×
https://regio10.hu/wp-content/uploads/2022/02/Image-22.png ×
https://regio10.hu/wp-content/uploads/2022/02/Image-23.png ×

General Data Protection Regulation (GDPR)

G.D.P.R.

 

This Policy governs the processing and handling of certain personal data by “RÉGIÓ-10” Ltd. (registered office: 6728 Mórahalom, Röszkei út 2.; company registration number: 06-09-016797,) (hereinafter referred to as the “concerned”) as follows.

Introduction

The Data Controller acknowledges that it is bound by this Policy. The Data Controller further undertakes to process personal data at all times in accordance with the legal provisions in force and the provisions of this Policy.

This Policy may be unilaterally amended and/or withdrawn by the Data Controller at any time, with simultaneous notification to the Data Subjects. The information shall be provided by publication on the website or, depending on the nature of the change, by direct notification to the Data Subjects.

If you have any questions or comments regarding this Policy or the processing of your data, please contact us at any of the following contact details: info@regio10.hu or at the postal address of the Data Controller at 6720 Szeged, Dugonics tér 12.

 

I. Scope of the Policy 

 

1. Personal scope: this Policy covers the processing carried out by the Data Controller in relation to the following natural persons, hereinafter collectively referred to as the “Data Subject

  • Persons who have submitted a curriculum vitae to the Data Controller with a view to establishing an employment relationship (hereinafter referred to as “Applicant”)
  • natural person contractors of the Data Controller, including self-employed persons (hereinafter referred to as “Contractor”)
  • contact persons and other contact persons identified by the Data Controller’s non-natural person contractors (hereinafter together referred to as “Contact Persons”)
  • and other natural persons, on a case-by-case basis.

In the case of personal data not originating from the Data Subject, it is the responsibility of the data controller to obtain the consent of the Data Subject to disclose the data to the Data Controller.

2. Duration: These Rules shall enter into force on 25 May 2018 and shall remain in force until revoked/amended. This Policy shall apply to processing already in progress at the time of its entry into force.

3. Territorial scope: this Policy shall apply to processing carried out by the Controller in any (geographical) area.

4. Material scope: this Policy regulates the data processing carried out by the Data Controller in relation to the Data Subjects, specifying the purposes and legal basis of the processing, the means and methods used and the security measures implemented.

 

II. Basic concepts

 

Personal data: any information relating to an identified or identifiable natural person (“data subject”), directly or indirectly;

Special categories of personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data and biometric data revealing the identity of natural persons, health data and personal data concerning the sex life or sexual orientation of natural persons. As a general rule, the Data Controller does not process any special data (e.g. health data) relating to the Data Subject. The processing of special data may only be carried out on the basis of explicit prior consent or on the basis of a legal authorisation.

Consent of the Data Subject: a voluntary, specific, informed and unambiguous indication of the Data Subject’s wishes by which the Data Subject signifies, by means of a declaration or by an act unambiguously expressing his or her consent, that he or she gives his or her consent to the processing of personal data concerning him or her;

Processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Data Controller: Régió-10 Kft. (registered office: 6782 Mórahalom, Röszkei út 2.; company registration number: 06-09-016797, represented by Ákos Farkas; contact details: info@regio10.hu, tel.: +3662710500).
Data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

Third party:a natural or legal person, public authority, agency or any other body other than the Data Subject, the Controller, the Processor or the persons who, under the direct authority of the Controller or the Processor, are authorised to process personal data.

The other terms used in this Policy correspond to the terms defined in the applicable legal provisions, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation – hereinafter “GDPR”) and Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter “Infotv.”). The Data Controller shall act in full compliance with the legal provisions in force at any given time in the course of the data processing operations it carries out.

 

III. Principles

 

The Data Controller shall process the data of the Data Subject in full compliance with the following principles:

  • the processing shall be lawful, fair and transparent to the data subject (“lawfulness, fairness and transparency”);
  • data must be collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes (‘purpose limitation’);
  • be adequate, relevant and limited to what is necessary for the purposes for which the data are processed (‘data minimisation’);
  • accurate and, where necessary, kept up to date (‘accuracy’);
  • be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘limited storage’);
  • it must be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage (‘integrity and confidentiality’), by appropriate technical or organisational measures.
  • the controller is responsible for compliance with the above principles and must be able to demonstrate such compliance (“accountability”).

The Controller has established its procedures in accordance with the above and will keep them under review and amend them as necessary. The Data Controller shall ensure that data protection is implemented by design and by default.

 

IV. Purposes of data processing

 

1. Activities related to the organisation of events

Régió-10 Ltd. processes the personal data of participants collected on the basis of their voluntary consent in connection with the registration or abstract submission for a conference, congress or other event.

The purpose of the processing (as detailed below) is to organise and run an event on behalf of Régió-10 Kft. and to contact participants by e-mail. Processing of data voluntarily provided by those interested in our events and services through our website and IT system for the purpose of contacting and meeting the needs of potential customers.

