Privacy Policy

Name of the hosting provider: nGroup kft.
Address of the hosting provider: 1134 Budapest, Lehel utca 9. (Doorbell 27)
The hosting provider’s company registration number: 01 09 883271
The hosting provider’s email address: info@netpeople.hu

In drafting the provisions of this Privacy Policy, Barabás Mérnökiorda Kft. took particular account of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”), and the provisions of Act CXII of 2011 on the Right to Self-Determination in Information and Freedom of Information (“Infotv.”). Barabás Mérnökiorda Kft.respects the privacy rights of visitors to its website. Barabás Mérnökiorda Kft.records only personal data that you voluntarily provide. We do not disclose the data to third parties; we store and use it exclusively for the purpose of establishing contact initiated by you.

2. Definitions:

Personal data: any information relating to an identified or identifiable natural person (“data subject”); “identifiable” means a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Data processing: any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Data controller: the natural or legal person, public authority, agency, or any other body that, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or Member State law, Union or Member State law may also determine the controller or the specific criteria for designating the controller.

Data processor: a natural or legal person, public authority, agency, or any other body that processes personal data on behalf of the data controller.

Privacy Notice: the Data Controller’s current privacy notice.

Data transfer: making data available to a specific third party.

Disclosure: making data accessible to anyone.

Data erasure: rendering data unrecognizable in such a way that it cannot be restored.

Data destruction: the complete physical destruction of the data storage medium containing the data.

Third country: any state that is not an EEA state.

Data subject: any natural person who is identified or can be identified, directly or indirectly, on the basis of specific personal data.

Website: the website under the domain names www.bmikft.hu, www.barabasengineering.eu, and www.barabashydraulics.eu.

Users: users of the Website.

3. Amendments to the Privacy Policy

The Data Controller reserves the right to amend or revoke this Notice at any time by its unilateral decision, provided that the Data Subjects are notified simultaneously. Such notification shall be effected by publication on the website or, depending on the nature of the change, by direct notification to the Data Subjects. If the affected user continues to use the Data Controller’s services after receiving this notice, this shall be deemed acceptance of the amended provisions of this Notice.

4. Scope, purpose, legal basis, retention period, and authorized parties for processed user Personal Data

4.1. When the User visits the Website, the Data Controller’s system automatically records the User’s IP address. To provide a personalized service, the Data Controller places a small data file (a so-called “cookie”) on the User’s computer. The purpose of the cookie is to ensure the highest possible quality of operation for the given page, to provide personalized services, and to enhance the user experience. The User can delete the cookie from their own computer or configure their browser to block the use of cookies. By disabling cookies, the User acknowledges that the website will not function to its full extent without them.

Purpose of data processing: the data recorded in the log file is used for statistical purposes and cannot be linked to other personal data of users.

Legal basis for data processing: the Data Controller’s legitimate interest in operating the Website (GDPR Article 6(1)(f))

Duration of data processing: for the period necessary for the proper functioning of the Website.

Persons authorized to access personal data:

Data processor

Name: nGroup kft.
Address: 1134 Budapest, Lehel utca 9. (Doorbell 27)
Company registration number: 01 09 883271
E-mail: info@netpeople.hu

4.2.Data provided on the Website

Scope of data processed: Name, Email, Tel (phone number), Firm name

Purpose of data processing: registration of customers and clients, distinguishing them from one another, fulfilling orders, maintaining customer relations, providing information on current updates and offers.

Legal basis for data processing: the data subject’s voluntary consent based on specific and adequate information (GDPR Article 6(1)(a)), or the performance of a contract, or the pursuit of the Data Controller’s legitimate interests (GDPR Article 6(1)(b) and (f)).

Duration of data processing: until the 30th day following the withdrawal of consent; in the absence thereof, for 5 years following the termination of the cooperation.

