1. Introduction
Balla Consulting ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and share your personal information when you visit our website at ballaconsulting.com, use our services, or communicate with us.
We operate as an investment consultancy based in Amstelveen, the Netherlands, providing real estate acquisition support, renovation management, company registration and tax advisory services for clients investing in Hungary. As we operate across both the Netherlands and Hungary, this policy complies with:
- The General Data Protection Regulation (EU) 2016/679 ("GDPR")
- The Dutch GDPR Implementation Act (Uitvoeringswet Algemene Verordening Gegevensbescherming, "UAVG")
- The Hungarian Act CXII of 2011 on Informational Self-Determination and Freedom of Information ("Info Act")
- The Dutch Telecommunications Act (Telecommunicatiewet)
- The Hungarian Act CVIII of 2001 on Electronic Commerce (Eker tv.)
2. Data Controller
Balla Consulting
Amstelveen, The Netherlands
Maria Balla, Chief Advisor
Email: maria.balla@ballaconsulting.com
Phone (NL): +31 618 445121
Phone (HU): +36 70 5708972
For data protection inquiries, please contact us at the email address above with the subject line "Data Protection".
3. What Personal Data We Collect
We collect different categories of personal data depending on how you interact with us:
3.1 Website Visitors
When you visit our website, we may collect: IP address and approximate location, browser type and version, device type and operating system, pages visited and time spent, referring website, and cookie data (see Section 8).
3.2 Contact Form and Enquiries
When you send us a message or schedule a consultation, we collect: your full name, email address, phone number (if provided), and the content of your message.
3.3 Newsletter Subscribers
When you subscribe to our Private Deals mailing list, we collect: your first name, email address, and the date and time of your consent. Our newsletter is powered by EmailOctopus, which processes this data on our behalf.
3.4 Clients
When you engage our services, we may additionally collect: full legal name, date of birth, nationality, residential address, copy of identification document (passport, ID card), tax identification number (Dutch BSN or Hungarian adóazonosító jel), financial information relevant to your investment, property ownership records, company registration details, bank account details, and correspondence history.
4. Purposes and Legal Bases
We process your personal data for the following purposes, each with its corresponding legal basis under Article 6 GDPR:
Responding to your enquiries and scheduling consultations
Legal basis: Legitimate interest (Article 6(1)(f)) — to respond to prospective client requests.
Sending our newsletter and private deal alerts
Legal basis: Consent (Article 6(1)(a)) — you may withdraw your consent at any time by clicking the unsubscribe link in any email or contacting us directly.
Providing our consulting, acquisition and management services
Legal basis: Performance of a contract (Article 6(1)(b)) — processing is necessary to deliver the services you have engaged us for.
Company registration and tax advisory services
Legal basis: Performance of a contract (Article 6(1)(b)) and legal obligation (Article 6(1)(c)) — certain data must be collected and retained to comply with company registration and tax filing requirements in Hungary and the Netherlands.
Client identification and anti-money laundering (AML/KYC)
Legal basis: Legal obligation (Article 6(1)(c)) — we are required under applicable anti-money laundering legislation to verify client identity and the source of funds for certain transactions. This includes the Hungarian Act LIII of 2017 on Anti-Money Laundering and the EU Anti-Money Laundering Directives.
Improving our website and services
Legal basis: Legitimate interest (Article 6(1)(f)) — to understand how visitors use our site and improve the user experience.
Complying with legal and regulatory obligations
Legal basis: Legal obligation (Article 6(1)(c)) — to meet our obligations under tax, financial and data protection law in both jurisdictions.
5. Special Categories of Data
We do not intentionally collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation).
If your identification documents contain such data (for example, nationality), we process it only to the extent strictly necessary for legal compliance purposes such as AML/KYC obligations.
6. BSN (Burgerservicenummer) — Dutch Clients
If you are a Dutch resident, we may need to process your BSN (citizen service number) exclusively where required by law for tax reporting or regulatory compliance purposes. We will never use your BSN for any other purpose. The BSN is subject to strict usage restrictions under the UAVG and the Wet algemene bepalingen burgerservicenummer.
7. Who We Share Your Data With
We may share your personal data with the following categories of recipients, only to the extent necessary for the stated purposes:
Legal advisors and attorneys — including Dr. Judit Márton and other legal professionals involved in your transaction, for the purpose of due diligence, contract drafting and legal compliance.
Notaries — in Hungary and/or the Netherlands, as required for property transfer or company registration.
Accountants and tax advisors — for company administration, tax filings and financial reporting.
Contractors and renovation professionals — limited to the information necessary for renovation project management (property address, scope of work).
