Privacy policy

1. Name of the Controller

BalaBit IT Biztonságtechnikai Kft. (hereinafter BalaBit Kft. or Service Provider).

2. Address of the Controller

1117 Budapest, Alíz utca 2

3. Contact information

4. Regulations pertaining to Privacy

In its data management practice, Service Provider takes into account the related regulations in force. The data management principles published in the present statement comply with the following regulations.

  • 1992. Act LXVI of 1992 on the Name and Address Records of Citizens;

  • 1995. Act CXIX of 1995 on the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing;

  • 2001. Act CVIII of 2001 on Certain Aspects of Electronic Commerce and Information Society Services;

  • 2008. Act XLVIII of 2008 on the Essential Conditions and Certain Limitations of Business Advertising Activity;

  • 2011. Act CXII of 2011 on Informational Self-determination and Freedom of Information.

5. Definitions

5.1 personal data

Personal data shall mean any information relating to an identified or, directly or indirectly, identifiable natural person (hereinafter data subject), in particular the name, identification number of the data subject, or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity, and any reference drawn from such data related to the data subject.

5.2 consent

Consent shall mean a freely given specific and informed indication of the data subject's wishes by which the data subject signifies his agreement to personal data relating to him being managed without limitation or with regard to specific operations.

5.3 objection

Objection shall mean the data subject's statement by which data subject objects to the management of his/her data and requests that the management of such data be terminated and/or the managed data be deleted.

5.4 controller

Controller shall mean a natural or legal person or unincorporated organization that determines alone or with others the purpose of the management of personal data, makes decisions regarding data management (including the means) and implements such decisions itself or engages a processor to implement them.

5.5 data management

Regardless of the process applied, data management shall mean any operation or set of operations that is performed upon data, such as collection, recording, organization, storage, adaptation or alteration, use, disclosure by transmission, publication, alignment or combination, blocking, deletion or destruction, and blocking the data from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images).

5.6 disclosure by transmission

Disclosure by transmission shall mean making data available to a specific third party.

5.7 public disclosure

Public disclosure shall mean making data available to the general public.

5.8 deletion of data

Deletion of data shall mean the destruction or elimination of data sufficient to make them irretrievable.

5.9 blocking of data

Blocking of data shall mean marking data with identification tags in order to restrict their procession permanently or for a predetermined period.

5.10 destruction of data

Destruction of data shall mean the complete physical destruction of data or the medium containing the data.

5.11 data processing

Data processing shall mean the technical operations involved in data management, irrespective of the method and instruments employed for such operations and the venue where it takes place, provided that the technical operations are done on data.

5.12 processor

Processor shall mean a natural or legal person or unincorporated organization that is engaged in the processing of personal data on behalf of a controller on contractual basis - including when ordered by virtue of legal regulation.

5.13 third person

Third person shall mean any natural or legal person or unincorporated organization other than the data subject, the controller or the processor.

5.14 third country

Third country shall mean any country that is not a member of the European Economic Area.

5.15 cookie

Cookie shall mean a text file that is stored on the computer by a home page visited through an internet browser. Cookie is used to make browsing more comfortable and customized, as it facilitates storing various personal data, passwords. By using cookies, targeted or customized advertisement campaigns can be run.

6. Data Management Principles Followed

Personal data may be managed if

  1. the data subject has given his/her consent, or

  2. decreed by law or decreed by a local authority, based on authorization conferred by law concerning specific data defined therein, to achieve a purpose in the public interest (hereinafter mandatory data management).

Personal data may be managed only for specified and explicit purposes, where it is necessary for carrying out certain rights or obligations. This purpose must be satisfied in all stages of operations of data management. Recording and the processing of data shall be fair and lawful.

The personal data managed must be essential for the purpose for which it was collected, it must be suitable to achieve that purpose. Personal data may be managed to the extent and the duration necessary to achieve that purpose.

