Privacy notice

The organiser of the CONTACT Conferences (hereinafter referred to as "CONTACT") is Protocall 2009 Web- und Telemarketing Kft. (hereinafter referred to as "Protocall") and Goodevent Rendezényszervező Kft. (hereinafter referred to as "Goodevent" and together hereinafter referred to as the "Organisers"), as the www.contactconferences.com and the www.contactconferences.hu  The operator of this website (hereinafter referred to as the "Website") hereby describes the rules, data protection, data management principles and information on data management related to the registration for the Contact Customer Service Conference and other CONTACT-related professional events and training courses (hereinafter referred to as the "Event") advertised via the Website.

 

By registering on the Website, the registering user (hereinafter referred to as "User") acknowledges all the terms and conditions set out in this Privacy Policy (hereinafter referred to as "Policy"), and is therefore kindly requested to read this Policy carefully before registering. Only persons over the age of 16 are entitled to submit data on the Website.

 

  1. Data of the Data Controller

The data controller is Protocall, the owner of CONTACT Conferences, and Goodevent, as the organiser of the Event, is referred to in this notice as the "Data Controller".

Protocall 2009 Web- und Telemarketing Kft.

  • Registered office: 2724 Újlengyel, Ady Endre utca 41.
  • Represented by: Károly Szőke
  • Your email address: protocall@protocall.hu

Goodevent Rendezvényszervező Kft

  • Registered office: 1165 Budapest, Timur utca 74.
  • Represented by: Ildikó Bodóczi
  • Your email address: info@goodevent.hu
 
 
  1. Scope of data processed

2/1. When registering for an event When registering for a conference advertised on the Website, the following data can be provided (data marked with * are mandatory): - full name of the participant*;

  • participant's telephone number*,
  • Participant email address*;
  • company name*;
  • billing address*;
  • ticket type*;
  • coupon code data;
  • the data in note;
  • notification data;
  • payment method*. In the case of payment by bank card (SimplePay Payment Service (hereinafter "SimplePay")), the Data Controller records the following data:
  • transaction ID - required for completion;
  • transaction status - required for completion;
  • amount paid - necessary for performance.

The OTP Mobil Korlátolt Felelősségű Társaság

head office: 1093 Budapest, Közraktár utca 30- 32;

cégjegyzékszáma: Cg.01-09-174466;

ugyfelszolgalat@simple.hu;

+36 1/20/30/70 3-666- 611; hereinafter referred to as OTP Mobil Kft., as the operator of SimplePay, processes the following data in order to process the payment transaction:

  • name;
  • phone number;
  • e-mail address;
  • transaction amount;
  • IP address;
  • the date and time of the transaction;
  • delivery address;
  • billing address.

Purpose of data processing: authorization of payment transactions in SimplePay, processing of payment transactions in SimplePay, monitoring and prevention of payment fraud in SimplePay. By using SimplePay, the User accepts the terms of use of OTP Mobil Kft., which are available at the following link: https://simplepay.hu/vasarlo-aff The Data Controller declares that in the case of payment by credit card, it does not process any card data necessary for the payment transaction, it does not have access to these data in any way, they are processed by OTP Mobil Kft. providing the possibility of credit card payment. The data processing policy of OTP Mobil Kft. is available at the following link: http://simplepay.hu/vasarlo-aff.

 

2/2. Newsletter subscription:

On the Website, the User has the possibility to subscribe to the newsletter of the Data Controller during registration. When subscribing to the newsletter, the Data Controller processes the following personal data of the User:

  • full name;
  • company name;
  • e-mail address;
  • phone number;
  • titulus;
  • the data in note.

The Data Controller carries out profiling, which is any form of automated processing of personal data whereby personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with the economic situation, personal preferences, interests, location or movements of a natural person, in order to send a newsletter tailored to the interests of the persons who subscribe to the newsletter.

 

 

  1. Purpose of the processing

The Data Controller uses the data for the following purpose(s):

  • Registration for an event

Recording registrations, registering the data of applicants, fulfilling applications, managing tasks related to the payment of participation fees, invoicing, and maintaining contact with Users in relation to the Event.

