Privacy policy
- GENERAL INFORMATION
Pro Event Produkciós Korlátolt Felelősségű Társaság (“Pro Event”) processes information qualified as “personal data” under Article 4 (1) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) in relation to third parties, contact persons of its partners and persons using its services (hereinafter collectively referred to as “data subject(s)”).
This privacy notice (“Privacy Notice”) is to provide information about the processing of such personal data as well as about the data subjects’ rights and remedies related to the processing.
Contact details of Pro Event:
Registered seat: 1022 Budapest, Tövis utca 32/B 1.
Registration number: 01-09- 320041
Website: www.proevent.hu
- UPGRAGING AND AVAILABILITY OF THE POLICY
Pro Event reserves the right to unilaterally modify this Privacy Notice with immediate effect subsequent to such modification, subject to the limitations provided for by law and the requirements of advance notification to the individuals in due time, if necessary. Pro Event may modify this Privacy Notice, particularly when it is required as a result of changes in the laws, the practice of the data protection authority, business needs or employees’ needs, any new activity involving personal data processing or any newly revealed security exposures, or if it is deemed necessary because of individuals’ feedback.
- SPECIFIC DATA PROTECTION REQUIREMENTS
In certain cases, specific privacy-related terms and conditions may also be applicable to certain individuals; said individuals will be duly notified thereof.
In each case, organisations and individuals are obliged to make the relevant personal data available to Pro Event in accordance with the applicable laws. Individuals shall especially be in possession of adequate and informed consent, or any other appropriate legal basis, for making personal data available to Pro Event (for example if the data of contact persons and family members are given). If Pro Event becomes aware that any personal data of a data subject was disclosed without her/his consent or any other appropriate legal basis, then Pro Event may immediately delete such personal data, and the data subject is also entitled to exercise the rights and remedies set forth in this Privacy Notice. Pro Event will not be liable for any loss or harm which may arise from any breach of the above undertaking and representation of any individual.
- PERSONAL DATA PROCESSED AND PURPOSE OF PROCESSING
The table below describes the scope of the processed personal data, the purposes, the legal basis, and the duration of the processing. Where a purpose of processing is required for pursuing a legitimate interest of Pro Event or any third party, then Pro Event will perform a balancing test of the underlying interests, which is available upon a request submitted to Pro Event by means of the contact details listed hereinabove.
Pro Event expressly wishes to draw the attention of the individuals to their right of objection to the processing of their personal data on grounds relating to their particular situation at any time where the processing is based on a legitimate interest, including cases where the processing takes the form of profiling. In such cases, Pro Event shall cease to process the personal data unless it can prove that the processing has to be continued due to compelling legitimate reasons which override the interests, rights and freedoms of the individuals, or which relate to the submission, the enforcement or the protection of legal claims.
Where this Privacy Notice indicates the relevant limitation period for the enforcement of claims as the duration of data processing, then any event which interrupts the limitation period shall extend the term of the data processing until the new date when the underlying claim may lapse (Section 6:25 (2) of Act V of 2013 on the Civil Code – the “Civil Code”). If the limitation period is interrupted, the claim can be enforced within one year from the time when the reason for interruption ceases to exist or, in respect of a limitation period of one year or less, within three months, even if the limitation period has already lapsed or there is less than one year or less than three months, respectively, remaining from it (Section 6:24 (2) of the Civil Code).
The 8 years’ retention period specified in Act C of 2000 on accounting (the “Accounting Act”) shall be counted from the day of a given year when the accounting item related to the data or the accounts/accounting relied on or made use of the relevant data in any way. In practice if the data appears in an agreement under which more completions arise (e.g. service is provided several times during the term of the agreement), the 8 years’ period shall be counted from each completion separately, because there is a separate invoice for each completion, based on which the transaction is entered into the accounts.
