Data Management Booklet
The Hungarian Cleaning-Technology Association (Later: “MATISZ”) as the operator of www.budapestcleaningshow.hu domain website (Later: “Website”) hereby publish the website and website related services in the context of data management rules, data protection, data management principles, as well as the data management for information purposes, according to the modified Regulation EU 2016/679 (General Data Protection Regulation- GDPR) takes effect from 25 May 2018, The new, modified Regulation is aim to broaden the protection of personal data.
By beginning the use of the website, the users visiting the website, (Later: User) accept all the contained conditions of the present booklet, therefore we ask you to please read carefully the current Data Management Booklet („Booklet”) before using this website.
Data of the Data Controller
Headquarters: 2-6. Fogarasi street Budapest, 1148, Hungary
Registration Number: 1679
Registered at: County Court of Jász-Nagykun-Szolnok
Representative: Paár Zoltán – president
E-mail address: firstname.lastname@example.org
The data is managed by the Hungarian Cleaning-Technology Association (Later: „Data Controller” or “MATISZ”), which operates the Website.
The data processing is performed by the Data Controller and Zefír Investment Zrt. (1065 Budapest, Nagymező utca 51. cg. 01-10-046915 function: bookkeeping and billing) is commissioned by the Data Controller.
The technical background of data management is provided by GEDEON Nyomdaipari Bt. (2600 Vác, Zrínyi u. 9., e-address: email@example.com) on behalf of MATISZ.
The Data Controller reserves the right to include further data processors in the data management, which will be communicated to the users by modifying this booklet.
- Personal data means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person. Personal data only can be managed for the purposes specified, for exercise the rights, or in order to fulfill liabilities. Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. Personal data only can be processed with the data subject’s given consent, or shall be laid down by Law.
- Data Controller means the natural or legal person, public authority or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; and has the power to take decisions (including the decisions regarding the used devices) and have such decisions implemented or performed by data-processors.
- Data management means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; or recording data which allow or confirm identification by images, voice- or videorecording, or physical identification of that natural person, such as dactyloscopic data, DNA sampling, or iris images.
- Data processing: performing any action or operation during data management, disregard the methodology or technical instrument or the place of the action if it is carried out on data.
- Data Processor means a natural or legal person, agency or other body which processes personal data on behalf of the Data Controller, which, on the basis of a contract with the data controller, including the conclusion of a contract under the provisions of the law, processes the data.
- Transfer of data: means making personal data accessible to a third party.
- Deletion of data: making data unrecognizable item in such a way, that their restoration is no longer possible.
- Personal data breach means unlawful handling or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction and damage.
- Consent a voluntary and decisive declaration of the will of the person concerned, based on appropriate information and with unambiguous consent to the processing of personal data relating to him or her, wholly or in part.
- Objection means a statement of objection by the person concerned against the management of his or her personal data and request to discontinue data management or deletion of personal data.
The data management legal background:
The Data Controller process lawfully, fairly the personal data according to the effective Hungarian and European legislation or ethical rules and process in a manner that ensures appropriate security of the personal data using appropriate technical or organisational measures.
The present regulation taking into account the following legislation in force:
- CXIX law on management of name and address information for search and direct business purposes
- CVIII law on e-commerce services and information society services
- CXII law on informational self-determination rights and freedom of information
- Act I on the Labor Code
- 2016/679 / EU Regulation of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46
The Data Controller undertakes to comply with this Booklet unilaterally and requests that its clients accept the content of the Data Management Booklet on its website. The Data Controller reserves the right to change the Data Management Booklet. If the Data Management Booklet is modified, the updated text will be publicly disclosed.
Providing personal data on the website:
Users can provide information, data in two ways on the website:
- Personal information specifically provided or made available through the use of the Website services (See Part I. of the Booklet)
- the information provided to the Data Controller regarding the use of the website, the information provided on visiting the Website and its use (See Part II. of the Booklet)
I. Processing data explicitly provided by the User
1) What type of personal information do we ask for?
A) Upon signing up for the Budapest Cleaning Show newsletter
Providing the following personal information is required:
B) At Registration
C) When sending a message under the „Contact” function
D) When sending a message at the „Things to know/For exhibitors” page
- Full name
- E-mail address
- Phone number
E) When filling out the Registration form
- Full name
- E-mail address
- Phone number
2) Purpose and length of data management
Data Controller uses data to provide services available from the website, especially for the following purposes:
- Providing efficient services accessible from the website
- Communication with the primary purpose of providing users with information, effectively and quickly handling any technical issues that may arise
- Contacting users with regard to the registration and fulfillment of registration submitted through the website
- Settling disputes arising out of the use of the website
- Sending electronic newsletters and advertisments related to Budapest Cleaning Show and its events, promotional messages and professional materials, business policy inquiries (hereinafter together referred to as the “Newsletter”), if the User has expressly consented to it for the duration of the service or until the consent is withdrawn.
