Privacy Statements

Data Protection Notice

Brumi Kindergarten (hereinafter referred to as “Company / Controller”) issues this Data Protection Notice in order to set out the provisions on the processing of personal data collected in connection with the services it provides. By issuing this Notice, the Company aims to ensure the lawful recording and administration of data processing activities and an adequate level of data security.
The Company is committed to protecting the personal data of its users and customers and to respecting the right to informational self-determination of its customers. The Controller keeps personal data confidential and takes all security, technical and organisational measures to ensure the highest possible level of security of the personal data processed. The Controller takes appropriate measures to protect personal data against unauthorised access, alteration, transfer, disclosure, erasure or destruction and against accidental destruction or accidental damage.
In drafting these rules, the Controller has taken particular account of the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter, the “Information Act”) and Regulation (EU) 2016/697 of the European Parliament and of the Council (“GDPR Regulation”; hereinafter, the “General Data Protection Regulation”).
This Privacy Notice applies to all the Company’s processing activities concerning natural persons, and in particular, to the processing activities carried out on its website ( The Notice takes effect on the date published on the Company’s website. Date of publication:25 May 2021. The Company reserves the right to unilaterally amend the Data Protection Notice without prior notice to users.
The Controller processes only the data provided by the users or specified by law for the purposes set out below. In the case of processing based on voluntary consent, the user may withdraw this consent at any time during the processing. The scope of the personal data processed must be proportionate to the purpose of the processing and not excessive.
The Controller does not verify the personal data provided to it. The user is responsible for the data provided by the user, their accuracy and veracity. The Controller shall not be liable for any damage resulting from data provided incorrectly, whether by accident or intentionally, even if the Controller could have recognised the incorrect nature of the data.
Personal data may only be processed by the Controller’s authorised staff based on the provisions of this Notice. The Controller does not transfer the personal data it processes to third parties other than the Processors specified in this Notice. The Processors are only entitled to act in accordance with the contract concluded with and the instructions received from the Controller. The Processors may use another processor only with the Controller’s consent.


Name of Controller
Name of Company: Brumi Kindergarten
Seat / Postal address: 1165 Budapest, Emma utca 18.
Tax number: 18164495-1-42
E-mail address:
Telephone number: +361,407 1367

Data protection officer

Name: Bulcsú Tóth
E-mail address:
Telephone number: +361 407 1367

Legal basis of processing

The legal basis for processing the personal data provided in the contact form is the data subject’s voluntary consent.
Duration of processing
The data will be processed until the data subject’s consent is withdrawn or until a request for erasure is submitted, or until the Controller ceases to operate.
Web hosting provider / IT provider
Name of Processor: Web-Server Kft.
Registered address: 4025 Debrecen, Pásti u. 2. 1/5.
Company register number: 09-09-011599
Tax number: 13498454-2-09
E-mail address:
Telephone number: +36 52 541 346
Data protection policy:


In order to provide a personalised service, the Controller or the website operator places, subject to the user’s / data subject’s consent, a small data package, a so-called cookie, on the user’s computer and reads it back during a subsequent visit. When the browser sends back a previously saved cookie, the service provider managing such a cookie has the opportunity to link the user’s current visit to the former ones, but only in respect of its own content. Taking into account that the data recorded by the cookies cannot be linked to personal data, the Controller does not process personal data by using cookies. The data are processed exclusively for statistical purposes.
The website operator is only able to place and analyse cookies if the visitor (data subject) gives his/her consent in the message that pops up when the website is loaded, thus allowing the analysis. The legal basis of the processing is the voluntary consent of the data subject. Because of the additional module (plug-in) integrated into the website, the IP address of the data subject is not recorded even if cookies are accepted, and the visit is anonymised in all cases.
The following types of cookies can be distinguished as detailed below:
The purpose of session / temporary cookies is to allow visitors to browse the Controller’s website and use its functions and services fully and smoothly. This type of cookies expires when the session (browsing) ends, and when the browser is closed, these cookies are automatically deleted from the computer or other device used for browsing.
Stored/persistent cookies are cookies that are used each time a user visits the site. Persistent cookies necessary for analysis purposes show where the user has browsed on the website and what pages and products he has visited, and what he has done. Cookies remain on the client machine depending on their duration. They can be used by functions like Google Analytics. These cookies do not contain any personal data and are not suitable for identifying the visitor.
Users can delete the cookies from their computer or disable the use of cookies in the browser. By disabling the use of cookies, the user acknowledges that the site’s functionality is not full without the cookies. If the user consents to place cookies and does not subsequently delete them, they will be automatically deleted after 180 days.
Google Adwords, Google Analytics, Facebook
The Controller is using the cookies of Google Analytics, being a third party, too. By using Google Analytics for statistical purposes, the Controller collects information about how visitors use the website. Google will use the information stored by the cookies to evaluate how the user uses the website and to provide the website operator with reports on the website’s activity. The data are used for developing the website and improving the user experience. These types of cookies are also stored on the visitor’s computer or other device used for browsing until they expire or until the visitor deletes them. The duration of cookies created by Google Analytics is 24 months.
The Controller runs so-called remarketing ads through the Facebook and Google AdWords advertising systems. These service providers may use cookies, web beacons and similar technologies to collect or receive data from the Controller’s website and other Internet sites. This data is used to provide measurement services and to target advertising. These targeted ads may appear on other websites in Facebook’s and Google’s partner network. Remarketing lists do not contain any personal data of the visitors and are not suitable for personal identification.
The Controller uses cookies to display personalised advertising to potential users via Google and Facebook.
For more information on the Google and Facebook privacy policies, please visit and

Data subjects’ rights relating to the processing

Right to access
The data subject may request to be informed whether his or her personal data are being processed and, if so, which personal data are being processed by the Controller, on what legal basis, for what purpose, from what source and for how long. Upon request, the Controller shall provide information without undue delay and within a maximum of 30 (thirty) days.
Right to rectification
The data subject may request the Controller to rectify, modify or supplement incomplete data. The Controller shall act on such a request without undue delay and within a maximum of 30 (thirty) days.

Right to erasure

The data subject may request the erasure of the data relating to him or her. If the data subject withdraws his or her consent regarding the data processed based on consent as the legal basis, the personal data processed will be erased. The Controller shall delete the data without undue delay and within a maximum of 30 (thirty) days.
Right to restriction of processing
The data subject may request the Controller to restrict processing in one of the following cases:
The data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period of time which allows the controller to verify the accuracy of the personal data;
The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
The Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
The data subject has objected to processing. In this case, the restriction applies to the period pending the verification of whether the Controller’s legitimate grounds override those of the data subject.

Right to data portability

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
Right to object
The data subject has the right to object to processing. The Controller will examine the objection within the shortest possible time from the date of the request, and not later than within 15 days, and decide on its merits. The decision will be notified to the person who made the request by e-mail or by post to the address requested by the data subject.
The detailed rights and remedies of data subjects are set out in the provisions of the Information Act.
Data subjects may send requests concerning their rights as set out in the previous paragraph or complaints concerning the processing to the Company’s e-mail address
Data subjects may take legal action against the Controller or its activities in the event of a breach of their rights.
Data subjects lodge a complaint with the National Authority for Data Protection and Freedom of Information against the Controller or the processing of personal data:
Registered address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Pf.: 5.
Telephone: 06 (1) 391-1400
Fax: 06 (1) 391-1410