Privacy Policy

We process the data of the visitors and users (“User”) of website (“Website”) as detailed hereunder.

The Data Controller: White Paper Consulting Kft.
Headquarter at: 1112 Budapest, Sasadi út 167.
Reg. No.: 01-09-901585

  1. Acknowledgement

Taken into consideration

Act DCLXXIX of 2016 of the European Parliament and Council (General Data Protection Regulation or GDPR);

Act CXII of 2011, on the right of informational self-determination and on the freedom of information;

Act IV of 1959 on the Civil Code of the Republic of Hungary and Act IV of 2010 on the freedom of the press and the fundamental rules on media content;

Act CLXXXV of 2010 on media services and mass media and Act CXIX of 1995 on the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing;

Act VI of 1998 on the protection of individuals with regards to the automatic processing of personal data done at Strasbourg, the 28th day of January 1981;

And the provisions of the “ONLINE PRIVACY ALLIANCE”.

  1. Objectives

The aim of the present Policy is to ensure that the rights and fundamental liberties, especially the right to privacy of each individual shall be respected during the computer processing of their personal data, concerning every field of the services provided by the Data Controller, at every location, without regard to the individual’s nationality or residence.

We process data of Users in accordance with the effective legal regulations and the principles of data procession, including purpose limitation, accuracy, data minimiSation, storage limitation, integrity and confidentiality.

We process the User’s personal data on the basis of legal grounds and in each case linked to the specific scope (the so-called principle of “purpose limitation”), and during the processing we store and process personal data that is only absolutely necessary and as minimal data as possible (the so-called principle of “data minimisation”). During the data processing care shall be taken that the stored data are exact and up to date, namely that they reflect the reality (the so-called principle of “data accuracy”). The data processing for the specified purpose may be carried out only for as minimal amount of time as strictly necessary (the so-called principle of “storage limitation”), and the personal data shall be immediately deleted, if the legal basis of the data processing ceased (e.g. the data subject has withdrawn his/her consent), or the time limit set out by the legislation elapsed.

We value your privacy, please read carefully this Privacy Notice below, if you have any further questions, please contact Ms Andrea Pánczel, at

  1. Definition of terms

3.1 By virtue of  GDPR the concept of personal data is defined widely: it comprises not only the direct information related to a certain person, but also indirect information (e.g. Identification numbers, IP-addresses and all kind of data which makes a data subject identifiable).

3.2 Thus the definition of personal data includes any information about the User by which he/she can be identified. This can include information such as:

  • the user’s name, date of birth, email address, postal address, phone number, mobile number;
  • debit card details;
  • information about the user’s device (such as the IP address);
  • information relating to the user’s personal circumstances and how he/she uses our site, apps and services.

3.3 The Data Controller is operator of the Website.

3.4 The Data Processor is the entity who processes persona data in the name and in line with the instruction of the Data Controller.

  1. How we use personal data, types of data processed

We collect and process the following type personal of data (if registering for the Newsletter)

  • the user’s name;
  • the user’s email address;
  • the user’s IP address – a numerical code to identify your device and which can provide information about the country, region or city where he/she is based;
  • the user’s browsing history of the content he/she has visited on our site- that may be cancelled by the User in their own computer, appliance, mobile device (for Google analytics),
  • details of the user’s devices, for example, the unique device ID, unique advertising ID and browsers used to access our content (for Google analytics).
  1. Aim of processing data and the legal basis

The aim of the Data Controller’s processing of data:

  • providing online content
  • identification of the User, contact with the User
  • identification of User privileges (Services available to the User)
  • provision of Services available through the Website
  • management and handling of unique User requests
  • compilation of statistics and analyses
  • contact for the purpose of the promotion of the activities and events of the Data Controller via newsletters
  • providing storage for content generated by the User (for example comments posted in forums)
  • keeping records and sending reports on the Data Controller’s Employees as mandated by the law
  • protection of the User’s rights legal enforcement of the Data Controller’s legitimate interests
  • facilitation of the signing and settlement of contracts related to the Data Controller’s business activities
  1. Principles and methods of Data Procession

6.1 The Data Controller may only manage Personal Data in line with the principles of good faith, fairness and transparency, complying with current legislation and the provisions of this Policy.

6.2 The Data Controller shall use Personal Data only for purposes stated in present Policy and relevant legislation. The Personal Data shall be proportionate to the purpose of their storage and shall not be expanded beyond it.

6.3 In every case where the Data Controller intends to use Personal Data for purposes outside of the original data recording’s purposes, the Data Controller must inform the User.

6.4 The Data Controller shall not inspect the Personal Data provided. The person providing the data shall be exclusively responsible for the compliance of the data provided.

6.5 The Personal Data of a natural entity under the age of 14 shall only be managed with the consent of the legal adult exercising parental control.

6.6 The Data Controller shall not forward the Personal Data managed to third parties, except for the Data Processors defined in present Policy and, in certain cases defined in present Policy, the External Service Providers.

6.7 The System of the Data Controller may collect data about the activity of the Users which shall not be connected with other data provided by the Users upon registration or with data generated upon using other webpages or services.

6.8 The concerned User and everyone to whom the data has been forwarded earlier for the purpose of Data Management, has to be notified about the correction, blocking or deletion of the managed Personal Data.

6.9 The Data Controller undertakes to ensure the security of Personal Data, furthermore, shall take all technical and organisational measures and establish the rules of procedure which ensure for the collected, stored and managed Personal Data to be protected, i.e. prevents their termination, unauthorised use and unauthorised alteration.

