1. Data Controller & Service Provider

X-Business Kft.
VAT: HU25542842
Address: 1134 Budapest, Váci út 47., Hungary
Email: secretary@bipoco.hu

X-Business Kft. processes personal data on behalf of BiPoCo / BME, the Event organizer.

2. Purpose of Data Processing

Personal data is collected and processed for the following purposes:

• Managing event registration
  
  
• Communication with participants
  
  
• Abstract submission and evaluation
  
  
• Generating invoices through szamlazz.hu
  
  
• Payment processing (Barion)
  
  
• Organizing programme schedules
  
  
• Complying with accounting and tax regulations
  
  

3. Legal Basis for Processing

Data is processed based on:

• GDPR Art. 6(1)(b) – processing necessary for contract performance (event registration)
  
  
• GDPR Art. 6(1)(c) – legal obligations (invoicing, accounting)
  
  
• GDPR Art. 6(1)(a) – consent (optional data fields)
  
  
• GDPR Art. 6(1)(f) – legitimate interests for event organization and communication
  
  

4. Categories of Personal Data Collected

The registration form collects the following information:

• Role
  
  
• Sponsorship Category
  
  
• Special Code
  
  
• First name, Family name
  
  
• Special diet, disability
  
  
• Institution, faculty/division, department
  
  
• Email, phone number
  
  
• Address (street, city, zip, country)
  
  
• Presentation type (oral/poster)
  
  
• Title, Summary, Abstract, Abstract template
  
  
• Payer’s name
  
  
• Payer’s address
  
  
• Payer’s VAT number
  
  
• Invoice comment (optional)
  
  

5. Data Processors & Third-Party Services

Data may be processed using:

• Jetpack CRM (WordPress) – registration and contact management
  
  
• szamlazz.hu – invoicing and payment links
  
  
• Barion – credit card payment processing
  
  

All processors comply with GDPR requirements.

6. Data Retention

Data is retained as follows:

• Registration and invoicing data: 8 years (Hungarian accounting law)
  
  
• Abstracts and presentation submissions: retained for the lifecycle of the event
  
  
• Communication data: up to 3 years after the event
  
  

7. Participant Rights

Under GDPR, you have the right to:

• Access your data
  
  
• Request corrections
  
  
• Request deletion (where legally permitted)
  
  
• Restrict processing
  
  
• Object to processing
  
  
• Withdraw consent (for optional data)
  
  
• Request data portability
  
  

To exercise any rights: secretary@bipoco.hu

8. Transfers Outside the EU

No personal data is transferred outside the EU unless explicitly required by a third-party service provider with GDPR-compliant safeguards.

9. Security

X-Business Kft. implements industry-standard technical and organizational measures to protect personal data.
However, full technical availability or error-free operation cannot be guaranteed.

10. Updates to the Privacy Policy

Changes to this Privacy Policy will be published on the Website.