1.1 Inquiry about a service via the Website, in person, by telephone or otherwise and individual request for proposal
Processed personal data | Purpose of processing | Legal ground of data processing | Data retention period |
Name (company name, position) | Data necessary for the identification of the data
subject |
Article 6 (1) (a) of the GDPR
The data subject has given his or her consent to the data processing of his or her personal data for one or more specific purpose |
data processing may last for the period indicated by the data subject or until the consent is withdrawn. |
e-mail, phone number | Data necessary to contact the data subject in the
future |
||
the subject matter of interest | Data necessary to clarify the data subject’s
enquiry and to provide an appropriate, personalised response, on the basis of the data subject ‘s own communication |
1.2 The personal data of contact persons and representatives, chief executive officers of contracting partners and/or persons involved in contract performance
Processed personal data | Purpose of processing | Legal ground of data processing | Data retention period |
Name (company name, position) | Data necessary for the identification of the data
subject |
Article 6 (1) (b) of the GDPR
the purpose is directly the performance (implementation) of the contract to which the individual is subject
Article 6 (1) (f) of the GDPR pursuing the legitimate interests of both Pro Event and the contracting partner: fulfilling the obligations, exercising the contractual rights and synchronising business cooperation. |
5 years after the date when the contractual relation ceased (Section 6:22 (1) of the Civil Code – claims lapse in 5 years)
Accounting documents: the data retention period is 8 years (Sections168-169 of the Accounting Act.
|
e-mail, phone number | Data necessary to contact the data subject in the
future |
||
the subject matter of interest | performance of the contract (day-to-day activity) and/or keeping contact, providing information, sending communications. |
1.3 Personal data of job applicants (not recruited candidates)
Processed personal data | Purpose of processing | Legal ground of data processing | Data retention period |
Name | Data necessary for the identification of the data
subject |
Article 6 (1) (a) of the GDPR
The data subject has given his or her consent to the data processing of his or her personal data for one or more specific purpose
Article 6 (1) (f) of the GDPR pursuing the legitimate interests of both Pro Event and the applicant: proof of compliance with equal treatment and the promotion of equal opportunities rules, |
Data processing may last until the consent is withdrawn.
If the data subject has not given or has withdrawn his or her consent, the data shall be processed for the duration of the period of enforcement of claims provided for in Article 17 of Act CXXV of 2003 on equal treatment and the promotion of equal opportunities, i.e. for 3 years from the notification of the nonemployment, in the event of and for the purposes of any proceedings related to the enforcement of claims. |
e-mail, phone number, address | Data necessary to contact the data subject in the
future |
||
CV, cover letter (if any) and Data contained therein | assessing the applicant’s skills, experiments and aptitude. |
1.4 Enforcement of the data protection rights of the individuals
Processed personal data | Purpose of processing | Legal ground of data processing | Data retention period |
Personal data related to inquiries received by Pro Event in respect of data protection: the data of the contact person necessary for making contact (including without limitation name, address, e-mail, phone), the content of the inquiry and steps taken and documents made in relation to the inquiry. | Processing related to the enforcement of the data protection rights of the individuals (see Section 8 for details) | Article 6 (1) (c) of the GDPR
processing is necessary for compliance with a legal obligation
|
indefinite period, unless the data protection authority gives any other guidance. |
1.5 Personal data breaches
Processed personal data | Purpose of processing | Legal ground of data processing | Data retention period |
Personal data of the data subjects affected by the personal data breach. | Keeping records of personal data breaches (including documenting steps taken in relation to responding to incidents) | Article 6 (1) (c) of the GDPR
processing is necessary for compliance with a legal obligation
|
indefinite period, unless the data protection authority gives any other guidance. |
- Cookie POLICY
5.1 By visiting the Website, visitors consent to Pro Event placing cookies on their computer (or other similar device) to help the Website function and to provide information about the visitor’s behaviour on the Website. Pro Event uses this information to improve its Website.
The cookies Pro Event uses only provide anonymised and aggregated technical information. This is primarily to ensure easy navigation of the Website, to identify which parts of the site are of particular interest to visitors and to improve the site and Pro Event’s services in general. The information collected in this way does not allow visitors to be individually identified. Pro Event does not seek to identify visitors individually unless they voluntarily provide their information through the Website in some way.
5.2 The Website uses the cookies listed below:
“Session cookies”: technically essential cookies that are essential for navigating a website, for the operation of key website functions and for accessing protected content. These cookies store the information necessary to fill in the forms and sometimes the language chosen by the visitor, but do not collect any information that can be used for marketing purposes, nor any information that would remember which other websites the visitor has visited. These cookies are automatically deleted when the Website is closed or after a certain period of time. In their absence, the Website or parts of the Website may not be displayed or may be displayed incorrectly, making it impossible to use the Website.