  1. Duration of data processing, withdrawal of consent

The User’s personal data are processed during the following period:

7.1  The cookies are processed for the time detailed in the cookie policy

7.2 In case the User has consented to the procession of any data, then he/she is entitled to withdraw the consent without any reasoning anytime, however, this shall not concern the legality of the data procession prior to the withdrawal of the consent.

We draw your kind attention to that in case of withdrawal of the consent, the data procession based on consent (in the cases where consent was defined as the legal basis for the procession of data) shall be ceased by the Data Controller, thus it may lead to possible disadvantage arising out of the termination of data procession (e.g the User’s account will not be available anymore etc.)  Please be advised that withdrawal of the consent certainly shall not have any negative consequence on the User.

In regard of the withdrawal of consent please contact us at

  1. Rights of data subjects (Users)

8.1 The User has the right to access to his/her personal data: the User may obtain the information as to whether personal data concerning them are being processed, and where that is the case access to those data.

At your request the Data Controller shall place at your disposal, once every year free of charge, a copy of your personal data which are subject to the processing. For any further copies requested by you the year concerned, the Data Controller may charge a reasonable fee based on administrative costs.

Where you made the request by electronic means, and unless otherwise requested by you, the information shall be provided by the Data Controller in a commonly used electronic form.

The right to request copies shall not adversely affect the rights and freedoms of others, thus where the copies of the document you requested has other persons personal data, the Data Controller shall anonymise them or make them unrecognisable in any other way.

8.2 The User is entitled to rectification: shall have the right to obtain from the Data Controller the rectification of inaccurate personal data concerning you without undue delay. Considering the purpose of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

8.3 The User has the right to erasure (the right to be forgotten): User you may obtain from the Data Controller the erasure of the User’s personal data without undue delay where of the following grounds applies:

  • The User withdrew his/her consent as referred herein above, and there is no other legal ground for the processing; or
  • the period of consented data procession expires,
  • the personal data have to be erased for compliance with a legal obligation, or
  • the personal data are no longer necessary in relation to the purposes for which they were collected;
  • the personal data have been unlawfully processed;

We draw your attention to that in some cases the Data Controller may need to store the User’s personal data for the purpose of exercising legal claims or in cases defined by the GDPR or by the laws. In case any obstacle of the erasure of the User’s personal data occurs, we will inform you thereof previously.

8.4 The User is entitled to the restriction of the processing of his/her personal data where one of the following condition applies:

  1. the accuracy of the personal data is contested by you, for a period enabling the Data Controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the you oppose the erasure of the personal data and request the restriction of their use instead;
  3. the Data Controller no longer needs the personal data for the purposes of the processing, but they are required byte User for the establishment, exercise or defence of legal claims;
  4. the User had objected to processing pursuant to Article 21(1) of GDPR pending the verification whether the legitimate grounds of the Data Controller override those of yours.

Where processing has been restricted as stated above, such personal data shall, with the exception of storage, only be processed with (i) your consent or (ii) for the establishment, exercise or defence of legal claims or (iii) for the protection of the rights of another natural or legal person or (iv) for reasons of important public interest of the Union or of a Member State.

In case the processing was restricted at your request, the Data Controller shall notify you (8 days) before the restriction of processing is lifted.

8.5 The User has the right entitled to object to the data procession, in particular to profiling.

The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

8.6  The User has the right to data portability, in regard of the data processed in automated way.

You have the right to receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data Controller, where:

  1. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and
  2. the processing is carried out by automated means.

In exercising your right to data portability as set above, you are entitled right to have the personal data transmitted directly from one controller to another, where technically feasible. Exercising your right to data portability should be without prejudice to Article 17 of GDPR, namely the right to erasure, and shall not adversely affect the rights and freedoms of others.

8.7 If you wish to exercise your rights set above or you request further information about the processing of your personal data, please contact the Person Responsible for Data Protection:

Name: Ms Andrea Pánczel

Whether you address a request according to the above or other to the Person Responsible for Data Protection, the Data Controller shall inform you without undue delay and at the latest within one month of receipt of the request on action taken on your request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Data Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

Where you make the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by you.

If the Data Controller does not act upon your request, the Data Controller shall inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

  1. Data security measures

We make measures for keeping data safe, including the following:

  1. Each person who has possibly access to the data of Users is bound by confidentiality in relation to all the data, facts and information they had obtained during their task
  2. The Data Controller is logging the access, and every person can only access to the system only with an individual username and individual password. The password must be changed periodically.
  3. The Data Controller is using a firewall, antivirus program and other filters on the server for the protection of the data stored on the servers.
  1. Options for legal enforcement

10.1 The person responsible for data protection issues is:

Name: Andrea Pánczel

10.2 We kindly advise you that you are entitled to lodge a complaint with the competent supervisory authority and initiate lawsuit at the competent court in relation to processing of your personal data:

10.2.1 Supervisory Authority: Nemzeti Adatvédelmi és Információszabadság Hatósága (National Authority for Data Protection and Freedom of Information)

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Telephone number: +36/1-391-1400
Fax: +36/1-391-1410

10.2.2 The Competent Court: Fővárosi Törvényszék (Capital Tribunal)

Address: HU-1055 Budapest, Markó u. 27.
Postal address: 1363 Budapest, Pf. 16.
Central phone: +36-1/354-6000

Please be advised that you are entitled to take the case to the court which is competent on the basis of your residence, you are entitled to initiate legal action in this court instead of Fővárosi Törvényszék.