The Data Controller handles the personal data during the purpose of the data management, and thus it primarily handles the existence of a legal relationship with the User (at the end of the given period, the data provided by the concerned user will be deleted), or until the user requests the deletion of their data or withdraws his/her consent.
3) The legal basis for handling personal data
a) according to Article 6 (1) (a) of the GDPR, an adequately informed user’s voluntary contribution to data management;
b) according to Article 6 (1) (b) of the GDPR, data processing is necessary for the performance of a contract in which the User is involved, as one party;
c) according to Article 6 (1) (c) of the GDPR, data processing is necessary to fulfill the legal obligation for the data controller (such as accounting, bookkeeping obligations);
d) according to Article 6 (1) (f) of the GDPR, data processing is necessary for the legitimate interests of the data controller or a third party.
By using functions stated in points I, A) – E) (eg by signing up for an registration), Users give their consent that the Data Controller is allowed to handle their data. The handling of personal data is based on the voluntary and informed contribution of the user.
In some cases, legislation makes it mandatory for the given data to be handled, stored, forwarded, and the User will be notified by the Data Controller separately in each case.
Users are solely allowed to provide their own personal data on the website. Data Controller does not check the validity of the provided data. The correctness of the given data is solely the responsibility of the providing person, user, contractant. Any User providing their e-mail address also takes responsibility for the fact that they are the only ones who have resort to the service from the given e-mail address. With respect to this responsibility, any liability associated with an entry in a given e-mail address will only be borne by the user who registered the e-mail address.
If the User does not provide their own personal data, it is the duty of the informant of the User to obtain the consent of the User.
4) Who can access the registered data?
Only the Data Controller, and their processors if any, are eligible to obtain personal data under the applicable law. In the absence of any express legal provision, the Data Controller shall pass on data that is identifiable to the User to third parties only with the explicit consent of the User.
5) The User’s rights with their handled data
Right to information
The User may request information on the management of his personal data and may request the rectification or deletion of his / her personal data, with the exception of the data processing provided by law, either on the link in the newsletter footer or on any data controller access.
Information can be requested by email on firstname.lastname@example.org e-mail address and via postal services in the following postal address: 2-6. Fogarasi str. Budapest, 1148 Hungary
The Data Controller shall provide information upon request of the User about the User’s personal data, their source, the purpose, the justice of claim, the time frame it is handled – moreover in case of any data protection incident on the circumstances, effects and measures taken, and in case of forwarding the User’s personal data – the legal bases of the forwarding and its recipients.
The Data Controller keeps records for the purpose of controlling the measures related to the data protection incident and for informing the User, including:
- User’s personal data,
- the scope and number of Users involved in the privacy incident
- the date, circumstances, effects and measures taken to avert the privacy incident, and
- as well as any other data specified in the law that regulates data management.
The Data Controller keeps a data transfer record for the purpose of verifying the legality of the data transmission and for informing the User, including:
- the date of transmission of the managed personal data,
- the legal basis and the addressee of the data transmission,
- the definition of the scope of personal data transmitted,
- and other data specified in the law prescribing data management.
The duration of the obligation to preserve the personal data and the records of transmission of these data – and also the obligation to provide these information- can be restricted by the data management legislation. In this limitation is five years for personal data, in the case of sensitive data a shorter period of twenty years can not be established.
The Data Controller shall provide the information in the shortest possible time, but not later than within 25 (twenty-five) days from the receipt of the request, in writing in an understandable form.
Right to access
The User is entitled to receive feedback on whether personal data is being processed and, if so, to have access to the personal data managed by the Data Controller. This allows to verify that his or her personal information is being handled in accordance with data protection legislation.
Right to rectify
The User is entitled to request the modification or addition of inaccurate or incomplete personal data which the Data Controller is obliged to correct.
Right to restrict data management
The User is entitled to restrict the further processing of his /her personal data in certain situations. In the case of limited data management, data will not be processed except for storage.
Right to deletion of personal data
Personal Data is deleted by the Data Controller if:
- the Data Management is unlawful,
- on User requests,
- the Data is incomplete or erroneous and cannot be legally corrected – provided the deletion is not excluded by law
- the purpose of data management has ceased,
- the statutory time limit for storing the the personal data has expired or the deletion has been ordered by the court or data protection commissioner.
User is entitled to request the correction of his / her personal data (indicating the correct data), as well as deletion or blocking – in part or in full – via email@example.com e-mail address or via postal services. The Data Controller shall promptly make the rectification in its register and notify the User in writing of its occurrence.
