Data protection notice
Kibit Solutions Limited Liability Company
(hereinafter referred to as: Kibit Solutions Ltd.)
provides the following information to data subjects regarding the processing of personal data during its activities:
DATA CONTROLLER
Name of the Data Controller: Kibit Solutions Ltd.
Company registration number: Cg.01-09-342197
Registered seat: 1036 Budapest, Bécsi út 52. 1/2.
Email: info@kibitsolutions.com
The Data Controller participates in the execution of domestic and international IT-related projects. During these activities, data processing is performed by the company itself and by subcontractors engaged by the Data Controller. This data protection notice also explains how personal data is processed during marketing communication.
DATA PROCESSING
1.) PROCESSING PERSONAL DATA OF CLIENTS OR POTENTIAL CLIENTS
- Purpose of data processing: to establish and maintain business relationships between the Data Controller and its potential or existing clients.
- Legal basis of data processing: Performance of a contract (according to Article 6(b) of Regulation (EU) 2016/679).
- Categories of data:
Full name / Contact person’s name | Identification
Email address | Contact
Phone number | Contact
Other personal data provided by the data subject | Business communication
- Duration of data processing: a) with existing clients - until the end of the 5th year after the termination of the contractual relationship with the client; b) with potential clients – end of the 3rd year after setting up the contact with the potential client.
Possible consequences of failure to provide data: The data subject cannot enter into a contractual relationship with the Data Controller and cannot become a client.
2. SENDING NEWSLETTER
- Purpose of data processing: sending newsletters, thereby informing interested parties about the current projects of the Data Controller.
- Legal basis of data processing: consent of the data subject (according to Article 6(a) of Regulation (EU) 2016/679).
- Categories of data
Full name | Identification of the data subject
Email address | Contact
subscription date
- Duration of data processing: until 15 days after the withdrawal of consent.
Possible consequences of failure to provide data: the data subject will not receive proper information on promotions from the Data Controller.
3.) EVENT ORGANISATION
- Purpose of data processing: Data Controller organises events (webinars, workshop, training courses or similar occasions) with the purpose of promoting its services and reaching out to potential clients.
- Legal basis of data processing: legitimate interest of the Data Controller (according to Article 6 (f) of Regulation (EU) 2016/679).
- Categories of data
Full name | Identification of the data subject
Email address | Contact
event related information
- Duration of data processing: end of the 3rd year after signing up for an event.
Possible consequences of failure to provide data: the data subject can not attend the event.
4.) WEBSITE USAGE
The Data Controller uses cookies on its www.kibitsolutions.com website (the “Website”).
Cookies are small text files that are stored on the user’s device when they visit a website. They are widely used to make websites work efficiently, enhance user experience, and provide analytical information to website owners.
Data controller uses only third-party cookies – set by other providers – of the following categories:
- Essential cookies
These are required for the Website to function properly. They enable core features such as security, network management, and accessibility.
- Analytics cookies
These help us understand how visitors use our Website — for example, which pages are most visited — so we can improve performance and usability.
- Preferences
These enhance the functionality of our Website (e.g., remembering language preferences or login information).
- Marketing cookies
These are used to deliver ads that are relevant to you and to measure campaign performance. They may track your browsing activity across different websites.
Please be informed that the cookie consent banner shows the type of cookies currently used by the Website and users can manage their cookie preferences on the cookie consent banner on the Website by accessing it through the relevant icon permanently present thereby.
- Legal basis of data processing: The user’s voluntary consent, according to Article 6(1)(a) of the GDPR when it is requested or in the other cases, the Data Controller’s or third parties legitimate interest Article 6(1)(f).
Possible consequences of failure to provide data: inaccurate analytics and the lack of relevant targeted advertisements.
DATA PROCESSORS
In accordance with applicable laws, the Data Controller may use data processors for specific tasks. These processors act solely on instructions from the Data Controller and are not authorized to make independent decisions regarding personal data.
HubSpot Inc.
25 First Street, 2nd Floor, Cambridge, MA 02141, United States https://hubspot.com/
It processes personal data submitted via website forms (e.g. contact forms, newsletter sign-ups). Newsletter sending, tracking user interactions with marketing emails, landing pages, other customer communication.
LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Ireland, https://www.linkedin.com/
LinkedIn processes personal data for advertising and conversion tracking purposes via LinkedIn Ads and the LinkedIn Insight Tag. This includes measuring ad performance, audience targeting, and retargeting website visitors on the LinkedIn platform.
Google LLC
1600 Amphitheatre Parkway, Mountain View, California 94043, USA
https://ads.google.com
https://policies.google.com
Google processes personal data for online advertising, conversion tracking, and remarketing via Google Ads cookies and tracking technologies.
