Privacy Notice
The purpose of this Privacy Notice is to ensure that data subjects receive appropriate information regarding data processing carried out by Kis-Bank Sped Kft. (hereinafter referred to as the “Data Controller”) in accordance with data protection regulations and are able to exercise their legal rights.
Data Controller:
The current details of the Data Controller are as follows:
- Name: Kis-Bank Sped Kft.
- 170 Szigetvári Street, 7400 Kaposvár, Hungary
- Company registration number: 14 09 321645
- Tax number: 32824681-2-14
- Represented by: András Kis-Bank
- E-mail: kisbankandris@gmail.com
Your data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR), and Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information.
Scope of processed personal data, purpose, duration and legal basis of processing
Purpose of data processing: Contact
Visitors can contact the Data Controller via the website by sending an email to the address provided in the “Contact” section or by filling out the contact form.
Data subject: the sender of the message
Processed data: name, email address, phone number, message and its subject
Legal basis for processing: consent of the data subject
Purpose of processing: contacting the Data Controller
Processing platform: electronic
Persons with access to the data: the Data Controller and those internal employees of the Data Controller whose job responsibilities require access to the data.
Data transfer: The Data Controller does not transfer personal data to third parties, except where required by law (e.g., courts, investigative authorities, prosecutors, etc.).
Data retention period: until consent is withdrawn, or if necessary for the enforcement of claims, up to 5 years (limitation period according to the Civil Code); otherwise 30 days after the message is received.
Possible consequence of failing to provide data: unsuccessful communication
Purpose of data processing: Data processed during website visits
| Processed data | Purpose of processing | Legal basis | Retention period |
| IP address, date and time of visit, operating system and browser type used by the visitor | Ensuring the proper and high-quality operation of the website, monitoring and improving service quality, identifying visitors attacking the website | legitimate interest (GDPR Article 6(1)(f)) | A part of the user's IP address is stored for 7 days and then automatically deleted. |
Purpose of data processing: Cookies used on the website
When visiting the website at [website address], a small file called a “cookie” is placed on the visitor’s computer, which may serve several purposes.
Some cookies are essential for the proper functioning of the site (“session cookies”), while others collect information about website usage (cookies necessary for statistics) to make the site more convenient and useful. Some cookies are temporary and disappear when the browser is closed, while others remain on the computer for a longer period.
The legal basis for processing cookies necessary for website operation is the legitimate interest of the Data Controller, for which a balancing test has been conducted.
“Session cookies”
Session cookies are required for browsing the website and using certain basic functions. They allow the system to remember actions performed by the visitor on a given page, function or service. Without session cookies, the smooth use of the website cannot be guaranteed. Their validity lasts for the duration of the visit and they are automatically deleted when the session ends or the browser is closed.
The proper operation of the website session complies with applicable legal requirements.
The session cookies used by the website are as follows:
| Cookie name | Purpose | Legal basis | Storage time |
| buildr_live_session | Cookie used by the site to retrieve the status of sessions between requests. | legitimate interest – GDPR Article 6(1)(f) (based on balancing test) | end of session |
| XSRF-TOKEN | Cookie used by the site to retrieve the status of sessions between requests. | end of session | |
| cookies-state | Stores cookie consent information. | end of session | |
| VISITOR_INFO1_LIVE | Cookie used by YouTube LLC (901 Cherry Avenue, San Bruno, California, USA) to measure available bandwidth and determine whether the user receives the new or old player interface. | 5 months | |
| YSC | Cookie used by YouTube LLC to store whether YouTube content is displayed as an embedded video. | end of session |
“Statistics cookies”
We aim to provide content that visitors prefer; therefore statistics are prepared regarding visitor behavior.
The website uses the following cookies for statistical purposes:
| Cookie name | Purpose | Legal basis | Storage time |
| _ga | Registers a unique ID used to generate statistical data on how visitors use the website. | consent of the data subject – GDPR Article 6(1)(a) | 399 days |
| _gat | Used by Google Analytics to throttle request rate. | 1 day | |
| _gid | Stores a unique value for each visited page. | 1 day | |
| collect | Identifies the device used during the website visit. | end of session |
“Marketing cookies”
The purpose of marketing cookies is to display advertisements that may be of interest to visitors and to measure the effectiveness of campaigns.
| Cookie name | Purpose | Legal basis | Storage time |
| DEVICE_INFO | Tracks user interaction with embedded content. | consent of the data subject – GDPR Article 6(1)(a) | 6 months |
When visiting the website, a separate Cookie Policy is available via the link in the pop-up window.
Purpose of data processing: Redirecting to social media platforms
If the visitor is simultaneously logged into their account on the selected social network, their visit may be associated with their user account.
Links to the Facebook and Instagram social networks are indicated by icons operated by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin). The icons appear in the top right corner of the page:
- a small “f” in a square;
- a camera icon.
More information about Facebook and Instagram data processing:
https://www.facebook.com/privacy/explanation
https://privacycenter.instagram.com/policy
The link to the Twitter social network is indicated by the bird icon operated by Twitter, Inc. (1355 Market Street, San Francisco, California, USA).
More information:
https://twitter.com/en/privacy
The link to the LinkedIn social network is indicated by the “in” icon operated by Microsoft Corporation (605 W Maude Ave, Sunnyvale, CA, USA).
More information:
https://www.linkedin.com/legal/privacy-policy
Rights of the data subjects
Data subjects may request information in writing from the Data Controller at any time about the processing of their personal data, request deletion or modification of their data, or withdraw their previously given consent using the provided contact details.
Right to information: Upon request, the Data Controller provides information listed in Articles 13–14 and Articles 15–22 and 34 of the GDPR in a concise and transparent form.
Right of access: The data subject may request confirmation as to whether personal data concerning them are being processed and, if so, access to information including the purpose of processing, categories of personal data, recipients, storage period, and related rights.
The Data Controller provides a copy of the requested data within 30 days from receipt of the request. This deadline may be extended by up to two additional months if necessary.
Right to rectification: The data subject may request correction of inaccurate personal data.
Right to erasure: Upon request, the Data Controller deletes personal data within the shortest possible time, but no later than 5 working days, if the legal conditions for deletion are met.
Right to restriction of processing: The data subject may request restriction of processing under the conditions specified in the GDPR.
Right to withdraw consent: The data subject may withdraw their consent in writing at any time.
Right to data portability: The data subject may request the transfer of their personal data to another data controller in a commonly used, machine-readable format.
The Data Controller applies appropriate technical and organizational measures to ensure the security of electronically processed data.
Complaints regarding data processing may be submitted to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):
Address: Falk Miksa utca 9-11, 1055 Budapest, Hungary
Phone: +36-1-391-1400
E-mail: ugyfelszolgalat@naih.hu
Website: www.naih.hu
In case of violation of their rights, the data subject may also initiate court proceedings against the Data Controller before the competent court.
13.03.2026