Person and activity of the data controller:

Name of data manager: ADRIA Interkulturális Egyesület
                                    ADRIA Intercultural Association

Registered office: 8960 Lenti Harangláb út 36., Hungary

Representative: Éva Lilla Kronauer, chairman

Registration number: 12-02-0002241

Tax number: 19316389-1-20 (EU-VAT: HU19316389)

The data controller is an association (non-governmental organization) registered in Hungary, which operates in Hungary and in countries outside Hungary. Its purpose is to preserve, nurture and promote the cultural heritage and cultural values defined in the statutes.

Purpose of the Policy

The purpose of this Regulation on data management and data protection (hereinafter “the Regulation”) is to ensure that Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals regarding the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (hereinafter: GDPR) and Act CXII of 2011 on the right to information self-determination and freedom of information. Considering that the provisions laid down in Act (hereinafter: Infotv.) ADRIA Interkulturális Egyesület (ADRIA Intercultural Association) (hereinafter referred to as the Association) further establishes the data management and data protection principles and detailed rules concerning personal data and determines the personal data management and data protection policy of the Association.

Personal scope of the regulations

The personal scope of these regulations extends to the membership of the association, non-members using the activities specified in the statutes of the association, as well as natural persons having a contractual legal relationship with the association and natural persons acting on behalf of legal persons.

Material scope of the regulations

The purpose of these regulations is to define and record the provisions, rights and obligations related to the personal data managed by the association, which come to the knowledge and management of the association while performing the activities of the association.

Definitions

  • personal data: any information relating to an identified or identifiable natural person;
  • identifiable natural person: who can be identified, directly or indirectly, in particular by an identifier such as name, number, location data, online identifier or one or more factors;
  • data handling: any operation or set of operations on personal data or files, whether automated or not;
  • data controller: a person as defined in point I, who determines the purposes and means of data processing, either individually or with others;
  • data subject’s consent: a voluntary, specific and well-informed and clear statement of the data subject’s intention to indicate his or her consent to the processing of personal data concerning him or indicates, by means of an unequivocal statement of consent, that he or she consents to the processing of personal data concerning him or her;
  • data protection incident: a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled,
  • data processor : the third body to which the association transfers certain personal data processed by it for the purpose of performing its task.

Principles for the processing of personal data

  • purpose limitation : personal data may only be collected for specified, explicit and legitimate purposes;
  • legality, due process and transparency : the processing of personal data must be carried out lawfully and fairly and in a way that is transparent to the data subject;
  • data saving : they must be appropriate and relevant to the purposes of the processing and must be limited to what is necessary;
  • accuracy : the personal data processed must be accurate and, where necessary, kept up to date;

In its data management, the association acts in accordance with the principles of good faith, fairness and transparency, as defined in detail above.

The association handles only personal data specified by law or provided by natural persons falling within the personal scope of these regulations. The scope of personal data managed by the association is fully proportionate to the purpose of data processing, and in no case extends beyond it.

The purpose of the processing of personal data and data collection

The association processes personal data only for a specific purpose, in order to exercise a right and fulfil an obligation. The association meets the specific and relevant data management purpose at all stages of data management. The collection and processing of personal data is always fair and lawful. In all cases, the association strives to process only and exclusively personal data that is essential for the realization of the purpose of data processing and suitable for achieving the purpose of data processing. Personal data may only be used to the extent and duration necessary to achieve the specific purpose.

Purpose of data processing:

  • facilitating the identification of the data subject, liaising with the data subject, facilitating the exercise of the data subject’s rights and the fulfilment of the data subject’s obligations,
  • fulfilment of the obligations of the association, exercise of the rights affecting the association,
  • full protection of the rights of data subjects.

Use of personal data for different purposes

In all cases where the association, as a data controller, intends to use the personal data managed by it for a purpose other than the purpose of the original data collection, the association shall inform the data subject thereof, except in the case of a breach of interest specified by law; obtains its prior express consent or provides an opportunity for the data subject to prohibit the new use.

Transfer and transfer of personal data to third parties

To fulfil the purpose of data processing, the association may transfer the personal data processed by it to certain persons and organizations for the purpose of data processing.

The association shall not transfer or pass on personal data processed by it to third parties other than these persons or organizations, only with the express consent of the data subject.

An exception to the provision of this section is the use of personal data in a statistically complex form, which cannot be linked to any of the data subjects.