Banking and financial institutions — for bank account opening, payment processing and foreign exchange transactions.
Hungarian public authorities — such as the land registry (Földhivatal), the Company Registry (Cégjegyzék), and tax authorities (NAV), where required by law.
Dutch public authorities — such as the Dutch Tax Administration (Belastingdienst) and the Chamber of Commerce (KVK), where required by law.
Email service provider — EmailOctopus (Three Fifteen Ltd, UK), for the purpose of sending our newsletter. EmailOctopus processes data in accordance with the UK GDPR and the EU-UK Trade and Cooperation Agreement.
Website hosting and analytics providers — our website hosting and any analytics tools we use. We ensure all providers offer adequate data protection safeguards.
We do not sell your personal data to any third party. We do not share your data with advertisers.
8. Cookies and Tracking Technologies
Our website uses cookies and similar technologies. We distinguish between the following categories:
Strictly necessary cookies — required for the website to function properly (for example, contact form functionality). These do not require your consent.
Analytics cookies — used to understand how visitors interact with our website. These cookies are only placed after you have given your consent via our cookie banner.
Marketing cookies — if used, these track your activity to deliver relevant content. These cookies are only placed after you have given your explicit consent.
You can manage your cookie preferences at any time through our cookie banner or by adjusting your browser settings. For more information, see our Cookie Notice.
Under the Dutch Telecommunications Act and Hungarian electronic communications law, non-essential cookies require your prior, informed consent.
9. International Data Transfers
As we operate in both the Netherlands and Hungary, your personal data may be transferred between these two countries. Both are EU Member States, so data transfers between them are covered by the GDPR without additional safeguards.
Where we use service providers based outside the European Economic Area (for example, EmailOctopus in the UK), we ensure that appropriate safeguards are in place, such as the EU-UK adequacy decision, Standard Contractual Clauses (SCCs), or other mechanisms permitted under Chapter V of the GDPR.
10. Data Retention
We retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law:
Website visitor data (analytics) — maximum 26 months from collection.
Contact form enquiries (non-clients) — 12 months from our last communication, unless you become a client.
Newsletter subscriber data — until you unsubscribe or withdraw your consent.
Client files — general — 7 years after the end of the client relationship, in accordance with Dutch and Hungarian tax and commercial record-keeping obligations.
AML/KYC documentation — 8 years after the end of the business relationship, as required by anti-money laundering legislation.
Property transaction records — retained as required by Hungarian land registry and financial services regulations.
Company registration records — retained as required by Hungarian Company Act and accounting legislation.
After the applicable retention period, your data is securely deleted or anonymised.
11. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
Right of access — you may request a copy of the personal data we hold about you.
Right to rectification — you may request correction of inaccurate or incomplete data.
Right to erasure ("right to be forgotten") — you may request deletion of your data, subject to legal retention obligations.
Right to restriction — you may request that we limit the processing of your data in certain circumstances.
Right to data portability — you may request to receive your data in a structured, commonly used, machine-readable format.
Right to object — you may object to processing based on legitimate interest or direct marketing at any time.
Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Right not to be subject to automated decision-making — we do not use automated decision-making or profiling that produces legal or similarly significant effects.
To exercise any of these rights, please contact us at maria.balla@ballaconsulting.com. We will respond within one month. In complex cases, we may extend this by a further two months, in which case we will inform you within the initial one-month period.
We may need to verify your identity before fulfilling your request.
12. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted communications (TLS/SSL), access controls limiting data access to authorised personnel, secure storage of physical documents, and regular review of our security practices.
13. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to you, we will also inform you directly without undue delay.
14. Third-Party Links
Our website may contain links to third-party websites or services (for example, scheduling tools, social media platforms). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.
15. Children
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. In the Netherlands, the age of consent for information society services is 16 years under the UAVG.
16. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
17. Supervisory Authorities
If you believe we have processed your personal data unlawfully, you have the right to lodge a complaint with a supervisory authority:
The Netherlands:
Autoriteit Persoonsgegevens (AP)
Website: www.autoriteitpersoonsgegevens.nl
Phone: +31 70 8888 500
Hungary:
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Website: www.naih.hu
Address: 1055 Budapest, Falk Miksa utca 9-11.
Phone: +36 1 391 1400
18. Contact
For any questions about this Privacy Policy or how we handle your personal data, please contact:
Balla Consulting
Maria Balla
Email: maria.balla@ballaconsulting.com
Phone (NL): +31 618 445121
Phone (HU): +36 70 5708972
This Privacy Policy is provided in English. In case of any discrepancy between language versions, the English version prevails. A Dutch (Nederlands) and Hungarian (Magyar) version of this policy is available upon request.
← Back to Home