Beyond the above mentioned cases the User has the right to request for correction his / her personal data ( indicating the correct data) via firstname.lastname@example.org e-mail address or via postal services in the following postal address: Hungarian Cleaning-technology Association 2-6. Fogarasi str. Budapest, 1148 Hungary. In both cases the identity should be verifyed and mailing address should be provided. Upon receipt of the cancellation request, the Data Controller shall immediately arrange for the termination of the data management and delete the User from its register.
Instead of deleting personal data, Data Controller blocks the personal data, if it is requested by the User, or if, based on the available information, it is assumed that deletion would violate the legitimate interests of the User. The blocked personal data only can be managed as long as there is a data management target that excludes the deletion of personal data.
The Data Controller shall notify the User of the rectification, blocking and deletion, and all those to whom the data was previously transferred for data management, data processing purposes. The notice may be omitted if this does not violate the legitimate interest of the User with regard to the purpose of data management.
Right to data transfer:
The User is entitled to receive the personal data concerning him / her which was supplied to the Data Controller in a distributed, widely used, machine-readable format and to forward such data to another Data Controller.
Right to protest:
User may object to the processing of his / her personal data:
- if the processing of personal data is solely necessary for the purpose, right or the legitimate interest of the Data Controllers or Data Receivers,except as required by law;
- if the use or transfer of personal data is done for direct business acquisition, polling or scientific research,
- if the exercise of the right of objection is otherwise permitted by law.
The Data Controller – with the simultaneous suspension of data management – is obliged to examine the protest within the shortest possible time from the submission of the application, but within a maximum of 15 days and to inform the applicant in writing of its outcome. If the objection is justified, the Data Controller is obliged to terminate the data management, including further data collection and data transfer, and to block the data, and to notify all those to whom the protested personal data affected has previously been forwarded and of the actions taken on the basis of the objection, they must take action to enforce the right of protest.
The Data Controller is only exceptionally may refuse the User’s request for information – these cases are specified in Act. 2011. CXII. law. 9.§ (1) paragraph, and 19.§.
If the Data Controller fails to comply with the User’s request for rectification, blocking or deletion, they let the User know the factual and legal grounds for rejecting the request for rectification, blocking or cancellation in writing within 30 days of receipt of the request. In case of refusal of an application for rectification, cancellation or blocking, the Data Controller informs the User about the possibility of judicial remedy, and referral to the National Data Protection and Freedom of Information Authority.
If the User does not agree with the Data Controller’s decision, or when the Data Controller fails the above deadline, the User – within 30 days after receiving the notification of the decision or the last day of the deadline – the User can contact National Data Protection and Freedom of Information Authority detailed under “Options for enforcement of rights” section at the end of the Booklet, or can go to court.
Furthermore, the User may decide at any time that Newsletter will no longer be sent by the Data Contoller. The User can withdraw his / her consent to receive newsletters at any time free of charge without any justification or limitation at any time by clicking on unsubscribed button at the bottom of the newsletter, or via email@example.com e-mail address or via postal services in the following postal address: Hungarian Cleaning-technology Association 2-6. Fogarasi str. Budapest, 1148 Hungary. After receiving the unsubscription request, the Data Controller will immediately delete the unsubscribed User’s data from the direct marketing database and will no longer send newsletter to the User.
If the withdrawal of consent only concerns the direct marketing data management (Newsletter sending), the Data Controller will only delete the User immediately from the direct marketing record, and shall be entitled to further manage the User’s data for the purpose of providing Website Services.
Right of Withdrawal
The data subject is entitled to withdraw his / her consent at any time.
Right to go to court:
In case of violation of his / her rights, the data subject may go to court against the Data Controller. The court may hear the case without delay.
II. Any information collected otherwise in connection with the use of this website
1)What type of information do we collect in connection to the use of the website?
If the User does not specifically disclose information or data about himself or herself on the Website as described in Part I, the Data Controller does not collect or manage any personal information about the User in such a way that the User can personally be identifiable.
Such data is the data of the user’s logged-in computer that is generated during the use of the Website and which the cookies used on the Website are recorded as an automatic result of the technical processes. The data that will be automatically recorded will be logged automatically when visiting or leaving the Website without the user’s statement or action.
These data are not linked to other personal data of the User, therefore the User can not be identified on the basis of these data. These data are only accessible to external service providers that handle cookies and to the Data Controller.
The Data Controller uses the services of the Google Analytics system in connection with the Website. Google Analytics-managed cookies help you measure website traffic and other web analytical data on the Website. Information collected by cookies is forwarded and stored to external servers run by Google. Google uses this information for the Data Controller primarily to track the attendance of the website and make analyzes of Website activities. Google may disclose this information to third parties if this is required by law. Google also has the right to forward this information to those third parties who have access to the data by them. Google Analytics can provide detailed information on how Google Analytics can handle these data. (http://www.google.com/analytics).
