‘AI Forum Hungary’ Conference
Name: CSNSC Szolgáltató Korlátolt Felelősségű Társaság (hereinafter: „Data Controller”)
Registered seat: H-1062 Budapest, Aradi utca 11, 2nd floor 1, Hungary
Company reg.no.: Cg. 01-09-297825
Contact person: dr. Ágnes Martony, managing director
Legal regulations underlying the data processing are particularly the following:
- Act CXII of 2011 on the Right of Informational Self-Determination and on the Freedom of Information („Information Act”);
- Regulation (EU) 2016/679/EU of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC („GDPR”);
- Act V of 2013 on the Civil Code („Civil Code”);
- Act C of 2000 on Accounting („Accounting Act”);
- Act XLVIII of 2008 on the fundamental conditions and certain limitations of the business marketing activity; and
- Act CVIII of 2001 on the electronic trading services and certain issues of the services in connection with the information society.
Data Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Data Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
Direct marketing activities: the ensemble of those information activities and complementary services using direct marketing strategies, the purpose of which are the recommendation of products and services to data subjects, transmission of advertisements and news letters in order to facilitate transactions.
EDM: electronic messages facilitating the sale of products and services.
Supervisory authorityor NAIH: Nemzeti Adatvédelmi és Információszabadság Hatóság being the Hungarian supervisory authority in respect of data protection issues.
Participants: natural persons registering for the Conference, including those being interested in the Conference regardless whether they actually settle the registration fees and/or take part in the Conference.
Personal Data: means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Data Controller processes the following Personal Data in connection with the organization of the Conference.
|Scope of processed data||The Participants’:
· e-mail address;
· telephone number;
· bank account details in connection with the settlement of the registration fee of the Conference; and;
· in case the Participant is entitled to student price or pensioner price, the fact of such entitlement.
|Purpose of Data Processing||The purposes of Data Processing of the above Personal Data are as follows:
· registration of the Participants;
· communication with the Participants;
· determining the entitlement for student or pensioner price;
· the compliance with accounting legal obligation, which Data Controller is subject to (particularly the issuance of invoices if registration fee is paid);
|Legal basis of Data Processing||Legal basis for each Data Processing is as follows:
· Participants’ registration: consent of the Participant [point a) of paragraph (1) of Article 6 of the GDPR)];
· payment of the registration fee of the Conference: performance of a contract [point b) of paragraph (1) of Article 6 of the GDPR)], including the settlement of potential legal disputes arising from or in connection of thereof;
· invoicing: the compliance with a legal obligation to which the Data Controller is subject [point c) of paragraph (1) of Article 6 of the GDPR)], namely, the compliance with the obligation to issue an invoice in accordance with Sections 165-166 of the Accounting Act;
· Direct marketing activities / EDM transmission, incl. the transfer of Personal Data for this purpose: consent of the Participant [point a) of paragraph (1) of Article 6 of the GDPR)].
|Duration of Data Processing||Duration of each Data Processing is as follows:
· Personal Data of the Participants given in the course of the registration may be processed until the withdrawal of the consent but no longer than 2 (two) years;
· Personal Data of the Participants obtained in the course of the payment of the registration fee of the Conference and invoicing may be processed for 8 (eight) years of the date of the relevant invoice;
· Personal Data of the Participants used for Direct marketing activities / EDM transmission may be processed until the withdrawal of the consent but no longer than 10 (ten) years.
|Source of Personal Data||The Participants give their Personal Data in the course of their registration.|
|Data Processor||Data Controller does not involve any Data Processor having access to Personal Data during the Data Processing.
|Transfer of Personal Data / Persons that may have access to Personal Data||Data Controller may transfer Personal Data to the following persons/organizations:
· In case the Participant has given his/her consent to the transfer of his/her Personal Data (name, e-mail address) to The Centre for the Study of New Security Challenges Ltd. (registered seat: 20 Morningside Gardens, Edinburgh, EH105LE, UK), a company established in the United Kingdom, which company would like to carry out Direct marketing activities in the future.
· In case the Participant has given his/her consent to the transfer of his/her Personal Data (name, e-mail address) for the purpose of Direct marketing activities: to PricewaterhouseCoopers Magyarország Korlátolt Felelősségű Társaság (registered seat: H-1055 Budapest, Bajcsy-Zsilinszky út 78, Hungary; company reg. number: Cg. 01-09-961102), and/or to National University of Public Service, National Security Institute (H-1083 Budapest, Ludovika t. 2, Hungary), and/or to Moholy-Nagy University of Art and Design (H-1111 Budapest, Bertalan Lajos u. 2, Hungary).