 

  • Newsletter subscription

To send an electronic newsletter, direct marketing or marketing message - using the data processed in the profiling process according to profiles, groups and parameters automatically set for them - targeted to the e-mail address provided by the User, or to present said advertising message by telephone, SMS, MMS or other electronic channel (collectively, the "Newsletter"), for advertising purposes, about products, offers, services, promotions and competitions related to the Data Controller.

 

  1. Duration of processing

The Controller shall process personal data for the duration of the purpose of the processing, for the period necessary to achieve the purpose of the processing, in particular for the duration of the legal relationship with the User, or for the period specified in the legislation imposing mandatory processing. The personal data shall be deleted at the same time as the purpose of the processing ceases to exist or, subject to the conditions laid down in the data protection regulations, without undue delay in the event of the User's request, request for the deletion of his/her data or withdrawal of his/her consent, except for the data that the Data Controller is obliged to keep. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal. In order to comply with the retention obligation of the Data Controller, the Data Controller shall retain the User's data contained in the accounting voucher for a period of 8 years, solely for the purpose of fulfilling the accounting obligation, pursuant to Section 169 of Act C of 2000 on Accounting (hereinafter: the Act on Accounting). The Data Controller shall process the personal data of subscribers to the newsletter for the purposes set out in the newsletter subscription section of this Prospectus until the subscribers' consent is withdrawn.

  1. Legal basis for processing personal data

By registering for the Event, Users consent to the Controller processing their personal data. The processing of personal data is based on the User's voluntary consent given in the light of this information. The User is entitled to withdraw his/her consent to the processing of personal data. Pursuant to Section 169 of the Act on the Supervision of the Processing of Personal Data, the Controller is obliged to keep the User's data contained in the accounting records for 8 years, solely for the purpose of fulfilling the accounting obligation. If Users do not provide their own personal data, the data provider is obliged to duly inform the data subject and obtain his/her consent.

 

  1. Who has access to personal data, processing of data

The Data Controller and its employees who have access rights related to the purpose of the processing, as well as the Data Processors it uses, are entitled to access the personal data in accordance with the applicable legislation. The Data Controller shall grant access to the extent strictly necessary for the performance of its activities. The Data Controller shall not use any processor acting on behalf of the Data Controller for the processing of the data. The Data Controller reserves the right to involve processors in the future, which it will inform Users of by amending this Notice. In the absence of an express legal provision, the Data Controller shall only disclose personally identifiable data to third parties with the express consent of the User concerned.

 

  1. Rights of the User

Pursuant to the law, the User has the right at any time to request access to, rectification, erasure or restriction of processing of his/her data, to object to the processing of personal data and to receive the data in a portable format. The Data Controller shall examine the request for the exercise of the rights submitted by the User within the shortest possible period of time from the date of submission, but not later than 25 days, and shall notify its decision in writing or, if the User has submitted the request electronically, by electronic means. The User may submit a request for access using the contact details set out in point 1.

  • Access to personal data

The Data Controller shall, at the User's request, inform the User whether the Data Controller is processing his/her personal data and, if so, give him/her access to the personal data and inform him/her of the following information:

  • the purpose(s) of the processing;
  • the types of personal data concerned by the processing;
  • the legal basis and recipient(s) of the transfer of the User's personal data;
  • the intended duration of the processing;
  • the User's rights in relation to the rectification, erasure and restriction of processing of personal data and the right to object to the processing of personal data;
  • the possibility to appeal to the Authority;
  • the source of the data;
  • the names and addresses of the data processors and their activities in relation to data processing.

The Data Controller shall provide the User with a copy of the personal data subject to processing free of charge. For additional copies requested by the User, the Controller may charge a reasonable fee based on administrative costs. If the User has made the request by electronic means, the information shall be provided in a commonly used electronic format, unless the data subject requests otherwise.

  • Correction of processed data

The User has the right to request the Controller (using the contact details specified in point 1) to correct inaccurate personal data or to complete incomplete data (indicating the correct data), taking into account the purpose of processing, by proving his/her identity. The controller shall make the rectification in its records without undue delay and shall notify the data subject in writing of the rectification.