During data management, data shall be kept accurate, complete and, if necessary for the purpose of data management, up-to-date, and data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected.

Personal data may be managed only if the data subject has given his/her prior, informed consent.

Processor may transfer personal data to a third country processor or controller if the data subject has given his/her explicit consent. Transmission of data to member states of the European Economic Area shall be treated as transmission within the territory of the Republic of Hungary.

Prior to the start of data management, data subject shall be informed whether data management is voluntary or compulsory. Prior to the start of data management, data subject shall be clearly and elaborately informed of all aspects concerning the management of his/her personal data, such as the purpose for which the data are required and the legal grounds, the person entitled to carry out the processing, the duration of the proposed processing operation and the persons to whom his data may be disclosed.

The data subject shall be informed of his/her rights and the possibilities of seeking legal remedies in connection with data management.

7 Legitimacy of Data Management

Data management is performed with the voluntary consent of the users registered on homepage. Registration includes filling in a sheet containing personal data and accepting the content of the privacy statement.

7.0 Data of the visitors of web page

Purpose of data management: ensuring the operation, control of the homepage, preventing security issues and their subsequent evaluation.

Legal ground of data management: Act CVIII of 2001 on certain issues of electronic commerce activities and information society services, Paragraph 3.
Scope of managed data: date and exact time of the visit, address of the web page visited, address of the web page visited previously, visitor's IP address and data characterizing the web browser and operation system used.
Deadline of data deletion: 2 years since the visit
Registration number: NAIH-62311/2013

7.1 Data recording by third party service providers on the home page

No third party service providers collect and manage personal data on behalf of Balabit Kft.

The web analytics service provider, Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043) on behalf of BalaBit Kft. is entitled to manage only data stripped of information identifying the individual. You can read about the applied data management principles on the web page.

Using the Facebook Comments application embedded on Service Provider's web page, visitors, logging into their own Facebook account, may write comments in the Service Provider's web page. You can read about the privacy policy of Facebook on the web page.

7.2 Maintaining contact

Service Provider interprets the download of specific studies, trial versions, call back requests and applying for webinars as making contact.

Purpose of data management: maintaining contact
Legal ground of data management: data subject's voluntary consent.
Scope of managed data: company name, country, e-mail address, name, telephone number, job.
Deadline of data deletion: 2 years since the last contact made.
Registration number: NAIH-62312/2013

7.3 Registering for the events of BalaBit Kft.

Purpose of data management: Event organization
Legal ground of data management: data subject's voluntary consent.
Scope of managed data: company name, country, e-mail address, name, telephone number, job.
Deadline of data deletion: 2 years since the last contact made.
Registration number: NAIH-62313/2013

7.4 Signing up for newsletters

Purpose of data management: giving information, maintaining contact and sending advertisement like offers.
Legal ground of data management: data subject's voluntary consent.
Scope of managed data: e-mail address, name.
Deadline of deleting data: 2 years starting from the last activity.
Registration number: NAIH-62314/2013

7.5 Applying for a job

Purpose of data management: recruiting, maintaining contact.
Legal ground of data management: data subject's voluntary consent.
Scope of managed data: name, e-mail address, date of birth, period of time working as programmer, programming languages known, languages spoken, highest degree of education earned, previous work.
Deadline of deleting data: five years since the date of application
Registration number: NAIH-62310/2013

8. Deleting Personal Data

Balabit Kft. deletes personal data if their management is unlawful, the purpose of data management ceased to exist, or the statutory deadline for storing personal data expired, or if the court or the data protection commissioner ordered the deletion.

The user may request the deletion of his/her own personal data by writing to Service Provider will delete the data in 15 work days upon receiving the request for deletion.

9. Using cookies on the web page of Balabit Kft.

What is a cookie?

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are useful because they allow a website to recognize a user’s device. A cookie is used to make browsing more comfortable and customized, as it facilitates storing various personal data and passwords. By using cookies, targeted or customized advertisement campaigns can also be run.

