, backup, and archiving must be stored only in securely locked locations.
6. Procedure in the Event of a Data Breach
In accordance with the law, we report data breaches to the supervisory authority within 72 hours of becoming aware of them, and we maintain a record of such incidents. In cases specified by law, we also notify the affected users.
7. Changes to this Privacy Policy
If there are changes to the scope of the data processed or other circumstances related to data processing, we will amend this privacy notice within 30 days in accordance with the provisions of the GDPR and publish it on our website; we will also notify you of the changes via email and post a notice on our website.
Utolsó módosítás dátuma: 2026. June 11.