Skip to main content

Privacy notice

1. General information

The purpose of this privacy notice is to specify the principles and rules on processing and using personal data provided to, and accessed by the Data Controller during the photo contest entitled “Birdo Bird Photographer of the Year – 2023” announced by Birdo Nature Conservation Association (registered office: 1136 Budapest, Raoul Wallenberg utca 5.; registration number: 01-02-0018000) (hereinafter: Data Controller).

The Data Controller hereby provides information on what data are recorded, how they are used and how the rights of the data subjects can be exercised.

Data are collected, processed and used under the statutory provisions, with special regard to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) as well as Act CXII of 2011 on the right of informational self-determination and on the freedom of information (hereinafter: Info Act), by respecting the personal data rights of the participants in the photo contest. By registering for the contest the Participants accept the provisions of this Privacy Notice.

2. Details of the Data Controller:

Name: Birdo Nature Conservation Association
Registered office: 1136 Budapest, Raoul Wallenberg utca 5.
Registration court where the Data Controller is entered into the trade registry: Budapest-Capital Regional Court
The Data Controller’s registration number: 01-02-0018000

3. Basic terms

Personal data: any information relating to an identified or identifiable natural person ("data subject"). 
Those natural persons are identifiable who can be identified directly or indirectly, especially based on an identifier such as name, number, location data, online identifier or on one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
Data processing: any operation or set of operations performed on personal data or on data files, whether or not by automated means, and the totality of data processing operations performed by a data processor acting on behalf of, or at the request of the data controller.
This covers collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transfer, dissemination or making accessible otherwise, alignment or combination, restriction, erasure or destruction.
Data controller: any natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and the means of processing personal data. Where the purposes and means of the processing are defined by Union or Member State law, the controller or the specific criteria for the designation of the controller may be determined by Union or Member State law.
Data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
Data transfer: making the data available to a specific third party.
Recipient: a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. 
Third party: a natural or legal person, public authority, agency or body other than the data subject, controller, data processor or the persons who, under the direct authority of the data controller or the data processor, are authorised to process personal data.
The data subject's consent: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which s/he, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Data erasure: making data unrecognisable in such a way that it is no longer possible to recover it.
Data breach: a violation of security that results in incidental or unlawful annihilation, loss, change, authorised publication of, and unauthorised access to transferred, stored personal data or to data processed in another manner.

4. The description of data processing

The Data Controller processes only the personal data provided by the Participant during the registration or uploading of the application material and generated during the activities of the Participant related to the Data Controller's website. The Data Controller strives to fully enforce the rights of the data subjects.

5. The scope of processed personal data

5.1. We only record personal data that the Participant voluntarily provides to us as well as data for which the Participant consented processing by accepting this privacy notice. The Data Controller processes the following personal data provided during the registration on the website, which is required for participation in the photo contest:

For participants:
- surname and given name
- e-mail address
- telephone number
- for minors, the name of the legal representative

For legal representatives:
- surname and given name
- e-mail address
- telephone number

5.2. When you visit the website, the Bird Photo Contest server automatically stores certain information for system administration, statistical or security reasons. This information relates to the visitor's internet service provider, in some cases the visitor's IP address, the version number of the software browser, the type of the computer operating system, the website from which you accessed the Bird Photo Contest website, the pages you visited on the website and the keywords you used to access the website. From these data it is possible to conclude to the number of visits to the site and the given PCs can be traced back, but no personal data are used. The data are only used anonymously. If the Data Controller transfers the data to a third party, this is done in accordance with the legal provisions on the protection of personal data.

6. The legal basis, purpose and duration of data processing

The Participant acknowledges that the provision of data related to the photo contest is voluntary and the legal basis for data processing is the voluntary and non-influential consent given by them during the registration required for submitting their application.
The consent of the legal representative is required for the validity of consent by a minor-aged Participant.
The personal data provided during registration are processed for the purpose of conducting the photo contest, selecting and announcing the winners, and contacting the applicants.
Period of data processing: the time necessary to achieve the purpose of data processing, but not later than: 31 December 2023, or until the withdrawal of the Participant's consent.