Cookie categories

The cookies used on this website have been categorized based on the categories described in the International Chamber of Commerce guide on cookies.

Category Description Examples How to manage
Strictly necessary cookies

These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.

BalaBit's website identifies you with a cookie that stores an encrypted string. Every time you visit our website, your browser will download this cookie.

session cookie

These cookies are required to operate BalaBit’s website and the service that you have requested.

If you do not want to download these cookies, stop using BalaBit’s website.

Performance cookies

These cookies collect information about how visitors use a website. For example, which pages visitors go to most often, and whether they get error messages from web pages.

Performance cookies do not collect any information that identifies a visitor. All information these cookies collect is aggregated and therefore is anonymous. It is only used to improve functions and user experience.


To stop downloading performance cookies, change your browser settings. For details, read this guide.

Functionality cookies

These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personalized features. For example, a website may be able to provide you with local weather reports or traffic news by storing a cookie about the region you are currently located in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. They may also be used to provide services you have requested, such as watching a video or commenting on a blog. The information these cookies collect are anonymous and they cannot track your browsing activity on other websites.


To stop downloading functionality cookies, change your browser settings. For details, read this guide.

Disabling this cookie category has direct effect on website functionalities and user experience.

Targeting cookies or advertising cookies

These cookies are used to deliver advertisements that are more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measuring the effectiveness of the advertising campaign.

They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organizations such as advertisers. Quite often, targeting or advertising cookies will be linked to site functionalities provided by the other organization.

BalaBit’s website uses Google Analytics to track and statistically analyze visitors’ behavior. The information provided for Google Analytics does not contain any personal data.


To stop downloading targeting or advertising cookies, change your browser settings. For details, read this guide.

10. Data Security Measures

Personal data are stored in dedicated servers that are guarded in 24 hours a day. The servers are installed in the server rooms of InterNetX GmbH in the territory of the Federal Republic of Germany and in the server room of the Service Provider.

11. Updating the Privacy Policy

Balabit Kft. reserves the right of unilaterally changing the present privacy policy subsequent to informing the users. You accept the updated privacy policy by using the service after the update becomes effective.

11. Users' Rights in Relation with the Management of their Personal Data

The data subject may request information about the management of his/her personal data and may also request data correction, or, with the exception of the cases set forth in the law, data deletion. Upon the data subject's request, Service Provider provides information concerning the data relating to him/her, including those processed by a data processor on its behalf, the purpose, grounds and duration of processing, the name and address (corporate address) of the data processor and on its activities relating to data management, and the recipients of his/her data and the purpose for which they are or had been transferred. Controller shall comply with requests for information without any delay, and provide the information requested in an intelligible form within no more than 30 days. The information provided is free of charge. Request for information shall be sent via e-mail to that shall be answered in 8 work days.

13. Enforcement of Rights

The data subject may object to the management of his/her personal data,

  1. if processing or transfer is carried out solely for the purpose of enforcing the rights and legitimate interests of the controller or a third person recipient, unless processing is prescribed by law;

  2. if personal data is used or transferred for the purposes of direct marketing, public opinion polling or scientific research;

  3. if the right to object is ensured by law.

In the event of objection, controller shall investigate the objection within the shortest possible time, not to exceed 15 days, and shall make a decision if the objection is justified, and shall notify the data subject in writing of the findings of its decision.
If the objection is justified, the controller shall terminate all processing operations (including data collection and transmission), block the data involved and notify all recipients to whom any of these data had been previously transferred concerning the objection and the ensuing measures; these recipients shall also take measures regarding the objection.

If the data subject disagrees with the decision taken by the controller, the data subject may file for court action within 30 days of the date the decision was conveyed, or the by the last day of deadline.

14. Statement of the Controller

Controller accepts to be bound by the content of the present privacy statement, and declares that the data management related to its service corresponds with the expectations defined in the present statement.