  • Deleting processed data

The User may request that the Data Controller delete personal data concerning him or her without undue delay and the Data Controller shall be obliged to delete personal data concerning the data subject without undue delay if one of the following grounds applies:

  1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. the User withdraws his/her consent and there is no other legal basis for the processing;
  3. the User objects to the processing of their personal data;
  4. the processing of personal data was unlawful;
  5. the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
  6. personal data are collected on the basis of consent in connection with the provision of information society services to children. If the Data Controller has disclosed (made available to third parties) the personal data and is obliged to delete it pursuant to the above, it shall take reasonable steps and measures, taking into account the available technology and the cost of implementation, to inform the data controllers processing the personal data concerned that the User has requested the deletion of the links to the personal data in question or of a copy or duplicate of such personal data.

Personal data need not be deleted where processing is necessary:

  • to exercise the right to freedom of expression and information;
  • for the purposes of complying with an obligation under Union or Member State law to which the controller is subject to which the processing of personal data is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • on grounds of public interest in the field of public health;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, where the right of erasure would be likely to render such processing impossible or seriously jeopardise it; or
  • to bring, enforce or defend legal claims.
  • Limitation of data processed

The User is entitled to have the Data Controller restrict the processing of personal data instead of rectifying or erasing it, if one of the following conditions is met:

  • the User contests the accuracy of the personal data, in which case the restriction applies for the period of time that allows the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the User opposes the deletion of the data and instead requests the restriction of their use;
  • the Controller no longer needs the personal data for the purposes of processing, but the User requires them for the establishment, exercise or defence of legal claims; or
  • the User has objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller prevail over those of the data subject. Where processing is subject to restriction, such personal data, except for storage, may only be processed with the consent of the User or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State. The Data Controller shall inform the User at whose request the processing has been restricted in advance of the lifting of the restriction on processing.
  • Obligation to notify the rectification or erasure of personal data or restriction of processing

The Data Controller shall inform any recipient to whom or with which the personal data have been disclosed of the rectification, erasure or restriction of processing of the personal data, unless this proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the User of these recipients.

  • Right to object

The User may object to the processing of his or her personal data if the processing.

  • is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • necessary for the purposes of the legitimate interests pursued by the Controller or a third party. If the User objects, the Controller may no longer process the personal data unless the User demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User or for the establishment, exercise or defence of legal claims.

If the processing of personal data is carried out for direct marketing purposes, the User has the right to object at any time to the processing of personal data concerning him/her for such purposes, including profiling, if it is related to direct marketing (Newsletter). If the User objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for such purposes.

 

  • Right to data portability

The User has the right to receive personal data concerning him/her provided to the Data Controller in a structured, commonly used, machine-readable format, if technically feasible, if the processing is based on consent and the processing is automated. The right to data portability under this point does not create an obligation for controllers to implement or maintain technically compatible data management systems.

  • Enforcement of User Rights

The Data Controller shall inform the User without undue delay, but no later than 25 days from the receipt of the request, of the measures taken following the request for access, rectification, erasure, restriction, objection and portability. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months. The Data Controller shall inform the User of the extension of the time limit, stating the reasons for the delay, within one month of receipt of the request. If the User has submitted the request by electronic means, the information shall be provided by electronic means where possible, unless the data subject requests otherwise. If the Data Controller does not take action on the User's request, it shall inform the User without delay and at the latest within 25 days of receipt of the request of the reasons for the failure to act and of the right to lodge a complaint with a supervisory authority and to seek judicial remedy. At the User's request, the information, the information and the action taken on the basis of the request shall be provided free of charge. Where the User's request is manifestly unfounded or excessive, in particular because of its repetitive nature, the Controller may, taking into account the administrative costs of providing the requested information or information or of taking the requested action, charge a reasonable fee or refuse to act on the request. The burden of proving that the request is manifestly unfounded or excessive shall lie with the Controller.

