Privacy Notice

Events

The protection of your personal data is very important to us. The present Privacy Notice provides information on what personal data we manage, to what end and on what legal basis. The Privacy Notice also covers your rights.

1. Data Controller

Data Controller:Net Média Kiadó és Internet Tartalomszolgáltató Zrt. (hereafter: Data Controller)

Registered Office: 1033 Budapest, Polgár utca 8-10.

Registry No.: 01-10-044439

Tax number: 12527052-2-41

Website: www.portfolio.hu

Phone: +36-1-327 4080

Data protection officer: adatvedelem@portfolio.hu

1. Legislation governing data processing

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

• Act CXII of 2011 on Informational Self-Determination and Freedom of Information ("Privacy Act")

• Act V of 2013 on the Civil Code

• Act CLV of 1997 on Consumer Protection

• Act C of 2000 on Accounting

1. Definitions

Personal Data: any information relating to an identified or identifiable natural person (Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Typical personal data include: name, address, date and place of birth, name of mother.

Data Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

1. Principles

The Data Controller will observe the following principles to make sure that personal data is:

1. (processed lawfully, fairly and in a transparent manner in relation to the Data Subject (‘lawfulness, fairness and transparency’)

2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);

3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)

5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);

6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

7. The controller shall be responsible for, and be able to demonstrate compliance with, the above (‘accountability’).

1. Data Processing

1. Registration for https://www.portfolio.hu/en/events events

Purpose of Data Processing

Registration serves to allow admittance to conferences and events found on the website.

Legal basis for Data Processing

Article 6, section (1), paragraph b) of the GDPR (performance of a contract)

Data Subjects

Any natural person

Range of Personal Data

Title, first and last name, email address, phone number, company name, position, unique code (optional); how the person learned about the event, what other sectors/fields/activities they are interested in; total sum, currency, payment method (debit card, transfer), type of invoice (company or private individual), billing address, email address in case of electronic invoice, name and email address of contact person, age 16 and above.

Duration of data retention

Until the end of the fifth year following the event.

Data Transfer

No Data Transfer is taking place under GDPR Articles 44-49.

Recipients

If the Data Controller uses a Data Processor, the precise name can be found at https://portfoliocsoport.hu/info/adatvedelem.

Data Source

The source of the data is the person registering.

Means and consequences of Data Provision

Providing data is voluntary. In case you do not provide the required data, you will not be able to avail yourself of the services tied to registration.

In case the registration process fails for any reason, Data Controller will send an email as a reminder to the address provided.

1. Image and video recording at events

Purpose of Data Processing

Taking photos and videos during the event and using these to document the event.

Legal basis for Data Processing

Article 6, section (1), paragraph a) of the GDPR (consent of subject).

Data Subjects

Any natural person attending the event.

Range of Personal Data

The image of the natural person on photo or video.

Duration of data retention

Until consent is withdrawn.

Data Transfer

No Data Transfer is taking place under GDPR Articles 44-49.

Recipients

If the Data Controller uses a Data Processor, the precise name can be found at https://portfoliocsoport.hu/info/adatvedelem. Data Controller will display the photos on its website and publications, and optionally on its social media platforms.

Data Source

The source of the data is the person registering.

Means and consequences of Data Provision

Providing data is voluntary. In case you do not consent, you will not be on any photos taken during the event.

1. Signing the attendance sheet

Purpose of Data Processing

The attendance sheet signed by participants at conferences and pother events forms the basis of billing and complaints.

Legal basis for Data Processing

Article 6, section (1), paragraph b) of the GDPR (performance of a contract)

Data Subjects

Any natural person

Range of Personal Data

Title, first and last name, company name, signature; name, place and time of event.

Duration of data retention

Until the end of the fifth year following the event.

Data Transfer

No Data Transfer is taking place under GDPR Articles 44-49.

Recipients

If the Data Controller uses a Data Processor, the precise name can be found at https://portfoliocsoport.hu/info/adatvedelem.

Data Source

The source of the data is the person registering.

Means and consequences of Data Provision

Providing data is voluntary. In case you do not provide the required data, we will not be able to prove that you were present at the event in case of a complaint.

1. Processing the data of conference speakers

Purpose of Data Processing

Processing the data of speakers at events during the organisation phase and during the conference.

Legal basis for Data Processing

Article 6, section (1), paragraph b) of the GDPR (performance of a contract).