In associations, in case of a request in court, criminal proceedings or other violations, the association makes the personal data processed by it available to the requesting body to the extent necessary.

The association is entitled and obliged to transfer to the competent authorities all personal data available and duly stored by it, which is obliged to transfer personal data by law or a final authority.

The data subject cannot be held liable for the consequences of the transfer as defined above.

The association documents the data transfers in all cases and keeps an electronic register of them.

Legal Basis for Processing Personal Data

In view of the purpose of the association as defined in its statutes and its activities, the legal basis for the association’s data processing under Article 6 (1) (a) GDPR is the express consent of the data subject concerned, based on appropriate information.

The data subject has the right to withdraw his or her consent to the personal data he or she has provided at any time. Withdrawal of consent shall not affect the lawfulness of the data processing prior to the withdrawal.

The association is governed by Article IX of these regulations. Transfers to the persons and entities referred to in paragraph 1 may be made without the specific consent of the data subject.

The legal basis for the association’s personal data processing may also be a substantial legitimate interest of the association. In this case, the association, in accordance with the relevant provisions of the GDPR, carries out a balancing test, which confirms that the processing of the personal data in question is necessary for the legitimate interests of the association and that the rights and freedoms of the data subject, which require the protection of personal data, do not take precedence over these interests.

Stakeholders’ rights and how to enforce them

At the request of the data subject, to properly enforce the data subject’s right of access, the association provides information on the data managed by the data subject, their sources, the purpose, legal basis, duration of the data processing, the circumstances and effects of a possible data protection incident.

The association is obliged to provide the information in a comprehensible form as soon as possible after the submission of the application, but not later than within 25 days, in the form requested by the person concerned. The information is free of charge if the person requesting the information has not yet submitted a request for information for the same data set in the current year, and in other cases reimbursement can be established based on the relevant legislation.

The data subject may request that the personal data of the erroneous person be corrected by the association or request the deletion (“forgetting”) of his personal data, the blocking of his personal data, or protest against the processing of his personal data, except for the data processing prescribed by law. The association shall inform the person concerned of the fact of the cancellation.

The association informs the data subject about the processing of personal data at the same time as the collection of his / her personal data. The data subject has the right at any time to request information on the processing of the personal data of the association.

If the association does not comply with the request for information, rectification, blocking or deletion, the association shall state the reasons for rejecting the request for information, rectification, blocking or deletion within 25 days of receipt of the request. If a request for rectification, blocking or cancellation is rejected, the association shall inform the person concerned of the legal remedies available to him, such as the supervisory authority and the possibility of recourse to the courts.

Personal Data Protection

The association ensures the security of the data and takes the technical and organizational measures, as well as develops the procedural rules necessary to enforce the data protection rules.

The data must be protected by appropriate measures, against unauthorized access, alteration, transmission, disclosure, deletion or destruction, unavailability due to accidental destruction and damage resulting from a change in the technology used.

The data subject shall always consider the state of the art when defining and applying measures for the security of personal data.

The association chooses from several possible data management solutions that provide a higher level of protection of personal data unless this would be a disproportionate burden for the association.

The representatives of other persons, organizations and enterprises involved in the data management related to the association are obliged to keep the disclosed data as a business secret.

During the handling of personal data, the association pays special attention to the implementation of secure data management. Accordingly, it carries out a risk analysis, the results of which determine the specific measures to be taken in the protection of personal data.

Processing of Personal Data

Management of personal data of association membership

Purpose of data processing:

The purpose of the data management related to the membership status of the members of the association is to establish and maintain the membership relationship.

The range of data that can be managed:

  • the name worn by the member
  • name at birth
  • place and date of birth:
  • Nationality
  • Mother’s birth name: [◦]
  • address, place of residence
  • identity document number:
  • phone nr.,
  • electronic contact
  • Commencement of membership:

Legal basis of the data processing:

Voluntary consent of persons pursuant to Article 6 (1) (a) of the GDPR.

Duration of data processing:

5 years from the termination of the membership.

Recording the personal data of non-members using the activities of the association

Purpose of data processing:

The purpose of data management concerning persons who are not members of the association, but who use the activities of the association at the same time, is to enable and maintain the use of the activities of the association by those concerned.