“Functional cookies”: so-called functional cookies that facilitate use and improve the user experience, which enable the Website to detect the device used to access the Website and to remember the decisions made on the Website (e.g. data entered on forms, language chosen, whether the visitor has logged in during a previous session, user changes to text size, font or other customisable elements of the Website), so that the Pro Event can offer visitors better and more personalised features. These cookies only track the visitor’s activity on the website they are visiting, not on other websites. These cookies may store personal identification information that visitors have provided on the Website, such as name, email address, telephone number.
“Analytics cookies”: advertising display and social media cookies, which are performance cookies, also known as marketing cookies. They collect information about the user’s behaviour within the website visited, time spent, clicks. They are also linked to social media, which are typically third-party applications (e.g. Google Analytics, AdWords cookies). These cookies can be used to profile the visitor and may also transfer data to third countries – acceptance of the use of cookies by the user implies consent to the transfer of data to third countries. Users who do not want Google Analytics to report on their visit can install a browser extension to block Google Analytics. This add-on instructs Google Analytics’ JavaScript scripts (ga.js, analytics.js, and dc.js) to stop sending visit information to Google. In addition, users who have installed the disabling browser extension will not be included in the content experiments.
To permanently disable Google Analytics cookies, install a browser add-on, which you can download from
https://tools.google.com/dlpage/gaoptout.
Google Analytics provides additional options for opting out of Google Analytics:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.
“Third party cookies”: The Website may display various content through external web services, which may result in the storage of some cookies that Pro Event does not control, so Pro Event has no control over how these websites or external domains collect data on how the visitor/registrant uses the embedded content.
5.3 In case of cookies, the data carried by cookies may be processed until the data subject disables their use in his/her browsing settings, but no later than the time necessary for the technical operation of the Website.
The user can set his web browser to accept all cookies, reject them all or notify the user when a cookie arrives on the user’s computer. Each web browser is different, so your browser’s “Help” menu can help you adjust your cookie settings. The Website is designed to work with the use of cookies, so deactivating them may affect the usability of the website and prevent the user from taking full advantage of it.
In addition, Pro Event technically records whether the user has previously accepted this Policy.
More information about Google and Facebook cookies can be found at the following links:
Google: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Facebook: https://www.facebook.com/business/help/471978536642445?id=1205376682832142
The processing of data acquired through presence on community sites is carried out on the community sites, so the duration of the processing, the method of processing and the possibilities of deleting and modifying the data are also governed by the regulations of the relevant community site. Pro Event does not transfer the user content published on the community sites to databases that allow the processing of data for its own purposes.
Entries available on the Website may use embedded content (e.g. videos, images, articles, etc.) from external sources. Embedded content from external sources behaves exactly as if you had visited another website. These sites may collect data about visitors, use cookies or third-party tracking code, monitor user behaviour in relation to embedded content if the visitors have an account and are logged in to the site.
- ENTITIES ENTITLED TO PROCESS PERSONAL DATA
Pro Event engages the following contractual partners for carrying out tasks related to data processing operations in addition to the ones listed above. Such contracting parties act as so-called “data processors” (i.e. they process the personal data defined in this Notice on behalf of Pro Event). If Pro Event is acting as a data processor, these organisations are acting as “sub-processors”.
Pro Event should only use data processors or sub-processors that provide sufficient safeguards, in particular in terms of expertise, reliability and resources, for the implementation of technical and organisational measures which ensure that the requirements of the GDPR are met. Said safeguards should include the security of processing. The particular tasks and liabilities of the data processor or the sub-processor are provided for in the data processing agreement made between Pro Event and the data processor or the sub-processor. After the completion of the processing on behalf of Pro Event, the processor or the or sub-processors shall, at the choice of Pro Event or Pro Event’s partner, return or delete the personal data, unless there is a requirement to store the personal data under European Union or Member State law to which the processor is subject.
The data processor | Activity
|
Microsoft Ireland Operations Limited
One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521
|
Microsoft Ireland Operations Limited shall provide the Microsoft Office 365 service. Pro Event shall process the personal data as a data controller or a data processor by using the Office 365 service.
|
X-com.hu Szolgáltató Kft.
