Data Privacy Policy

I. INTRODUCTION

The purpose of this Privacy Policy is to ensure that persons affected by the provisions of the Act of the European Parliament and of the Council (EU) 2016/679 (April 27, 2016) (hereinafter referred to as “GDPR“) and the Act CXII of 2011 on information self-determination and freedom of information (hereinafter “Info tv.“), to provide prior information on the treatment of the personal data of the affected persons in connection with the www.cityzenoffices.hu and www.cityzenirodahaz.hu website (hereinafter: „Website”) operated by CZ Duna Korlátolt Felelősségű Társaság (Cg: 01-09-300384; tax number: 25990829-2-41) as a data controller (hereinafter: „Data Controller”).

The Data Controller pays particular attention to the compliance of the statutory requirements for the processing of personal data, in particular the provisions of GDPR, in the course of data processing.

The term Affected refers to the person whose personal data are handled by the Data Controller.

II. PERSONALITY AND CONTACT INFORMATION OF THE DATA CONTROLLER

Regarding the data handled for the operation of the Site, the Data Controller is the CZ Duna Korlátolt Felelősségű Társaság. Contact details of the Data Controller:

Headquarters / mailing address: 1134 Budapest, Váci út 37.
Tax number: 25990829-2-41
E-mail availability: office@convergen-ce.com
Registry authority: Fővárosi Törvényszék Cégbírósága
Company registry number: Cg.01-09-300384

The Data Controller does not have a data protection officer.

III. GOVERNING LAW

The Data Controller shall handle data management in accordance with the provisions of the following laws, as it is stated in these regulations:

⦁ Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (data protection regulation, hereinafter: GDPR)

⦁ Act CXII of 2011 on information self-determination and freedom of information

⦁ Act V of 2013 on the Civil Code

⦁ Act I of 2012 on the Labour Code.

IV. INTERPRETATIVE PROVISIONS

The concepts defined in the GDPR, of wich in accordance with this Code, the following terms shall be emphasized:

⦁ peronal data: any information relating to an identified or identifiable natural person (’data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

⦁ data processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

⦁ data controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

⦁ data processor: a natural or legal person, public authority, agency or any other body, which process personal data on behalf of the data controller.

⦁ third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

⦁ filing system: any structured set of personal data which are acessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

⦁ privacy incident: a breach of security leading tot he accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

⦁ representative: a natural or legal person established in the Union who, designated by the controller or processor in writing, represents the controller or processor with regard to their respective obligations under this Data Privacy Policy.

⦁ enterprise: a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.

⦁ data asset inventory: a document for assessing the scope and nature of personal data handled by the data controller.

⦁ technical and organizational measures: taking into account the nature, scope, circumstances and objectives of the data processor and the rights and freedoms of natural persons with the likelihood of a degree of probability and severity in order to ensure and demonstrate that personal data are handled in accordance with GDPR. These measures will be reviewed and, if necessary, updated by the data manager.

V. GENERAL LEGAL BASIS OF DATA MANAGEMENT

Processing of personal data is lawful only if at least one of the legal bases listed below is met:

⦁ The Affected has given a consent to manage its personal information for one or more specific purposes (hereinafter: contribution based data management).

⦁ Data processing is necessary for the performance of a contract in which the party Affected or it is necessary to take action at the request of the person Affected prior to the conclusion of the contract (hereafter: contract-based data processing).

⦁ Data processing is required to fulfill the legal obligations of the data controller (hereinafter: data processing based on legal obligation).

⦁ Data processing is necessary to protect the vital interests of the Affected or another natural person (hereinafter: data processing based on vital interest).

⦁ Data processing is necessary for the performance of a task in the public interest or in the exercise of a public authority license to the data justifiable controller (hereinafter: data processing based on public authority).

⦁ Data processing is necessary to enforce the legitimate interests of the Data Controller or a third party, unless the interests or fundamental rights and freedoms of the data subject that are necessary for the protection of personal data are the priority of those interests, especially if the Affected is a child (hereinafter: legitimate interest-based data processing).

⦁ The Data Controller always handles data management on the basis of a single legal basis for handling a particular personal data field. The legal basis for data handling may change during data handling.

VI. DATA SECURITY

The Data Controller selects and manages the IT tools used to manage personal data in the provision of the service so that the data treated as follows:

⦁ accessible to the entitled person (availability);
⦁ its authenticity and authentication is secured (credibility of data processing);
⦁ its unchangeability is verified (data integrity);
⦁ protected from unauthorized access (confidentiality of data).

The Data Controller protects the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction.

The Data Controller provides technical, organizational and organizational measures to protect the security of data management, providing a level of protection that meets the risks associated with data management.

The Data Controller preserved during the data processing:
⦁ the secrecy: protects the information so that it can only be accessed by those who are entitled to it;
⦁ the integrity: protects the accuracy and completeness of the information and processing method;
⦁ the avaibility: ensures that when the eligible user needs it, the user can actually access the information required and have access to the relevant tools.

VII. LEGAL BASES OF THE DATA MANAGEMENT, PURPOSE, THE RANGE OF DATA PROCESSED, AND DURATION OF DATA PROCESSING

Processed data Purpose of data processing Legal basis for data processing Duration of data processing
1.) By completing the registration form that appears on the website, the Affected provides:
Name (first name, last name)
E-mail address
Providing application, performace of the contract, contact. The data processing is in accordance with Article 6 (1) a) of the GDPR, according to the contribution of the Affected and b) the performance of the contract. Until the consent is withdrawn or until it is necessary for the performance of the contract, but no longer than the termination of the contractual relationship.
2.) For subscribing to a newsletter, the Affected provides:
Name (first name, last name)
E-mail address
Marketing inquiries, sending briefings about new conferences, maintaining the level of service. The Data Controller’s data processing based on Article 6 (1) a) of the GDPR i.e. the contribution of the Affected Until withdrawal of consent, i.e. until the date of termination.