Data Subjects

Natural persons participating at the event as speakers.

Range of Personal Data

Title, first and last name, email address, phone number, company name, position, photo and video image

Duration of data retention

Until the end of the fifth year following the event.

Data Transfer

No Data Transfer is taking place under GDPR Articles 44-49.

Recipients

If the Data Controller uses a Data Processor, the precise name can be found at https://portfoliocsoport.hu/info/adatvedelem.

Data Source

The source of the data is the speaker.

Means and consequences of Data Provision

Providing data is voluntary. In case you do not provide the required data, you will not be able to participate as a speaker at the event.

1. Complaints

Purpose of Data Processing

Handling any complaints regarding any event.

Legal basis for Data Processing

Article 6, section (1), paragraph c) of the GDPR (compliance with a legal obligation); Article 17, section A, paragraph (6) of the Consumer Protection Act (CLV/1997).

Data Subjects

Any natural person

Range of Personal Data

Name, email address, phone number, user name, text of complaint, recording of complaint in case it is made over the phone, any other personal data provided in the complaint.

Duration of data retention

The end of the fifth year following the legal closure of the complaint.

Data Transfer

No Data Transfer is taking place under GDPR Articles 44-49.

Recipients

Call recording and landline services are provided by: Opennetworks Kereskedelmi És Szolgáltató Kft. (registered office: 1117 Budapest Fehérvári út 50-52., registry no.: 01-09-723926)

Data Source

The source of the data is the person making the complaint.

Means and consequences of Data Provision

Providing data is voluntary. In case you do not provide the required data, we may not be able to investigate your complaint.

1. Billing

Purpose of Data Processing

Issuing an invoice for the event/conference.

Legal basis for Data Processing

Article 6, section (1), paragraph c) of the GDPR (compliance with a legal obligation); Article 169, Section (1) of the Accounting Act (C/2000).

Data Subjects

The natural person ordering the service.

Range of Personal Data

Name, address, service ordered, price, date of invoice, due date.

Duration of data retention

The end of the eighth year following the issuing of the invoice.

Data Transfer

No Data Transfer is taking place under GDPR Articles 44-49.

Recipients

Kulcs-Soft Nyrt. (registered office: 1016 Budapest, Mészáros utca 13., registry no.: 01-10-045531)

If the Data Controller uses a Data Processor, the precise name can be found at https://portfoliocsoport.hu/info/adatvedelem.

Data Source

The source of the data is the person attending the event.

Means and consequences of Data Provision

Providing data is mandatory. In case you do not provide the required data, we will not be able to issue an invoice.

1. Signing up for newsletter

Purpose of Data Processing

Sending out newsletters through email or other equivalent means of communications,

Legal basis for Data Processing

Article 6, section (1), paragraph a) of the GDPR (consent of subject).

Data Subjects

Any natural person

Range of Personal Data

Name, email address

Duration of data retention

Until consent is withdrawn or 30 days after unsubscribing.

Data Transfer

No Data Transfer is taking place under GDPR Articles 44-49.

Recipients

Newsletters are sent out by Wanadis Kft. (registered office: 1112 Budapest, Budaörsi út 153., registry no.: 01-09-885144).

If the Data Controller uses a Data Processor, the precise name can be found at https://portfoliocsoport.hu/info/adatvedelem.

Data Source

The source of the data is the person subscribing to the newsletter.

Means and consequences of Data Provision

Providing data is voluntary. If you do not provide the data required for subscribing, we will not be able to send you a newsletter.

1. Home 2020 expo

1. Contact/registration with the organiser for exhibitors

Purpose of Data Processing

Registering to the event as an exhibitor.

Legal basis for Data Processing

Article 6, section (1), paragraph b) of the GDPR (performance of a contract).

Data Subjects

Natural persons taking part at the event as exhibitors.

Range of Personal Data

Company name, name of contact, email address, phone number, package selected, notes.

Duration of data retention

Until the end of the fifth year following the event.

Data Transfer

No Data Transfer is taking place under GDPR Articles 44-49.

Recipients

If the Data Controller uses a Data Processor, the precise name can be found at https://portfoliocsoport.hu/info/adatvedelem.

Data Source

The source of the data is the exhibitor or the contact person of the exhibitor.

Means and consequences of Data Provision

Providing data is voluntary. In case you do not provide the required data, you will not be able to participate as an exhibitor at the event.