Address: H-1174 Budapest, Ősrepülő utca 26. Fsz/2. Tax nr.: HU22926555 |
Providing information technology support and web hosting management for Pro Event |
Könyvérd Bt.
Address: H-2030 Érd, Fülemüle utca 36. Tax nr.: HU22137690 |
It provides book-keeping services. Within this, it will have full access to company, contract and HR information. |
- SECURITY (TECHNICAL AND ORGANIZATIONAL) MEASURES
Pro Event protects its personal data storage systems with multifactor authentication. For example, such setting is: SSL communication (encrypted). The SQL (Structured Query Language) database is protected by a firewall, it can only be connected from a specific IP address.
Pro Event’s office building is protected by an electronic access system. Pro Event offices can be locked with keys.
- DATA PROTECTION RIGHTS AND REMEDIES
8.1 Data protection rights and remedies
The detailed rights and remedies of the individuals are set forth in the applicable provisions of the GDPR (especially in Articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79, 80, and 82 of the GDPR). The summary set out below describes the most important provisions and the Pro Event provides information for the individuals in accordance with the above articles about their rights and remedies related to the processing of personal data.
The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the individual, information may also be provided orally, provided that the identity of the individual is verified by other means.
Pro Event will respond without unreasonable delay to the request of an individual in which such person exercises her/his rights about the measures taken upon such request (see Articles 15-22 of the GDPR), with said response by no means to occur later than one month after receipt thereof. This period may, if needed, be extended for a further two months in light of the complexity of the request and the number of requests to be processed. Pro Event shall notify the individual about the extension and also indicate its grounds therefor within one month of the receipt of the request. Where the request has been submitted by electronic means, the response should likewise be sent electronically, unless the individual requests otherwise.
If Pro Event does not take any measure upon the individual’s request, it shall so notify the individual without delay, but by no means later than one month after receipt thereof, stating why no measures will be taken. Additionally, Pro Event shall inform the individual about the individual’s right to lodge a complaint with the data protection authority and to file an action for remedy with the courts.
8.2 The individual’s right of access
(1) The individual has the right to obtain confirmation from Pro Event with regards to whether or not personal data concerning them is being processed. In such a case, the individual is entitled to have access to the relevant personal data and to the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data has been or will be disclosed, specifically including recipients in third countries and/or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the right of the individual to request from Pro Event rectification or erasure of personal data, or restriction of processing of personal data concerning the individual, or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data is not collected from the individual, any available information as to its source.
(2) Where personal data is forwarded to a third country, the individual is entitled to obtain information concerning the adequate safeguards of the data transfer.
(3)Pro Event provides a copy of the personal data undergoing processing to the individual. Pro Event may charge a reasonable fee based on administrative costs for requested further copies thereof. Where the individual submitted their request by electronic means, the information will be provided to them in a commonly used electronic form unless otherwise requested by the data subject.
8.3 Right to rectification
The individual has the right to request that Pro Event rectify inaccurate personal data which concerns them without undue delay. In addition, the individual is also entitled to have incomplete personal data completed e.g. by a supplementary statement or otherwise.
8.4 Right to erasure (‘right to be forgotten’)
(1) The individual has the right to request that Pro Event erase the personal data concerning them without delay where one of the following grounds applies:
(a) the personal data is no longer required for the purposes for which it was collected or otherwise processed by Pro Event;
(b) the individual withdraws consent on which the processing is based, and there are no other legal grounds for the processing;
(c) the individual objects to the processing and there are no overriding legitimate grounds for the processing;
(d) the personal data has been unlawfully processed;
(e) the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which Pro Event is subject;
(f) the collection of the personal data occurred in connection with the offering of services regarding the information society.
(2) If Pro Event has made the personal data public and it is later obliged to delete it as a result of the above stated grounds, it will take reasonable steps to delete it, taking into account the available technology and the costs of implementation. These reasonable steps include technical steps in order to inform processors who carry out processing that the individual has initiated a request for the links leading to the relevant personal data, or the copies or reproductions thereof, be deleted.