Zoom
video conference, event related communication (registration: name, email address, reminder), recording
Twise AI
548 Market St, PMB 23938, San Francisco, California 94104-5401, USA
It processes data to deliver conversational AI responses, insights on visitor behaviour.
DATA TRANSFERS TO THIRD COUNTRIES
In certain cases, the personal data provided by data subjects may be shared with clients classified as third-country entities under applicable law or our third-country sales agents may access the client database for supporting their sales activity. The Data Controller relies on adequacy decisions issued by the European Commission to determine whether a third country provides an adequate level of data protection for the above data transfers. In other cases, standard contractual clauses approved by the European Commission or other applicable legal exemptions (Privacy Framework to US companies) are used to govern such transfers.
RIGHTS OF THE DATA SUBJECT
Data subjects may request information regarding the processing of their personal data, request the correction or deletion of their data via info@kibit.hu, request restriction of processing, and have the right to data portability and to seek legal remedy. In Hungary, complaints can be submitted to the National Authority for Data Protection and Freedom of Information (NAIH), or the data subject may turn to a court of law.
1.RIGHT TO INFORMATION AND ACCESS
The data subject has the right to know what personal data the Data Controller stores and how it is processed. Requests must be submitted in writing (email or post). The Data Controller will respond in a commonly used electronic format unless otherwise requested in writing. No oral information is given by phone.
Access may include information on:
the scope, purpose, duration, and legal basis of processing
data transfers: to whom data has been or will be transferred
data source identification
The first copy of the personal data will be provided free of charge. Additional copies may incur a fee based on administrative costs. Electronic requests will receive electronic responses unless otherwise specified by the data subject.
2.RIGHT TO RECTIFICATION
Upon written request, the Data Controller will correct any inaccurate personal data or supplement incomplete data without undue delay. All recipients of the data will be informed of the rectification unless this proves impossible or requires disproportionate effort. The data subject will be informed of these recipients upon request.
3.RIGHT TO RESTRICTION OF PROCESSING
The data subject may request restriction of processing if:
they contest the accuracy of the personal data (restriction applies while accuracy is verified);
the processing is unlawful, but deletion is opposed, and restriction is requested instead;
the controller no longer needs the data for processing, but the data subject requires it for legal claims;
the data subject objects to processing pending verification of overriding legitimate interest by the controller.
If restriction is applied, the Data Controller may only store the data unless:
the data subject consents to further processing;
the data is required for legal claims;
the data is needed to protect another natural or legal person;
or processing is mandated by public interest law.
The data subject will be notified in advance if the restriction is lifted.
4.RIGHT TO ERASURE (‘RIGHT TO BE FORGOTTEN’)
Upon request, the Data Controller will delete the data subject’s personal data without undue delay if:
the data is no longer needed for the original purpose;
the data subject withdraws consent and there is no other legal basis;
the data subject objects to processing and there are no overriding legitimate grounds;
the data was processed for direct marketing (including profiling);
the data was processed unlawfully;
the data relates to a child under information society services.
This right may not be exercised if processing is necessary for freedom of expression and information, public health interests, archiving, research, or statistical purposes, where deletion would render the processing impossible or legal claims.
5.RIGHT TO DATA PORTABILITY
The data subject may receive and reuse their personal data (provided by them to the controller) across different services. This applies only to data the data subject submitted directly and not derived or inferred data. The Data Controller may require in-person identity verification before fulfilling such requests. This right does not imply automatic deletion from the controller’s systems.
6.RIGHT TO OBJECT
The data subject may object in writing to processing based on:
public interest (Article 6(1)(e) GDPR), or
legitimate interests (Article 6(1)(f) GDPR).
Processing must cease unless the Data Controller can demonstrate compelling legitimate grounds overriding the data subject’s interests or necessary for legal claims.
REQUEST HANDLING DEADLINES AND PROCEDURES
The Data Controller must respond to any of the above requests within one month. In complex cases or high volumes, this deadline may be extended by two months, with notification within the first month. If requests are unfounded or excessive, the Data Controller may charge a reasonable fee or refuse the request. Responses are provided in the same format the request was received (electronic if emailed).
Requests may be submitted via email or post. The Data Controller may verify identity before fulfilling requests. If identification is not possible, the request may be rejected. Legal remedies include submitting complaints to NAIH (Hungary) or pursuing claims in court.
OTHER PROVISIONS
The Data Controller reserves the right to unilaterally amend this Privacy Notice. Changes take effect as stated.
Data Protection Contact
info@kibitsolutions.com
Effective date of this Privacy Notice: 24 February 2026