1. Participant registration

Entry to the expo is free of charge but requires registration for both online or offline attendance!

Purpose of Data Processing

Registering to the expo as a visitor.

Legal basis for Data Processing

Article 6, section (1), paragraph b) of the GDPR (performance of a contract).

Data Subjects

Natural persons above 16 attending the event as visitors.

Range of Personal Data

Name, email address, phone number, password, certificate of age, mode of attendance (online or in person).

Duration of data retention

Until the end of the fifth year following the event.

Data Transfer

No Data Transfer is taking place under GDPR Articles 44-49.

Recipients

If the Data Controller uses a Data Processor, the precise name can be found at https://portfoliocsoport.hu/info/adatvedelem.

Data Source

The source of the data is the visitor registering.

Means and consequences of Data Provision

Providing data is voluntary. In case you do not provide the required data, you will not be able to participate as a visitor at the event.

1. Access to data

Personal data can be accessed by the relevant staff of the Data Controller, to the degree required for performing their duties.

1. Data security measures

The Data Controller shall implement the required IT, technical and personnel measures to make sure all personal data managed by it is protected against unauthorised access or unauthorised changes.

1. The rights of Data Subjects regarding data controlling

Data Subject right

regarding data controlling

The content of Data Subjects' rights regarding data controlling

Right to be informed

/GDPR Articles 13 and 14/

You have the right to be informed about the fact and purposes of data controlling, at the time when personal data are obtained. The Data Controller will put at your disposal any other information required for the fair and transparent controlling of our data, taking into account the specific circumstances and context of handling personal data. You will also have to be informed about profiling and its consequences.

Right of access

/GDPR Article 15/

You have the right to request information on whether your data is being processed, and if so, you have the right to learn:

• what personal data

• on what legal basis

• for what data controlling purposes

• for how long

• to whom, when and under what legislation the Data Controller has provided access to, or forwarded, your personal data

• what sources your personal data have been obtained from (in case it was not you who has provided the data to the Data Controller)

• if the Data Controller uses automated decision-making, including profiling, as well as meaningful information about the logic involved.

Right to rectification

/GDPR Article 16/

You have the right to request that the Data Controller rectify any inaccurate personal data or complement any incomplete personal information. This means you may ask the Data Controller to amend specific personal data (such as changing your email address or other contact at any time).

Right to erasure (‘right to be forgotten’)

/GDPR Article 17/

You have the right to obtain from the controller the erasure of personal data where one of the following grounds applies:

• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed

• you withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing

• you object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2)

• the personal data have been unlawfully processed

• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject

• the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

Right to restriction of processing

/GDPR Article 18/

You have the right to obtain from the controller restriction of processing where one of the following applies:

• you contest the accuracy of the personal data (for a period enabling the controller to verify the accuracy of the personal data)

• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead

• the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims

You have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to data portability

/GDPR Article 20/

You have the right to receive the personal data you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

• the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and

• the processing is carried out by automated means.

You have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Right to object

/GDPR Article 21/

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. In this case, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to withdraw consent

/GDPR Article 7(3)/

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, you will be informed thereof. It shall be as easy to withdraw as to give consent.

1. The legal remedies of Data Subjects regarding data controlling

Legal remedy

Content of remedy

Right to lodge a complaint with a supervisory authority

/GDPR Article 77/

In case your right to the protection of your personal data has been compromised, you may lodge a complaint with the following authority:

National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, Pf.: 5.

Phone: +36 (1) 391-1400

Email: ugyfelszolgalat@naih.hu

Website: www.naih.hu

Right to an effective judicial remedy against a controller or processor

/GDPR Article 79/

You have the right to an effective judicial remedy where you consider that your rights have been infringed as a result of the processing of your personal data.. The court will give the case priority. You may freely decide whether to bring the case before the court of your residence or the Member State where the controller or processor has an establishment. The court with jurisdiction based on the registered seat of the Data Controller is the Metropolitan Court of Budapest: 1055 Budapest, Markó u. 27., phone: +36 1 354 6000. For more courts, please visit https://birosag.hu/torvenyszekek

 

1. Updating the Privacy Notice

The Data Controller maintains the right to unilaterally amend the present Privacy Notice at any time. The document may be amended especially due to changes in legislation or privacy authority practices, due to business demand or other circumstances. Upon request, the Data Controller shall send a copy of the latest Privacy Notice to the Data Subject, in a format mutually agreed upon.