· In order to fulfil accounting legal obligations (i.e. issuance of invoice) (name, address, bank account details): NPV-2000 Ügyviteli Korlátolt Felelősségű Társaság(registered seat: H-1181 Budapest, Csontváry Kosztka Tivadar utca 45, 2nd floor 4; company reg. number: Cg. 01-09-732155).
· In the case of fiscal control: the Hungarian Tax Authority.
In the case of data transfer further Data Processing shall be carried out by the above persons/organizations who shall be solely responsible for it.
The Participants shall have the right to request for information on the processing of their Personal Data (incl. the purpose, legal basis, scope, duration of each Data Processing, and the transfer of Personal Data).
The request for information may be sent to the contact details of the Data Controller set out in section 1. The Data Controller shall provide the information within 30 (thirty) days.
- Right to access to personal data
The Participants shall have the right to access to their Personal Data at any time during the Data Processing.
The request for access may be sent to the contact details of the Data Controller set out in section 1. Data Controller shall fulfil the request within 30 (thirty) days.
- Right to rectification
The Participants shall have the right to rectification. Data Controller shall rectify the inaccurate personal data or complete the incomplete Personal Data upon the Participant’s request..
The request for rectification may be sent to the contact details of the Data Controller set out in section 1. Data Controller shall fulfil the request within 30 (thirty) days.
- Right to erasure
The Participant may have the right to erase his/her Personal Data subject to the following conditions:
- Data Controller processes the relevant Personal Data; and
- the Participant requests for the erasure of his/her Personal Data; and
- the Personal Data in question are no longer necessary in relation to the purposes for which those are processed.
The request for erasure may be sent to the contact details of the Data Controller set out in section 1. Data Controller shall fulfil the request without undue delay.
- Right to restriction of data processing
The Participant shall have the right to request for the restriction of processing of his/her Personal Data in the following cases.
Data Controller shall restrict the processing of Personal Data for a period enabling Data Controller to verify the accuracy of those Personal Data, if the accuracy of the Personal Data is contested by the Participant.
Data Controller shall restrict the processing of Personal Data if the Data Processing is unlawful and the Participant opposes the erasure of the Personal Data but requests the restriction of the use of those Personal Data instead.
Data Controller shall restrict the processing of Personal Data, if Data Controller no longer needs the Personal Data for the purposes of the Data Processing in question but the Participant requires the storage of the relevant Personal Data for the establishment, exercise or defence of his/her legal claims.
If Data Controller restricts the processing of Personal Data, then Data Controller may:
(a) store the relevant Personal Data;
(b) process the relevant Personal Data on the basis of the Participant’s consent; or
(c) process the relevant Personal Data for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.
The request for restriction may be sent to the contact details of the Data Controller set out in section 1. Data Controller shall fulfil the request without undue delay.
Data Controller shall handle the Personal Data confidentially and shall make any and all security, technical and organizational measures that serve and guarantee the security of Personal Data.
Data Controller shall ensure, among its tasks regarding IT protection of data stored electronically, particularly the following:
- protection against unlawful access (IT and physical protection of software and hardware);
- possibility to repair data records (i.e. regular back-up and safety handling of copies);
- protection against viruses;
- physical protection of data records and data carriers (i.e. protection against fire and water damage, lighting, natural forces other than storm, etc.).
Data Controller shall make all measures for the protection of data stored in the form of hard copy documents (physical safety, locked storage facilities, protection against fire).
- Personal data breach
Personal Data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
Data Controller’s Personal Data Breach Policy shall apply to handle such events.
- Right to file a complaint
If any Participant believes that his/her rights have been violated, Data Controller recommends that consultations should be initiated with Data Controller by contacting any contact details indicated in section 1 above or the Participant may turn to the court or NAIH being the supervisory authority in Hungary. In case of initiating court proceedings, the Participant may decide to initiate the proceedings before the court of jurisdiction as of his/her permanent residence.
The contact details of NAIH are as follows: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C, Hungary; phone number: +36 1 391 1400; fax number: +36 1 391 1410; e-mail: firstname.lastname@example.org; website: www.naih.hu.