VIII. DATA PROCESSORS, NEWSLETTER

The Data Handler does not transmit personal information provided by the Affiliate to any other person. If this is still necessary, the data may only be transmitted after the prior notification and consent of the Affecteda. An exception to this is the transfer of information to the authority or court to the official request of the court.

When signing up for a newsletter, the Web site will give you the consent of the Affected for marketing inquiries.

You can unsubscribe free of charge from the newsletter via the unsubscribe link in the newsletters or by sending a cancellation request to the email address.

In case of unsubscribe from the newsletter you will be removed from personal data registered with the newsletter and you will no longer receive newsletters and notifications from us.

EDM (e-mail direct marketing) provider (it stores e-mail addresses, names, company names): Campaign Monitor Pty Ltd., Level 38, 201 Elizabeth Street, Sydney NSW 2000, Australia (privacy policy: https://www.campaignmonitor.com/policies/#privacy-policy)

IX. HOSTING PROVIDER

As a web hosting provider, we use the following company:

Name: Media Temple LLC., 6060 Center Drive, Suite 500, Los Angeles, CA 90045, USA (privacy policy: https://mediatemple.net/legal/privacy-policy/)
The parent company of the hosting provider: Go Daddy Operating Company LLC.

it works on a server, of wich backups are made to ensure data security.

Physical storage location: USA and the territory of the EU

X. PROVISIONS IN RESPECT OF COOKIES

We inform you that we use small data files to identify the Affected on the Website (hereinafter: „Cookie”). Cookies are provided by Google, they are used through Google Analytics. By visiting the Website and using certain features of the Website, the Affected consent to the said cookies being stored on the affected computer and accessed by the Data Controller.

The Affected Browser allows you to set and prevent cookie related activities. Please note that in the latter case, without the use of cookies, you may not be able to use all the features of the web site.

The Affected can delete the cookie from the computer and set up the browser to disable cookies.

The Affected may at any time have the right to request information about the data handled by the Data Controller, it is obliged to provide the Affected with the relevant information about the availability and rules regarding the data handling immediately but within a maximum of 15 (fifteen) days, in order to have the following information: the data handled, the purpose of the data, its legal basis, the duration of the data, and for whom and for what purpose it has received or received its data.

Within 20 (twenty) days of filing your application, you will receive a written or electronic receipt depending on the form of request for information. In the case of a paper-based application, we incur any costs incurred.

Considering that the Affected person may object to the handling of your personal information may restrict the processing of data the Data Controller shall restrict the processing of data in accordance with the limitation within 20 (twenty) days, and is required to pass on the information specified in the decision and to provide the Data Controller with appropriate information electronically.

In addition to the above, you can find more information in our “Cookie Policy”.

XI. THE RIGHTS OF THE AFFECTED PERSONS

The Affected may use the following rights by email:

Right to rectify
The Affected may at any time be entitled to request the correction of incorrectly recorded personal data handled by the Data Controller. The Data Controller shall correct any inaccurate personal data relating thereto without delay, and the Data Controller is entitled to request the completion of incomplete personal data.

Right of cancel
The Affected is entitled to request the deletion of personal data processed by the Data Controller, if your consent has been withdrawn, the contractual relationship has been terminated and the deletion does not cover any document which it must retain by the Data Controller as required by law. In the latter case, personal data can not be deleted.

You may only exercise the right to cancel when no purchase or delivery is in progress.

The right to restrict data processing
The Data Controller shall limit the personal data to the Applicant of Affected. If it can be assumed that deletion would harm the legitimate interests of the Affected Person on the basis of the information available to us, personal data must be limited. It must be handled as a limited data as long as there is a data object or legitimate interest that excludes the deletion of personal data.

Right to portability of data
The Affected Person may request that the data handled by the Data Controller be accessed on a data medium or on a paper basis.

Right of withdrawal of consent
The Affected may at any time be entitled to revoke the consent to the processing of your data, in which case the information will be deleted from our systems.

The Data Controller examines user complaints about data management and makes a decision about its validity, which will notify the applicant in writing within 30 (thirty) days at the latest. If the Data Controller fails to comply with the calim of the Affected, it communicates the factual and legal grounds for rejecting the request with the Affiliate.

XII. ENFORCEMENT

If we have violated any statutory provision on data management or have failed to comply with any of your requests, you may initiate an investigation procedure by the Hungarian National Authority for Data Protection and Freedom of Information in order to put an end to improper unlawful data management.

Name: Hungarian National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
Phone: 06-1-391-1400
Fax: 06-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu

In addition, the Affected is entitled to enforce his / her rights before the competent court.

XIII. ADAPTATION, DATA PROCESSING, RANGE OF DATA

Any form of personal data coming to the Data Controller through this Website with the right to use and legal basis the data management employees have access to it.

XIV. OTHER PROVISIONS

In this policy not listed data processing we will give you information when you record the data. We inform our clients that the court, the prosecutor, the investigating authority, the offender authority, the administrative authority, the Hungarian National Authority for Data Protection and Freedom of Information, the National Bank of Hungary, illetőleg with the authorization of the law, other bodies can search the Data Controller to provide information, transmit data or provide documentation.

The Data Controller for the authorities – if the authority indicates the exact purpose and scope of the data – it only publishes personal data to and to the extent necessary to achieve the purpose of the request.

The Data Controller reserves the right to modify this Privacy Policy unilaterally, except for the legal basis and purpose of data processing and the data processed.

XV. ENTRY INTO FORCE

These Data Pricay Policy will enter into force on 18 June, 2018.