Information on joint data management for the newsletter
Digital Tourism Agency
The Rocket Science Group LLC (MailChimp)
Dear Subscriber!
By accepting this Privacy Notice, you consent to the joint access, processing and storage of your personal data by the data controllers identified below. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation) (hereinafter "GDPR") and Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter "the Information Act") shall apply to the processing of your personal data. - The provisions of the Privacy and Information Protection Act (CISO), as amended from time to time, and of the Privacy and Information Privacy Act (CISO), as amended.
Below you will find details of how we will process your personal data if you give your consent.
Shared data controllers:
The Rocket Science Group LLC (MailChimp) (hereinafter referred to as "the Company")
- Location: 675 Ponce De Leon Ave NE Ste 5000 Atlanta, GA, 30308-2172 United States
- törvényes képviselő: Ben Chestnut
Digital Tourism Agency, abbreviated as DT (hereinafter referred to as the "Agency")
- Location: 1168 Budapest, Városligeti fasor 24. fszt. 1.
- legal representative: Rasztovits Dávid
joint data protection officer:
- e-mail address: info@digitalisturizmus.hu
Company and Agency hereinafter referred to as: "Data Controllers".
Principles of Data Management:
The Data Controllers will only process the personal data of subscribers in accordance with the following principles. The processing must comply with these principles at all stages of the processing.
purpose limitation: personal data may only be processed for specified, explicit and legitimate purposes and not in ways incompatible with those purposes;
proportionality, necessity, data economy: only data that is necessary and relevant for the purposes for which it is collected;
legality, fairness, transparency: the processing must comply with the laws in force and serve a legitimate purpose and, in addition, must be carried out fairly and without prejudice to the privacy and rights of data subjects;
pontosság: the data must be accurate and up to date, and all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or rectified without undue delay;
limited shelf life: personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
the principles of integrity and confidentiality: personal data must be processed in such a way as to ensure adequate protection of personal data against unauthorised or unlawful processing, accidental loss, destruction or damage, including by appropriate technical or organisational measures;
the principle of accountability: data controllers are responsible for compliance with the data management principles and must be able to demonstrate such compliance.
Scope, purpose, legal basis and duration of the data processed
The Data Controllers maintain a newsletter database in which the data of the persons subscribed to the newsletter are stored. In summary, in the case of data related to the newsletter, the purpose of the processing is to promote the services and events of the Data Controller, to use them for commercial purposes, to inform the data subjects about upcoming programmes, professional events, important information and news, and to send marketing messages to the data subjects for its own marketing activities.
The legal basis for processing is always the consent of the data subject (Article 6(1)(a) GDPR). Consent is always given voluntarily and the data subject will not suffer any disadvantage if it is not given. However, in the absence of consent, the Data Controllers are not able to inform the data subject of any information, news or events. In such a case, the data subject can obtain information from the website.
Data controllers store personal data until consent is withdrawn. Withdrawal of consent is possible by info@digitalisturizmus.hu by sending a letter to the e-mail address, by post to 1168 Budapest, Városligeti fasor 24. fszt. 1., or on the website in the newsletter tab or by clicking on the unsubscribe button in the newsletter itself.
Data transmission
The Data Controllers do not transfer data, the personal data of the Subscribers are only transferred to the competent authorities, if necessary, within the framework of the legal reporting and data provision obligations. Should a transfer outside this scope occur in the future, the Data Controller will immediately notify and duly inform the Subscriber.
Who has access to personal data
On the part of the Data Controllers, the personal data of the data subjects may be accessed by the Data Controllers' legal representatives and by the employees of the Data Controllers in charge of maintaining contact and sending out newsletters, in order to fulfil their duties.
Data security
Data Controllers undertake to ensure the security of the personal data they process. Data controllers shall store personal data in electronic form on a dedicated server and in paper form in a lockable filing cabinet. The Data Controllers shall, taking into account the state of the art and the cost of implementation, the nature, scope, context and purposes of the processing and the varying degrees of probability and severity of the risk to the rights and freedoms of natural persons, take all technical and organisational measures necessary to ensure that the data recorded, stored or processed are protected and to prevent their destruction, unauthorised use or alteration. The Data Controllers shall protect the IT systems with firewalls and use antivirus and anti-virus software to prevent external and internal data losses.