Persons authorized to access personal data:

Data processor

Name: nGroup kft.
Address: 1134 Budapest, Lehel utca 9. (Doorbell 27)
Company registration number: 01 09 883271
E-mail: info@netpeople.hu

5. Method of data processing, data transfer

The Data Controller processes Personal Data in accordance with the principles of good faith, fairness, and transparency, as well as applicable laws and the provisions of this Notice.
The Data Controller uses Personal Data that is strictly necessary for the use of the Services based on the consent of the relevant User and exclusively for the specified purpose.
The disclosure of Personal Data to third parties or authorities—unless otherwise provided by law—is possible only on the basis of an official decision or with the User’s prior, express consent.
The Data Controller processes Personal Data only for the purposes specified in this Notice and in the applicable laws. The scope of the Personal Data processed is proportionate to the purpose of the Data Processing and may not exceed it.
In any case where the Data Controller intends to use Personal Data for a purpose other than the original purpose of data collection, it shall inform the User thereof and obtain the User’s prior, explicit consent, or provide the User with the opportunity to prohibit such use.
The Data Controller does not verify the Personal Data provided. The person providing the Personal Data is solely responsible for its accuracy.

Processing of data received from third parties:

By providing their email address and the Personal Data provided during registration, any User also assumes responsibility for ensuring that (1) the provided data and consents originate from them and are accurate, and (2) only they will use the service through the use of the provided data.
In light of this assumption of responsibility, all liability arising from logins made using a specific email address and/or data rests solely with the User who registered the email address and provided the data. If the User provided a third party’s data during registration to use the service, the User bears responsibility for this, and the Data Controller is entitled to seek compensation from the User. In such cases, the Data Controller will provide all possible assistance to the relevant authorities to determine the identity of the person responsible for the violation.
The Personal Data of a Data Subject under the age of 16 may only be processed with the consent of an adult exercising parental authority over them. The Data Controller is not in a position to verify the authority of the consenting person or the content of their statement; therefore, the User or the person exercising parental authority over them guarantees that the consent complies with the law. In the absence of a consent statement, the Data Controller does not process or collect Personal Data relating to data subjects under the age of 16—with the exception of the IP address used when accessing the Website, which is automatically recorded due to the nature of internet services.

6. Analytics Services:

The Data Controller uses the Google Analytics service to track website statistics, user demographic data, interests, and behavior on websites. The Organization also uses Google Search Console to optimize the website for search engines and measure user satisfaction. Google provides the option to restrict the use of its analytics services. Visit Google’s page to opt out of data collection by Google Analytics. https://tools.google.com/dlpage/gaoptout

Data transfer to a third country or an international organization:

The Data Controller does not transfer the Data Subject’s personal data or recordings to a third country outside the European Economic Area or to an international organization.

In certain cases—such as official court or police requests, legal proceedings, copyright, property, or other legal violations, or reasonable suspicion thereof; harm to the Data Controller’s interests; or a threat to the Website’s operation, etc.—the Data Controller may make the User’s accessible Personal Data available to third parties. The Data Controller shall not be held liable for such data transfers or the resulting consequences. The third party’s data processing provisions shall govern the processing of the transferred data.
The Data Controller maintains a data transfer log for the purpose of verifying the lawfulness of data transfers and ensuring that the User is informed.

7. Information on Data Security Measures

The Data Controller processes Personal Data in a closed system.

The Data Controller ensures default and built-in data protection. To this end, the Data Controller implements appropriate technical and organizational measures to:

strictly regulate access to the data;
grant access only to persons who need the data to perform their tasks, and even then, only to the data that is minimally necessary for the performance of the task;
carefully select the data processors it engages and ensure data security through an appropriate data processing agreement;
ensure the integrity, authenticity, and protection of the data being processed.

The Data Controller shall implement reasonable physical, technical, and organizational security measures to protect Personal Data, particularly against accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure, use, access, or processing. The Data Controller shall immediately notify the Data Subject in the event of any known unauthorized access to or use of Personal Data that poses a high risk to the Data Subject.

If the transfer of Data Subject data is necessary, the Data Controller shall ensure the adequate protection of the transferred data, for example by encrypting the data file. The Data Controller bears full responsibility for the processing of Data Subject data carried out by third parties.

The Data Controller shall also ensure, through appropriate and regular backups, that the Data Subject’s data is protected against destruction or loss.

8. Rights of Data Subjects

The User may request information regarding the processing of Personal Data at any time in writing, by registered mail or certified mail with return receipt requested sent to the Data Controller’s address, or by email sent to the Data Controller’s email address.