(3) Paragraphs (1) and (2) shall not apply to the extent that processing is necessary, among other things, for:
- a) exercising the right of freedom of expression and information;
- b) compliance with a legal obligation which requires processing by European Union or Member State law to which Pro Event is subject;
- c) archiving purposes in the public interest, scientific or historical research purposes or statistical purposes insofar as the right referred to in paragraph (1) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- d) the establishment, exercise, or defence of legal claims.
8.5 Right to restriction of processing
(1) The individual has the right to obtain a restriction of processing from Pro Event where one of the following applies:
a) the accuracy of the data is contested by the individual, for a period enabling Pro Event to verify the accuracy of the personal data;
b) the processing is unlawful, and the individual opposes the erasure of the personal data and requests the restriction of its use instead;
c) Pro Event no longer needs the personal data for the purposes of the processing, but the individual requires it for the establishment, exercise or defence of legal claims;
d) the individual has objected to processing pending the verification of whether the legitimate grounds of Pro Event override those of the individual.
(2) Where processing has been restricted under paragraph (1), such personal data shall, with the exception of storage, only be processed with consent of the individual or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
(3) Pro Event informs the individual whose request has served as grounds for the restriction based on the aforesaid, before the restriction of processing is lifted.
8.6 Notification obligation regarding rectification or erasure of personal data or restriction of processing
Pro Event will communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. Pro Event shall inform the individual about those recipients if they so request.
8.7 Right to data portability
(1) The individual has the right to receive the personal data concerning them, which they have provided to Pro Event in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller without hindrance from Pro Event, where:
a) the processing is based on consent or on a contract; and
b) the processing is carried out by automated means.
(2) In exercising the right to data portability pursuant to paragraph (1), the individual shall have the right to have the personal data transmitted directly from one controller to another (thus from Pro Event to another controller), where technically feasible.
(3) Exercising the aforesaid right shall be without prejudice to provisions concerning the right to erasure (‘right to be forgotten’) and, further, this right shall not adversely affect the rights and freedoms of others.
8.8 Right to object
(1) The individual has the right to object, on grounds relating to her/his particular situation, at any time to the processing of personal data concerning them for the purposes of legitimate interests. In such a case, Pro Event will no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the individual, or for the establishment, exercise or defence of legal claims.
(2) Where the processing of personal data serves direct marketing purposes the individual is entitled to object to the processing of personal data regarding them for such purposes, including profiling, in so far as the latter relates to direct marketing.
(3) If the individual objects to the processing of personal data with the aim of direct marketing, then the personal data can no longer be processed for this purpose.
(4) In connection with the use of services related to information society, the individual may resort to their right of objection, with deviation from Directive No 2002/58/EC, by means of automated devices based on technical requirements.
(5) Where personal data is processed for scientific or historical research purposes or statistical purposes, the individual, on grounds relating to their particular situation, has the right to object to the processing of personal data concerning them, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
8.9 Right to lodge a complaint with a supervisory authority
The individual has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement if they consider that the processing of personal data relating to them infringes the GDPR. In Hungary, the competent supervisory authority is the Hungarian Authority for Data Protection and Freedom of Information (http://naih.hu/; address: 1055 Budapest, Falk Miksa utca 9-11.; postal address:1363 Budapest, Pf.: 9; telephone: +36-1-391-1400; fax: +36-1-391-1410; e-mail: ). This right also applies to the individual if Pro Event is a data controller and also if Pro Event is a data processor.
8.10 Right to an effective judicial remedy against a supervisory authority
(1) The individual has the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them.
(2) The individual has the right to an effective judicial remedy where the supervisory authority that is competent does not handle a complaint or does not inform them within three months on the progress or outcome of the complaint lodged.
(3) Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.
8.11 Right to an effective judicial remedy against Pro Event or the processor
This right also applies to the individual if Pro Event is a data controller and also if Pro Event is a data processor.
(1) Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority, any individual has the right to an effective judicial remedy where they consider that their rights under the GDPR have been infringed as a result of the processing of their personal data in non-compliance with the GDPR.
(2) Proceedings against Pro Event or a processor shall be brought before the courts of the Member State where Pro Event or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the individual has habitual residence. In Hungary, the general court has jurisdiction in these kinds of proceedings. The proceedings can be brought – according to the choice of the individual concerned – before the general court where one has its habitual residence or place of stay. Information on the competent courts and their contact details is available at birosag.hu.