Purpose of data processingLegal basisData fieldsAccessed byStorage period

Ensuring the proper and high-quality operation of the website, checking and improving the quality of our services, identifying malicious visitors attacking our website, measuring traffic, other statistical purposesThe data subject's consent (article 6 (1) a) of the GDPR)- IP address 
- Date of visit 
- Data of the visited sub-pages 
- Type of the op system and browser used by youOur designated employee and the designated employees of the website operator As stated in the cookie policy

7. Data transfer

The data are accessed by persons acting in the interests of the Data Controller, in particular the employees and agents specified in this notice, who need it for performing their activities and who are aware of the obligations related to data processing. The personal data of the Participant may be transferred to third parties only with the prior and informed consent of the Participant, unless the data transfer by the Data Controller is required by law or official regulation. 
The Data Controller informs the Participant that joint data processing takes place in relation to the data indicated below:

Names of common data controllersPurpose of data transferActivities related to data processingTransferred data fieldsLegal basisDuration
Birdo Nature Conservation Associationpre-selection 
of images
album editing
organising the announcement of results, keeping contacts
of images
album editing
organising the announcement of results, keeping contacts
surname and given name
e-mail address
telephone number
for minors
the name of
the legal representative
contractual relationshipuntil 31 December 2023

Details of the common data controller:

Company nameAddressRegistration numberPhone numberEmailWebsite
Birdo Nature Conservation Association1136 Budapest, Raoul Wallenberg utca 5.01-02-0018000+36 20 957 4428info(kukac)birdo-azevmadarfotosa(pont)

Data processor

The contributors and employees participating in data processing by the Data Controller are entitled to access the personal data of the Participant to a predetermined extent, subject to the obligation of confidentiality.

Data processorPurpose of data transferData operationsLegal basis of data processingTransferred data fieldsduration of access
Websupport Magyarország Kft.Website hosting serviceAccess, saving, storing, destructionThe data subject's consent (article 6 (1) a) of the GDPR)IP-addressAs stated in the cookie policy
Google LLCGoogle cookiesCollection, recording, use, retrieval, storage and destruction of dataThe data subject's consent (article 6 (1) a) of the GDPR)The IP address used by the visitor, the type of browser, the features of the operating system (set language),
date of visit, the (sub) page visited
As stated in the cookie policy

8. Data security


The Data Controller – together with other data controllers and with regard to the data processors – takes measures to ensure that natural persons with access to personal data and acting under its control may process such data only in accordance with the data controller's instructions, unless otherwise required by Union or Member State law. (Article 32 of the GDPR)

The Data Controller classifies and processes personal data as confidential data, makes access to the data subject to job position and authorisation, and the employees are obliged to sign a confidentiality statement with regard to these data.

The Data Controller performs electronic data processing and registration with the help of a computer programme guaranteeing that the data can only be accessed in a manner limited to purpose, under controlled conditions and only by those (with password, by logging access and operations etc.) who need it when performing their tasks (work obligation). Documents that are under process in the course of work may only be accessed by the competent clerks, and documents containing personal data are at all times securely locked by the clerk at the time of departure.

The Data Controller ensures the adequate physical protection of data as well as devices and documents carrying them. The Data Controller takes appropriate information security measures to ensure that the personal data of the data subject are protected against, inter alia, unauthorised access or alteration.

However, please note that data transfer over the internet is not considered to be completely secure data transfer.

We make every effort to make our processes as secure as possible, however, we cannot take full responsibility for data transfer through our website.

With regard to security questions we request you to carefully safeguard your password for accessing our website and not to share it with anyone.

9. The Participant’s rights and their enforcement

The Participant has the right to receive feedback from the Data Controller as to whether the processing of his/her personal data is in progress, and if such data processing is in progress, s/he has the right to access the personal data and the following information:

  1. the purposes of data processing:
  2. the categories of personal data concerned;
  3. the recipients or recipient categories to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the right of the data subject to request from the Data Controller rectification or erasure of his/her personal data or the restriction of processing personal data concerning the data subject or to object to processing such personal data;
  6. the right to lodge a complaint with a supervisory authority;
  7. if the personal data were not collected from the data subject, any available information as to the sources;
  8. the fact of automated decision-making, including profiling, and at least in these cases, comprehensible information on the applied logic and on the significance of such data processing and the expected consequences for the data subject. 

It must be ensured for the Participant that the Data Controller provides a copy of his/her personal data that are the subject of data processing. For additional copies requested by the data subject, the Data Controller may charge a reasonable fee based on the administrative costs. If the data subject made the request by electronic means, the information shall be provided in a commonly used electronic form unless otherwise requested by the data subject. The right to obtain a copy shall not adversely affect the rights and freedoms of others.

