Data management information

 What You Need to Know about BKK Data Management

A private individual has the right to know who uses, where, when and for what purpose their personal data. This is required by the General Data Protection Regulation of the European Union (GDPR), and Act CXII of 2011 on the right to informational self-determination and on the freedom of information ("Privacy Act"). The data controller - in this case BKK - must prepare a data protection information, which contains in detail how it handles users' data.

The purpose of this information

Our aim is to provide you with accurate information about how we handle and protect the personal data you entrust to us. We take the security of your personal data seriously, as you honour us with your trust when you entrust it to us. Here you can find out how we use your personal data and we will also tell you how to contact us if you have any further questions.

What data do we collect and store?

The information we collect about you and how we collect that information depends largely on which services of ours you use. How you contacted us is an important factor as well, even if you are not our customer, or if we process your data that we have received from a third party with your permission.

We collect personal information when:

  • you purchase a service or a (mobile) ticket
  • you make a contract with us
  • you subscribe to our newsletter
  • you contact us (e.g. via telephone or e-mail)
  • you make a complaint
  • we recover penalty fare debts
  • cameras of the ticket vending machines (TVMs) take pictures of you
  • you apply for a job at BKK

We handle your personal data with the following legal bases

  • In connection with a contract or its conclusion

In order for us to enter into a contractual relationship with you, we need to verify your personal data. In addition, we offer services that you can only use under special conditions. In such cases, we must always check the data required for the conclusion of the contract.

  • In order to meet our legal obligations

Your personal data may also be necessary for the fulfilment of our obligations related to taxation and accounting (e.g. when issuing an invoice related to the use of the service). We always handle such information according to strict internal rules.

  • Based on your consent

This includes cases such as when we do not handle your data based on a legal authorisation or obligation but based on your consent. You can withdraw your consent to the processing of your data at any time.

  • In the legitimate interest of BKK

There are cases when data processing is necessary to enforce the legitimate interests of BKK. It is important in such cases that we must pay special attention to the fact that the interests of BKK do not take precedence over your interests and fundamental rights, which necessitate the protection of your personal data.

Why do we need this data?

For instance,

  • so that we can provide you with the right service;
  • for data management necessary for the fulfilment of the contract concluded with BKK;
  • to send marketing (advertising) or other offers by direct inquiry;
  • for contact reasons;
  • for handling complaints;
  • for settling penalty fares;
  • for the protection of human life, physical integrity, personal liberty, the protection of business secrets and the continuous recording of images recorded by an electronic surveillance system for the protection of persons and property;
  • for recruitment and selection processes.

How long do we store your data?

We will only process your personal data for the above purposes and for as long as:

  • we have legal obligation or authority to do so;
  • it is justified in order to fulfil your contract with BKK;
  • you have given us authority to do so;
  • it is strictly necessary for the purpose of data processing.

How do we ensure the protection of your data?

BKK stores personal data in secure server rooms, where appropriate security measures are taken to ensure the protection of this information. Our security staff responsible for data protection and security is constantly reviewing our information security procedures to ensure that your personal information is fully protected.

We cannot be held responsible for any unauthorised access or loss of data beyond our control. If a third-party website is also available from the BKK website, we cannot be held responsible for the content displayed there. However, we are responsible for protecting the personal information you entrust to us and for never sharing it with anyone who is not authorised.

Your rights concerning your processed data

  • Right of rectification

By post to 1075 Budapest, Rumbach Sebestyén utca 19-21., via e-mail to or or in person at one of our Customer Service Centres.

  • Right to access

You can request a copy of your personal data stored at BKK.

  • Right to data portability

You may request your personal data stored at BKK on a data carrier.

  • Right to object

In some justified cases, you may object to the processing of your personal data by BKK.

  • Marketing related inquiries

If you do not want to receive information or offers from us, you can let us know.

  • Right to restriction of processing

If you find any error concerning your personal data handled by BKK or in your opinion we are not authorised to handle it, please feel free to contact us.

  • Right to erasure

In some cases you may request the deletion of your personal data.

Complaints concerning data management

You can make a complaint about the handling of your personal data in the following ways:

  • at BKK (you can reach our data protection officer at the e-mail address or by sending a letter to: 19-21, Rumbach Sebestyén utca, 1075 Budapest);
  • in court
  • at National Authority for Data Protection and Freedom of Information (NAIH).