The request for information may cover the User’s data processed by the Data Controller, their source, the purpose, legal basis, and duration of the Data Processing, the names and addresses of any Data Processors , activities related to Data Processing, and, in the event of the transfer of Personal Data, who received or will receive the User’s data and for what purpose.

The User may request the correction or modification of their Personal Data processed by the Data Controller. Taking into account the purpose of the Data Processing, the User may request the completion of incomplete Personal Data.

The User may request the deletion of their Personal Data processed by the Data Controller.

Deletion may be refused (1) for the purpose of exercising the right to freedom of expression and the right to information, or (2) if the processing of Personal Data is authorized by law; and (3) for the purpose of asserting, enforcing, or defending legal claims.

The Data Controller shall in all cases inform the User of the refusal of the request for erasure, specifying the reason for the refusal. Once a request for the erasure of Personal Data has been fulfilled, the previously (erased) data cannot be restored.

The User may request that the Data Controller restrict the processing of their Personal Data if the User disputes the accuracy of the processed Personal Data. In this case, the restriction applies for a period that allows the Data Controller to verify the accuracy of the Personal Data. The Data Controller shall mark the Personal Data it processes if the User disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed Personal Data cannot be clearly established.

The User may request that the Data Controller restrict the processing of their Personal Data even if the processing is unlawful, but the User objects to the erasure of the processed Personal Data and instead requests the restriction of its use.

The User may also request that the Data Controller restrict the processing of their Personal Data if the purpose of the Data Processing has been fulfilled, but the User requires the Data Controller to continue processing such data for the purpose of asserting, exercising, or defending legal claims.

The User may request that the Data Controller provide the User with the Personal Data made available by the User and processed by the User in an automated manner in a structured, commonly used, machine-readable format and/or transfer such data to another data controller.

The User may object to the processing of their Personal Data (1) if the processing of Personal Data is necessary solely for compliance with a legal obligation to which the Data Controller is subject or for the purposes of the legitimate interests pursued by the Data Controller or a third party; (2) if the purpose of the Data Processing is direct marketing, public opinion polling, or scientific research; or (3) if the Data Processing is carried out for the performance of a task carried out in the public interest. The Data Controller shall examine the lawfulness of the User’s objection, and if the objection is found to be well-founded, the Data Processing shall be terminated and the processed Personal Data shall be blocked, and shall notify all parties to whom the Personal Data affected by the objection were previously disclosed of the objection and the measures taken in response.

The Data Controller shall, within one month of the submission of the request—or, in exceptional cases, within a longer period permitted by law—process or reject (with justification) the request. The Data Controller shall inform the Data Subject in writing of the outcome of the investigation.

9. Cost of the notification

The Data Controller shall provide the measures and necessary information free of charge on the first occasion.

If the Data Subject requests the same data a second time within one month, and such data has not changed during that period, the Data Controller will charge an administrative fee.

The basis for calculating the administrative fee is the hourly rate derived from the current minimum wage.
The number of working hours spent on providing the information is calculated based on the aforementioned hourly rate.
Furthermore, in the case of a request for information in paper form, the printing cost of the response at cost price and the postage cost.

10. Refusal to Provide Information

If the Data Subject’s request is clearly unfounded, they are not entitled to the information. If the Data Controller can prove that the Data Subject already possesses the requested information, the Data Controller shall reject the request for information.

If the Data Subject’s request is excessive due to its particularly repetitive nature, the Data Controller may refuse to act on the request if

the Data Subject submits a request to exercise their rights under Articles 15–22 of the GDPR regarding the same matter for the third time within one month.

11. Legal Remedies

For any questions, comments, or complaints regarding data processing, please contact the Data Controller’s staff using the contact information provided in the header.

The User may submit a complaint regarding data processing directly to the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; email: ugyfelszolgalat@naih.hu ; website:www.naih.hu).

In the event of a violation of the User’s rights, the User may bring a lawsuit. The lawsuit may be filed—at the Data Subject’s discretion—before the court with jurisdiction over the Data Subject’s place of residence or current location. Upon request, the Data Controller will inform the User of the available legal remedies and means of redress.

Budapest, April 29, 2026