The Participant is entitled to request the Data Controller to rectify and erase the personal data concerning him/her.
The Data Controller is obliged to erase the personal data without undue delay if any of the following reasons exists:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the data subject withdraws the consent on which the processing is based, and there is no other legal basis for data processing;
  3. the data subject objects to the data processing in the public interest, in order to exercise public authority or in the legitimate interest of the data controller (third party) and there is no overriding legitimate reason for the data processing or the data subject objects to data processing for direct business acquisition; 
  4. the personal data were processed unlawfully;
  5. the personal data must be erased in order to fulfil a legal obligation under Union or Member State law (Hungarian law) applicable to the Data Controller;
  6. the personal data were collected with regard to offering services related to the information society.

The Participant is entitled to request the Data Controller to restrict the processing of his/her personal data

  1. the data subject disputes the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Data Controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims; or
  4. the data subject objected to data processing in the public interest, in order to exercise a public authority or in the legitimate interest of the controller (third party); in this case, the restriction shall apply for the period until it is determined whether the legitimate reasons of the Data Controller override the legitimate reasons of the data subject.

The Participant is entitled to object to the processing of his/her personal data by the Data Controller as follows:

The data subject has the right to object at any time, for reasons related to his/her situation, to the processing of his/her personal data in the public interest, in the exercise of public authority or in the legitimate interest of the controller (third party), including profiling. In this case, the Data Controller may not process the personal data any further, unless the Data Controller proves that the data processing is justified by compelling legitimate reasons which override the interests, rights and freedoms of the data subject, or which are necessary to submit, enforce or protect legal claims.

  1. If personal data are processed for direct marketing, the data subject may object at any time to processing his/her personal data for such a purpose, also including profiling if it is attached to direct marketing. If the data subject objects to processing his/her personal data for direct marketing, in that case the personal data may no longer be processed for such a purpose.
  2. At the latest at the time of the first communication with the data subject, the right to object must be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.

The Participant is entitled to withdraw the consent to processing his/her personal data at any time, free of charge, as follows:

  • by deleting the registration,
  • by withdrawing the consent to data processing or
  • by withdrawing the consent to processing or using any data that is obligatory upon the registration, or by requesting its blocking.

Withdrawing the consent does not affect the lawfulness of consent-based processing before the withdrawal. The data subject may withdraw his/her consent as simply as giving the consent. For technical reasons, we undertake to register the withdrawal of the consent with a 25-day deadline.

In the above cases, or if you have any questions about your personal data, please contact us by e-mail: info(at)bird-o(dot)hu

The Participant expressly acknowledges that s/he may not participate in the photo contest if the data provided during the registration for the photo contest are erased.

Data transfer to a third country
We do not transfer the data provided on this website to third countries, however, Google also transmits the data of Google cookies to third countries. You can learn more about Google cookies here:

Automated decision-making or profiling
The Data Controller does not apply this when using the website.

9. Remedies

In the event of detecting unlawful data processing, the data subject may initiate a civil lawsuit against the Data Controller. Judgment about the lawsuit shall be the competence of the court. At the data subject’s discretion, the lawsuit may also be instituted at the court competent according to his/her residence (the name and the contact of courts are available at this link: Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if s/he considers that the processing of his/her personal data infringes the GDPR.

Name of authority

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)

/ National Authority for Data Protection and Freedom of Information

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c

Mailing address: 1530 Budapest, PF: 5

E-mail: ugyfelszolgalat(kukac)


+ 36 (1) 391-1400


+36 (1) 391-1410


The Participants may address their complaints and objections directly to the Data Controller, who will do its best in order to eliminate and remedy any infringements. The Data Controller examines the complaints submitted to it and informs the participant about its opinion and about the actions taken.
In the case where the data subject's rights related to processing his/her personal data are violated, s/he may turn to court based on Act CXII of 2011 on the right to self-determination of information and freedom of information as well as based on the Civil Code, and s/he may also request the assistance of the National Authority for Data Protection and Freedom of Information.

The Data Controller reserves the right to modify this notice at any time. Please visit this website regularly to review these rules and any additional information.

Effective date of this privacy notice: 03 April 2023



Birdo Nature Conservation Association
Email: info(at)bird-o(dot)hu

Our mission