Data processing information
ACCORDING TO DATA PROCESSING

Data Controller


Name: Bike Maffia Közhasznú Egyesület (Bike Maffia Non-profit Association)
Registered Office: 1141 Budapest, Jeszenák János u. 95. 4/1.
Court Registration Number: 01-0015439 (Budapest-Capital Regional Court)
Tax Number: 18596856-1-42
E-mail: info@bikemaffia.com


DATA PROCESSING ACTIVITIES

Volunteers

  • Purpose of data processing: recruitment, selection, registration and coordination of volunteers necessary for the work of BBM.
  • Legal basis for use: consent, legitimate interest, contract, if applicable.
  • Processed data: name, address, telephone number, e-mail address of volunteer individuals, if applicable, information necessary for selecting projects (e.g. interests, education, competencies), other identification data in the event of a contract (e.g. mother’s name, date of birth, etc.). In the case of corporate volunteer programs, we only process the contact details of the contact persons.

Event participants

  • Purpose of data processing: persons commissioned by the Association take photos and videos of the participants at the events. The Association may use these in its internal and external communication materials, publications, press communications, website and social media platforms, and in application materials, and may pass them on to third parties supporting the event.
  • Legal basis for use: consent
  • Processed data: photos, videos

Individual donors

  • Purpose of data processing: registration of private donors, determination of donor category (for the appropriate gift), contact management.
  • Legal basis for use: consent.
  • Data processed: name, address, telephone number, e-mail address, consent to appear on the website, amount of support. In the case of corporate donors, we only process the contact details of the contact persons.
  • Data Transfer: Our association uses Stripe’s services for card donations. (For donations made before April 27, 2026, we used Simple’s services.)

Supporting projects and programs

  • Purpose of data management: registration of supported persons and families in order to provide effective support.
  • Legal basis for use: consent, legitimate interest, contract, if applicable.
  • Processed data: name, address, telephone number, e-mail address, other identification data in the event of a contract (e.g. mother’s name, date of birth, etc.), where applicable, other information regarding the supported persons (e.g. situation of the supported family, clothing needs of a stateless person).

Newsletters

  • Purpose of data processing: to provide information about the work of BBM, our current programs and events.
  • Legal basis for use: consent.
  • Processed data: name, email address.
  • Data Transfer: Our association uses Mailchimp’s services for sending out newsletters.

Webshop

  • Purpose of data processing: sale and delivery of the webshop’s products.
  • Legal basis for use: consent, legitimate interest
  • Processed data: name, address (billing, shipping), telephone number, e-mail, clothing size, if applicable.
  • Data Transfer: Our association uses Shoprenter’s services for operating our webshop.

Participation in games and draws

  • Purpose of data processing: to notify the winner after the draw, to provide information about BBM’s work, our current programs and events
  • Legal basis for use: consent
  • Processed data: name, email address.

Our website uses Facebook Pixel. This means that we track the activities of visitors registered on Facebook on our website and receive statistical data about them. We do not store any personal data in this connection. Data processing is governed by Facebook’s data processing rules.

Duration of all data processing: until withdrawal. The data subject may at any time, without giving reasons, request in writing the correction, modification, deletion of their personal data or part of their data, or withdraw their consent to data processing. Send your unsubscribe request to info@new.bikemaffia.com. We will take action to correct, modify or delete the data immediately, but no later than 15 days after receiving the request.

Data Transfer Notice

Credit Card Payments

  • Name: Stripe
  • Registered Office: 510 Townsend Street, San Francisco, CA 94103, US
  • Privacy Policy: https://stripe.com/privacy-center/legal

For recurring donations made before April 27, 2026:

  • Name: OTP Mobil Kft.
  • Registered Office: 1138 Budapest, Váci út 135-139.
  • Privacy Policy: http://simplepay.hu/vasarlo-aff

 

Newsletters

  • Name: Intuit Mailchimp
  • Registered Office: 405 N Angier Ave. NE Atlanta, GA 30308 USA
  • Privacy Policy: https://mailchimp.com/help/data-privacy/

Webshop

  • Name: Shoprenter Kft.
  • Registered Office: 4028 Debrecen, Kassai út 129.
  • Privacy Policy: https://www.shoprenter.hu/adatkezelesi-tajekoztato/

Site Analytics

  • Name: Meta Platforms Ireland Ltd.
  • Registered Office: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
  • Privacy Policy: https://www.facebook.com/privacy/

Information Regarding Credit Card Payments

Data Security

We recommend keeping a record of your donation details and payment transaction data (transaction ID, authorization number) and ensuring that your confidential card details are never accessible to unauthorized persons. We suggest using a browser that supports SSL encryption.
SSL (Secure Sockets Layer) is a widely accepted encryption method. Both payment interfaces use an encryption key to protect the communication channel. Using SSL, the browser encrypts the Donor’s (referred to as “Customer” in banking terms) cardholder data before sending it, so it reaches the bank in an encoded format that cannot be interpreted by unauthorized persons. The bank handles only the card data necessary for the payment transaction on the SSL-encrypted payment page. Only the bank has access to data provided on the payment page; the Association does not receive this information. Your internet browser must support SSL encryption to complete a card payment.

Accepted Cards

Stripe’s online payment system accepts Mastercard/Maestro, VISA, VISA Electron (for Electron, only if authorized by the issuing bank), Discover, and American Express cards.