The range of data that can be managed:

  • the name of the person concerned who is not a member,
  • name at birth
  • Place and date of birth:
  • their nationality,
  • mother’s birth name: [◦]
  • address, place of residence,
  • identity document number:
  • phone
  • electronic contact,
  • the beginning and end of the legal relationship to be established or established.

Legal basis of the data processing:

Voluntary consent of persons pursuant to Article 6 (1) (a) of the GDPR.

Duration of data processing:

5 years from the termination of the established legal relationship.

Management of personal data related to the employees of the association

Purpose of data processing:

The purpose of data management related to the employees of the association is to establish and maintain the given employment relationship.

The association may handle the following personal data in connection with the establishment and existence of the employment relationship:

  • Employee name
  • name at birth
  • Place and date of birth:
  • their nationality,
  • Mother’s birth name: [◦]
  • address, place of residence,
  • identity document number:
  • Tax ID number
  • TAJ number:
  • Phone
  • electronic contact,

Legal basis of the data processing:

Pursuant to Article 6 (1) (a) of the GDPR, the voluntary contribution of the data subject.

Duration of data processing:

Only until the existence of the legal relationship, resp. if the data processing is ordered by law, taking into account the provisions of Act V of 2013 on the Civil Code.

Personal data of personal and representatives of other legal relations with the association

Purpose of data processing:

The purpose of data management related to other persons or organizations having a legal relationship with the association is to facilitate the activities of the association.

The range of data that can be managed:

  • the name of the person concerned,
  • address or registered office of the organization on whose behalf he is acting,
  • Phone
  • electronic contact,
  • the beginning and end of the legal relationship to be established or established.

Legal basis of the data processing:

Voluntary consent of persons pursuant to Article 6 (1) (a) of the GDPR.

Duration of data processing:

5 years from the termination of the established legal relationship.

Management of data related to the association’s website

Purpose of data processing:

The website of the association and the information provided by the association can be accessed by any external visitor. During the visit to the website, the website hosting provider records the visitor data to check the operation of the service, prevent abuses and ensure the normal operation. The purpose of the recording is to collect information on the use of the website and to compile traffic statistics.

External service providers on the user’s computer, so-called they place a cookie so that they can have the opportunity to link the user’s current visit with previous ones. The user can reject the request for cookies at any time in the pop-up window on the website.

The range of data that can be managed:

  • date,
  • date,
  • the IP address of the user’s computer,
  • the IP address of the page you are visiting,
  • the IP address of the previously visited page,
  • user operating system information.

Legal basis of the data processing:

Voluntary consent of persons pursuant to Article 6 (1) (a) of the GDPR.

Duration of data processing:

During the period of membership and 5 years thereafter.

Internal register of data transfers by the association

The association is based on Infotv. 25 / E. § keeps a record of the data transfer process electronically.

Data management and data protection and data transfer register

The association is based on paper and stores personal data on a computer network. Paper-based data storage shall only take place in a properly lockable room in such a way that it cannot be accessed or accessed by an unauthorized person.

Personal Data

In the event of any disruption or improper occurrence during the processing of personal data covered by these regulations, the association shall, without undue delay, notify the National Data Protection and Freedom of Information Authority within 72 hours at the latest.

The notification shall include at least the following:

  • identification of the type and nature of the data protection incident, including the categories and approximate number of data subjects,
  • the categories and approximate number of data involved in the data protection incident,
  • the name and contact details of the data protection officer or contact person,
  • the likely consequences of the data protection incident,
  • the measures taken to remedy the data protection incident.

If the data protection incident is likely to pose a high risk to the data subject’s rights and freedoms, the association shall inform the data subject of the occurrence of the data protection incident and, if necessary, of the measures taken to remedy it.

DATA PROTECTION OFFICER

Subject to the provisions of the GDPR on the Data Protection Officer, the Association is not obliged to appoint a Data Protection Officer, as the Association is not a public authority or a public body, its activities do not involve any regular and systematic monitoring of data subjects. the association does not process special data or personal data suitable for establishing criminal liability.

The Data Protection Supervisor

Name of the body: Nemzeti Adatvédelmi és Információszabadság Hivatala (National Office for Data Protection and Freedom of Information)
 Headquarters of the institution: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C.
 Web: www.naih.hu
 Email: ugyfelszolgalat@naih.hu

Hollókő, 25th August 2021, updated on 16.10.2024.