Rights of the data subject
Exercise of rights
The exercise of the data subject rights listed below can be initiated by sending a letter or e-mail to one of the above contact details of the Data Controllers. The Data Controllers will inform the data subject of the action taken on the request within one month of receipt of the request. Where necessary, taking into account the complexity of the request and the
applications, this deadline may be extended by a further two months. The Data Controllers shall inform the data subject of the extension of the time limit by electronic means within one month of receipt of the request, unless otherwise requested by the data subject and unless otherwise possible, stating the reasons for the delay. If the Data Controllers do not act on the data subject's request, they shall inform the data subject within the above time limit of the reasons for the failure to act and of the right to lodge a complaint with the supervisory authority and to seek judicial remedy.
Where a request is manifestly unfounded or excessive, Data Controllers may charge a reasonable fee or refuse to act on the request.
Accessed from
By sending a letter or an e-mail to the above contact details, the data subject may request the Data Controllers to provide access to data relating to him or her, and in this context to inform the Data Controllers that the data subject
- what personal data,
- on what legal basis,
- for what purposes,
- from what source,
- how long they are treated,
to whom, when, on what basis and to which of the data subject's personal data have been disclosed and to whom the personal data have been transferred.
Upon request by the data subject, the Data Controllers shall provide the data subject with a copy of the personal data processed in a machine-readable, commonly used electronic format, free of charge. For additional copies, the Data Controllers may charge a reasonable fee based on administrative costs.
Correction
The data subject shall have the right to obtain from the Data Controllers, without undue delay, the rectification of inaccurate data and the completion of incomplete personal data.
Delete
The data subject shall have the right to obtain, at his or her request, the erasure of personal data relating to him or her without undue delay by the Data Controllers, and the Data Controllers shall be obliged, except in cases covered by Article 17(3) of the GDPR, to erase personal data relating to the data subject without undue delay where one of the following grounds applies:
- (a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- (b) the data subject withdraws his or her consent to the processing, unless there is another legal basis for the processing. The withdrawal of consent shall not affect the lawfulness of the processing prior to its withdrawal. Consent may be withdrawn by sending a letter or e-mail and by clicking on the "unsubscribe" button.
- c) the personal data have been unlawfully processed;
- (d) the personal data must be erased in order to comply with a legal obligation.
If the above conditions are met, the Data Controllers will permanently and irretrievably delete the data.
Hordozhatóság
The data subject shall have the right to receive personal data relating to him or her provided to the data controllers in a structured, commonly used, machine-readable format and to transmit the data to another data controller or, where technically feasible, to request direct transmission between data controllers.
Restriction of processing
The data subject shall have the right to obtain, at his or her request, the restriction of processing by the controllers if one of the following conditions is met: a) the data subject contests the accuracy of the personal data, in which case the restriction shall be for a period of time which allows the controllers to verify the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use; c) the data subject has the right to obtain, at his or her request, the erasure of the data and the restriction of their use; d) the data subject has the right to obtain, at his or her request, the erasure of the data or the restriction of their use.
Data controllers no longer need the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims.
In the case of restriction of processing, personal data subject to restriction may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of other natural or legal persons or of an important public interest of the European Union or of a Member State.
Withdrawal of consent
Given that the legal basis for data processing is the consent of the data subject, the Subscriber is reminded that he/she has the right to withdraw his/her consent at any time.
Remedies
The data subject may lodge a complaint about the processing with the supervisory authority. Name and contact details of the supervisory authority:
- National Authority for Data Protection and Freedom of Information
- address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
- telephone number: +36 1 391 1400
- e-mail address: ugyfelszolgalat@naih.hu
- www.naih.hu
In addition, the data subject may take legal action against the Data Controllers in the event of a breach of his or her rights, before the competent court in the place of residence or domicile of the data subject.
Amendments to the privacy notice
The Data Controllers reserve the right to change the content of this notice at any time within the limits of the law. The amended Privacy Notice shall be effective from the date of its availability on the website.