Information for One-Time Donations

On the “Donate” page, after selecting “One-time donation,” enter your last name, first name, email address, and the amount you wish to donate via credit card. We use this information for future contact with our donors. Filling out the “Comment” section is optional; if you wish, you may use it to designate a specific purpose for which the Association will use your donation to the best of its knowledge and discretion.
If you choose a card payment method, you must enter your card details. If using Google Pay or Apple Pay, you can provide the associated details after clicking the “Donate” button. Here, you can select which of your registered cards you wish to use for the donation. By accepting the privacy policy and terms of donation and clicking “Donate,” Stripe’s secure payment service will charge your card based on the details provided. Following the payment, the Donor will receive a confirmation of the transaction result on the Association’s website. After a successful transaction, the bank initiates the charge to the Donor’s account. The donated amount is immediately blocked on your card account. If the transaction is unsuccessful or if you require more detailed information, please contact your card-issuing bank.

Information for Recurring Donations

On the “Donate” page, after selecting “Monthly recurring donation,” the bank’s system will charge the Donor’s card with the specified amount every 30 days. If a charge is unsuccessful, it will be retried the following day. A recurring mandate can be permanently cancelled or paused in two ways:
1. Self-Service:

By clicking the “Manage Recurring Donations” button on the “Donate” page, you will be redirected to the English-language portal of our provider, Stripe. Enter the email address used for the recurring donation and click “Send.” You will receive an email with a link to the Stripe customer portal, where you can view, check, or cancel your donation. Click “Cancel Subscription” to stop the recurring donation. If this is unsuccessful, please use the second method.


2. Email:

Send an email to Budapest Bike Maffia at it@bikemaffia.com, providing the name and email address associated with the recurring support. We will then handle the cancellation and inform the Donor via email.

By accepting the privacy policy and terms for recurring payments, you consent to the Association initiating future payments following a successful registration without requiring you to re-enter card data or provide transaction-by-transaction consent.

Your bank statement will show “Stripe Payments Europe Limited” as the merchant for these transactions.
The Association (the “Service Provider” in banking terms) is directly responsible for any erroneously or unlawfully initiated recurring transactions; claims against the Service Provider’s payment processor are excluded. Card data is handled according to card association rules. Neither the Association nor Stripe has access to your full card details.

Information for Recurring Donations made before April 27, 2026

Recurring credit card payment (hereinafter: “Recurring Payment”) is a feature provided by SimplePay for card acceptance. This means that future payments can be initiated using the credit card details provided by the Customer during the registration transaction, without having to enter the card details again.
By accepting this declaration, you consent to future payments initiated in this webshop (bikemaffia.com) following a successful registration transaction being triggered by the Merchant without the re-entry of card details or your specific consent for each individual transaction.
Attention(!): Card data is handled in accordance with the rules of the card companies. Neither the Merchant nor SimplePay has access to the credit card details.
The Merchant is directly responsible for any recurring payment transactions initiated erroneously or unlawfully; any claims against the Merchant’s payment service provider (SimplePay) are excluded.

INFORMATION ON THE RIGHTS OF THE DATA SUBJECT

Right to Prior Information
The data subject has the right to receive information regarding the facts and information related to data processing prior to the commencement of such processing. (GDPR Articles 13-14)

Right of Access by the Data Subject
The data subject has the right to obtain confirmation from the Data Controller as to whether or not personal data concerning them are being processed, and where that is the case, access to the personal data and related information as defined in the Regulation. (GDPR Article 15)

Right to Rectification
The data subject has the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement. (GDPR Article 16)

Right to Erasure (“Right to be Forgotten”)
The data subject has the right to obtain from the Data Controller the erasure of personal data concerning them without undue delay, and the Data Controller is obliged to erase personal data without undue delay where one of the grounds specified in the Regulation applies. (GDPR Article 17)

Right to Restriction of Processing
The data subject has the right to obtain from the Data Controller restriction of processing where the conditions specified in the Regulation are met. (GDPR Article 18)
Notification Obligation Regarding Rectification or Erasure of Personal Data or

Restriction of Processing
The Data Controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Data Controller shall inform the data subject about those recipients if the data subject requests it. (GDPR Article 19)

Right to Data Portability
Under the conditions set out in the Regulation, the data subject has the right to receive the personal data concerning them, which they have provided to a Data Controller, in a structured, commonly used, and machine-readable format and has the right to transmit those data to another Data Controller without hindrance from the Data Controller to which the personal data have been provided. (GDPR Article 20)

Right to Object
The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them based on point (e) of Article 6(1) (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller) or point (f) of Article 6(1) (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party). (GDPR Article 21)

Automated Individual Decision-Making, Including Profiling
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. (GDPR Article 22)

Restrictions
Union or Member State law to which the Data Controller or processor is subject may restrict by way of legislative measures the scope of the obligations and rights provided for in Articles 12 to 22 and Article 34, in accordance with the rights and obligations provided for in Articles 12 to 22. (GDPR Article 23)

Communication of a Personal Data Breach to the Data Subject
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall communicate the personal data breach to the data subject without undue delay. (GDPR Article 34)

Right to Lodge a Complaint with a Supervisory Authority
The data subject has the right to lodge a complaint with a supervisory authority—in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement—if the data subject considers that the processing of personal data relating to them infringes the Regulation. (GDPR Article 77)

Right to an Effective Judicial Remedy Against a Supervisory Authority

Each natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them, or where the supervisory authority does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged. (GDPR Article 78)
Right to an Effective Judicial Remedy Against a Data Controller or Processor
Each data subject shall have the right to an effective judicial remedy if they consider that their rights under this Regulation have been infringed as a result of the processing of their personal data in non-compliance with this Regulation. (GDPR Article 79)
Remedies and complaints can be lodged with the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information (NAIH)
Registered Office: 1055 Budapest, Falk Miksa utca 9-11.
Mailing Address: 1363 Budapest, Pf. 9.
Website: http://www.naih.hu
Phone: +36-1-391-1400