  1. Data security

The Data Controller undertakes to ensure the security of the data, to take technical and organisational measures and to establish procedural rules to ensure that the data recorded, stored or processed are protected and to prevent their destruction, unauthorised use or unauthorised alteration. It also undertakes to require all third parties to whom it transfers or discloses data on the basis of the consent of the Users to comply with the requirement of data security. The Data Controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorised persons. The processed data may only be accessed by the Data Controller, its employees and its Data Processor(s) and shall not be disclosed by the Data Controller to any third party not entitled to access the data. The Data Controller shall make every effort to ensure that the data are not accidentally damaged or destroyed. The Data Controller shall impose the above undertaking on its employees involved in the processing activity. The User acknowledges and accepts that, in the event of providing his/her personal data on the Website, despite the fact that the Data Controller has state-of-the-art security measures in place to prevent unauthorised access to or the disclosure of such data, the protection of such data on the Internet cannot be fully guaranteed. In the event of unauthorised access or disclosure of data despite our efforts, the Data Controller shall not be liable for any such acquisition or unauthorised access or for any damage suffered by the User as a result thereof. In addition, the above shall also apply if the User provides his/her personal data to third parties who may use it for unlawful purposes or in unlawful ways. Under no circumstances will the Data Controller collect sensitive data, i.e. data concerning racial or ethnic origin, membership of national or ethnic minorities, political opinions or party affiliations, religious or philosophical beliefs, membership of representative organisations, health, pathological addiction, sexual life or criminal records. For data security reasons, it is important that when using the Internet in public places on shared computers, you should always log out of the Website after use. If you are visiting our Site from your own computer, you may remain logged in for a period of time, depending on your application. Again, please exercise caution to ensure that strangers do not have access to your computer and are not able to carry out transactions on your behalf.

  1. Handling and reporting data breaches

A personal data breach is any event that results in the unlawful processing or treatment of personal data processed, transmitted, stored or handled by the Data Controller, in particular unauthorised or accidental access, alteration, disclosure, deletion, loss or destruction, accidental destruction or accidental damage to personal data. The Data Controller shall notify the Data Protection Incident to the National Authority for the Protection of Individuals with regard to the processing of Personal Data (hereinafter referred to as the "NPAIH") without undue delay and no later than 72 hours after becoming aware of the Data Protection Incident, unless the Data Controller can demonstrate that the Data Protection Incident is unlikely to pose a risk to the rights and freedoms of natural persons. If the notification cannot be made within 72 hours, it shall state the reason for the delay and may provide the required information in detail without further undue delay. The notification to the NAIH shall contain at least the following information:

  • the nature of the personal data breach, the number and category of data subjects and personal data;
  • Name and contact details of the data controller;
  • the likely consequences of the data breach;
  • the measures taken or envisaged to manage, prevent or remedy the personal data breach. If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the data subjects must be notified without undue delay, which the DPO is obliged to do. The Data Controller shall inform data subjects of the personal data breach within 72 hours of the discovery of the personal data breach through the Data Controller's website. The notification shall contain at least the information specified in this point. The Data Controller shall keep records of the personal data breach for the purposes of monitoring the measures taken in relation to the personal data breach and informing the data subjects. The register shall contain the following data:
  • the scope of the personal data concerned;
  • the range and number of persons concerned;
  • the date of the data breach;
  • the circumstances and effects of the data breach;
  • the measures taken to respond to the data breach.
 
 
  1. Enforcement options

The Data Controller will make every effort to ensure that the processing of personal data is carried out in accordance with the law, if you feel that we have not complied with this, please write to us at info@goodevent.hu or at the postal address at 1162 Timur utca 74, Budapest.

 

  • Right to a public remedy

The User has the right to request an investigation by the supervisory authority if he/she considers that the exercise of his/her rights in relation to his/her personal data is restricted by the Data Controller or his/her request for the exercise of these rights is rejected, or if the User considers at any time that a violation of his/her rights has occurred or is imminent in relation to the processing of his/her personal data.

Contact details of the Hungarian National Authority for Data Protection and Freedom of Information:

Head office: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.

Postal address: 1530 Budapest, Pf. 5

Telephone: +36 1 391 1400 Fax: +36 1 391 1410

E-mail: ugyfelszolgalat@naih.hu

Web: naih.hu

The National Media and Infocommunications Authority is responsible for advertising sent by electronic means, and the detailed regulations can be found in Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information and Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.

  • Right to judicial remedy

In addition to the above, the User shall have the right to a judicial remedy at any time against a legally binding decision of the supervisory authority concerning the User, and if the competent supervisory authority does not deal with the complaint or does not inform the User within three months of the procedural developments concerning the complaint or its outcome. The User may also have recourse to the courts if he/she considers that the Controller or a processor acting on his/her behalf or under his/her instructions is processing his/her personal data in breach of the provisions on the processing of personal data laid down by law or by a legally binding act of the European Union.

  1. Other provisions

This Information Notice is governed by Hungarian law, in particular by the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC.

en_USEN