You can access our data management information at the following links (in Hungarian):

BKK’s data management information currently in effect in PDF-format (0,2 MB)

BKK’s data management information in PDF-format (0,5 MB)

MOL Bubi data management information in PDF-format (0,9 MB)

Data management information concerning mobile ticket in PDF-format (1,0 MB)

Data management information concerning job applications in PDF-format (0,8 MB)


A cookie is a data package consisting of letters and numbers which websites usually send to your browser in order to save certain settings, to make the website easier to use and to contribute to the collection of some relevant statistical information about visitors. Cookies do not contain personal information and are not suitable for identifying the user. Cookies often contain a unique identifier – a secret, randomly generated sequence of numbers – that your device stores. Some cookies expire after you close the website, and some are stored on your computer for a longer period of time.

You can block all cookie-related activities, delete data files from previous visits: for the exact way to do so, please consult your browser’s guide, which can be found on the following pages:

Managing cookies and site data in Chrome,

Information about cookies for Firefox,

Managing cookies in Internet Explorer and Edge.

When you download parts of the website, the traffic analysis software we use (Google Analytics, operated by Google Inc. (“Google”)) automatically places small data files – in some cases containing your personal information – on your computer. You will be notified of this in accordance with current regulations when you first visit the site, and we ask for your approval. Data files are necessary for the operation of certain functions of the website, the information from previous data files received during your visits is sent to the operator. You can get information about the exact name (_ga, _gat, _gid) and function of these data files on this page. Google Analytics stores the IP number received through the browser anonymously and cannot connect it to the user. It keeps the data for 26 months, and this time period starts over if a new event occurs in connection with the user (e.g. he or she starts a new session).

If you want to prevent Google Analytics from adding your visit to the analytics on any webpage, use this extension, which is available for any browser.

Google also uses cookies ("DSID", "IDE", "NID") to connect the user's activities on different devices if the user has previously logged in to his/her Google Account on them. It does this to coordinate the ads that appear to the user across devices and to measure conversion events. If you don't want Google ads to appear in a coordinated way across your devices, you can use the Ad Settings to turn off ad personalisation.



Data protection information concerning the cookies used is summarised in the tables below:


Cookies ensuring basic operation


Legal basis for data management

Purpose of data management

Duration of data management

Scope of managed data

Legitimate interest

To ensure website’s proper functioning

Workflow cookies:

until the end of visitor workflow


Legitimate interest

Acceptance status of data management policy

1 week


Legitimate interest

Stored in case of unsupported browsers

until the end of visitor workflow


Legitimate interest

Colour scheme of accessible portal

1 week


Legitimate interest

Storage of current states of login interfaces on the page

1 week after last login


Legitimate interest

Cookie required for the operation of Instagram references embedded on the page.

Please click here to view the descriptions of the individual cookies.

Legitimate interest

Cookie required for the operation of Facebook references embedded on the page.

Please click here to view the descriptions of the individual cookies.

Legitimate interest

Cookie required for the operation of Youtube references embedded on the page.

Please click here to view the descriptions of the individual cookies.



Statistics related cookies


Legal basis for data management

Purpose of data management

Duration of data management

Scope of managed data

Your consent

To collect information on how visitors use the website

Depending on the cookie:

  • until the end of workflow,
  • 2 years
  • 24 hours
  • 1 minute
  • 90 days

Google Analytics code

  • _ga
  • _gid
  • _gat

Please click  here to view the descriptions of the individual cookies


If you believe that BKK has processed your data illegally, you are entitled, without prejudice to any administrative or judicial remedies, to file a complaint with a supervisory authority, especially in the Member State of your normal residence or workplace or of the alleged infringement, in case in your opinion the management of your personal data infringes the GDPR. This authority in Hungary is the National Authority for Data Protection and Freedom of Information (NAIH) located at 1055 Budapest, Falk Miksa utca 9-11., postal address: 1363 Budapest, Pf. 9., e-mail:, phone :+36 1 391-1400, fax.:+36 (1) 391-1410, website:


You can also start a civil lawsuit against BKK. It is for the General Court to decide on the lawsuit. The lawsuit can be launched primarily at the Budapest General Court, which is competent based on the location of BKK’s registered company seat, or at the general court competent at your place of residence.


Detailed information on BKK’s data management activity is found at


If you have further questions about data management and data protection, please send them by e-mail to

Downloadable documents(3)

BudapestGO Privacy Policypdf237.47 kb2023.11.03. 09:54

BKK Online Customer Feedback Interface_ Privacy Policypdf189.14 kb2023.05.24. 10:56

Data management information_TVMpdf168.69 kb2023.06.28. 16:35