The Data Controller’s advertisments are displayed on external internet website services (Google, Facebook). These third-party service providers (Google, Facebook) store cookies, if the User previously visited the Data Controller’s website, it will display personalized ads (that is, they are doing remarketing activity).
The use of Google cookies can be disabled with the help of Ad Settings. (more information: : http://www.google.hu/policies/technologies/ads/). Users can disable the cookies of external service providers at the unsubsribtion website of Network Advertising Initiative (http://www.networkadvertising.org/choices/).
The above-mentioned third-party service providers are subject to data protection regulations as defined by these service providers and the Data Controller does not take any responsibility for such data handling.
2) How do we use these information?
Data collected through the aforementioned technologies cannot be used to identify the User and the Data Controller does not associate this data with any other data that may be identifiable.
The primary purpose of using such data is that the Data Controller can operate the Website correctly, that is particularly needed for tracking visiting data of the Website and filtering out potential misuse of the Website.
In addition, the Data Controller may use this information to analyze usage trends to improve and develop the Website’s features and to obtain comprehensive traffic data for full use of the Website.
The Data Controller may use the information obtained to provide statistics on the use of the Website and to analyze and to transfer such statistical data that is not suitable for identification (such as the number of visitors, most viewed topics or content) to a third party or to publish cumulatively, anonymously.
3) Option for turning Cookies off:
If the User does not want their above mentioned information to be collected in connection with the use of the Website, they can disable cookies in whole or in part in the Internet browser settings or modify cookie message settings otherwise.
4) Cookies placed by third parties:
The Website may contain information, advertisements in particular, originating from third parties and advertising providers who are not affiliated with MATISZ. These third parties may also place cookies, web beacons on the user’s computer, or use similar technologies to collect data in order to send the user advertisement messages about their own services.
In such cases, data management is governed by the data protection regulations set forth by these third parties and the Data Controller is not responsible for such data handling.
MATISZ is not responsible for the contents, data and information protection practices of external websites accessible as a link. If MATISZ becomes aware that the page or link it links to infringes the rights of third parties or the applicable law, the link will be removed from the Website without delay.
IV. Data Security
The Data Controller undertakes to ensure the security of the data, to take the technical and organizational measures and to establish the procedural rules that ensure that the recorded, stored or managed data are protected and prevent their destruction or unauthorized use and unauthorized alteration. Data Controller is also obliged to call on any third party to whom the data is transmitted or transferred by the User’s consent, to comply with the requirements of data security.
The Data Controller shall ensure that no unauthorized person has access to, disclose, transmit, modify or delete the data processed. The handled data can only be known by the Data Controller, its employees and the Data Processor (s) he is using, and will not be handed over to a third party who is not authorized.
Data Controller will do its best to prevent data from being accidentally damaged or destroyed. The above mentioned commitment is required by Data Controller for employees involved in the data management activities.
The User acknowledges and accepts that, when they provide his /her personal data on the Website – despite the fact that MATISZ has advanced security tools to prevent unauthorized access to or tamper with data – the protection of data may not fully guaranteed on the Internet. In spite of our efforts, MATISZ is not responsible for any such data acquisition or unauthorized access or for any damages the User suffers from such reasons. In addition, the User may also provide personal information to third parties who may use it for illegal purposes.
In any case, the Data Contorller does not collect special data, such as data that are of a racial origin, membership of a national or ethnic minority, political opinion or party affiliation, religious or other types of world beliefs, membership of an interest representation organization, addiction, sexual life, and criminal record.
For data security, it is important that you sign out of the Website when you use it on public or mutually used computers. If you visit our site from your computer, it will remain logged on for a certain time depending on the application. In this case, be careful not to let strangers access your computer, to carry out transactions (subscriptions, sign-ins, orders, etc.) on your behalf.
V. Options for enforcement of rights
MATISZ makes every effort to ensure that personal data is processed in accordance with the law, if you feel that we have not complied to it, please contact us via firstname.lastname@example.org e-mail address or by sending a letter via postal services at the following postal address: 2-6. Fogarasi str. Budapest, 1148, Hungary
If you feel that your rights to protect your personal data have been violated, you may appeal at the following competent organizations under applicable law:
- National Data Protection and Information Authority (Address: 22/C, Szilágyi Erzsébet fasor, Budapest, 1125, Hungary, E-mail: email@example.com; www.naih.hu) or
- Initiate court proceedings
VI. Miscellaneous Provisions:
This Booklet is governed by the provisions of the General Data Protection Regulation (GDPR) adopted by the European Union in 2016/679.
The Data Controller reserves the right to modify this Booklet unilaterally, at any time, subject to prior notification of the User. The User shall accept the modification on the Website – for further use of the Website – in the manner provided by MATISZ. Modifications will become effective against the User upon acceptance or upon first use of the Website.
Budapest, May 25th , 2018
The Hungarian Cleaning-Technology Association