The legal basis for data processing is the voluntary consent of the participants. By completing the application form and the abstract submission form, participants consent to the processing and collection of their personal data for the aforementioned purposes.

The following personal data of participants will be processed in connection with the Registration:

  • Surname and first name
  • e-mail address
  • Date of birth
  • gender
  • seal number
  • work address
  • telephone/mobile number
  • address

In accordance with the applicable rules, the participant’s personal data will be recorded and stored in a database managed exclusively by Régió-10 Ltd. The participant expressly accepts and agrees that his/her personal data will be stored and processed by Régió-10 Ltd. for the duration of the event. In order to ensure the security of the data, Régió-10 Ltd. applies data security measures to ensure the privacy of the participants.
In the case of electronic registration, your personal data is transmitted to our servers via a secure connection protected by SSL (Secure Socket Layer) technology, so that no unauthorised persons have access to your data. Our security measures are fully compliant with industry standards and local and European legislation. Our systems are constantly monitored to detect and prevent suspicious activity.

The collection and processing of personal data is solely for the purpose of ensuring the proper conduct of the conference; to enable Régio-10 Ltd to fulfil its obligations in relation to the organisation of the conference, i.e. to inform/notify participants in a timely manner.

Participants who have given their explicit consent to receive such messages may withdraw their consent at any time by sending an e-mail or postal letter to Régio-10 Ltd. If the participant withdraws his/her consent, his/her personal data will be deleted by Régio-10 Ltd. immediately after the withdrawal.

Régió-10 Kft. undertakes not to transfer the participant’s personal data to other third parties.
Only Region-10 Ltd. is entitled to access the data.

 

2. Activities related to travel arrangements

Régió-10 Ltd. processes the following personal data about its customers for the purposes listed below:

I. interest in the service via the website, in person, by telephone or otherwise

  • name
  • e-mail address (telephone number)
  • by telephone or e-mail or other means of communication (e.g. by phone or e-mail)

The legal basis for processing is the consent of the interested party. The processing lasts for the duration of the enquiry or until the consent is withdrawn.

II. individual request for an offer

  • name
  • e-mail address, telephone number
  • subject of enquiry (e.g. period, destination, accommodation classification)
  • date of birth

The legal basis for processing is the consent of the interested party. Data processing lasts for 3 months from the date of the request or until the consent is withdrawn.

III. conclusion of travel contracts

  • Name
  • e-mail address (telephone number)
  • subject matter of the contract (e.g. period, destination, accommodation classification, number and date of birth of children, meal requirements, relevant medical data)
  • date of birth
  • address

The legal basis for the processing of the data is the performance of the contract and the resolution of any disputes that may arise in connection with it. The duration of the processing is eight years from the last day of the year in which the contract is performed plus eight years (limitation period for tax liability).

IV. sale of airline tickets and other travel tickets

  • name
  • e-mail address (telephone number)
  • subject of the contract (e.g. period, destination, accommodation classification, number and date of birth of children, dietary requirements, relevant medical data)
  • date of birth
  • passport/ID card details (number, date of issue, expiry date)
  • visa details (type, number, date of issue, expiry date)
  • exact address of residence (name of service unit, country, city, type and number of public place, postcode)
  • gender
  • nationality

The legal basis for the processing is the performance of the contract and the resolution of any disputes arising in connection with it. The duration of the data processing is the performance of the contract plus five years (general time limit for civil claims).

V. Sale of car rental services

  • Name
  • e-mail address (telephone number
  • subject matter of the contract (e.g. period, destination, pick-up and drop-off location and time, category of car, number and date of birth of children, extra requirements (e.g. gps, child seat, insurance))
  • date of birth
  • subject of the contract (e.g. period, destination, accommodation category, number and date of birth of children, meal requirements, relevant medical data

The legal basis for the processing of the data is the performance of the contract and the resolution of any disputes arising in connection with it. The duration of the processing is the performance of the contract plus five years (general time limit for civil claims).

VI. Sale of health, accident and luggage insurance and cancellation insurance

  • Name
  • address
  • subject of the contract (e.g. period, destination, type of insurance)
  • date of birth
  • passport, identity card number

The legal basis for the processing of the data is the performance of the contract and to ensure the settlement of any disputes arising in connection with it. The duration of the processing is the performance of the contract plus five years (general time limit for civil claims).

VII. invoicing of travel services

  • name
  • e-mail address (telephone number)
  • subject matter of the contract (e.g. period, destination, accommodation classification, number and date of birth of children, meal requirements, relevant medical data)
  • address
  • tax number

The legal basis for the processing of the data is the performance of the contract and the resolution of any disputes that may arise in connection with it. The duration of the processing is eight years from the last day of the year in which the invoice was paid plus eight years (limitation period for tax liability).

 

3. Processing of contact details in the case of contracts not concluded with a private individual

The Data Controller is entitled to process certain personal data of employees and other agents of the (non-natural person) contracting partner for the performance of contracts concluded by it.

The purpose of the processing is to maintain contact with the contracted partner, to make the necessary declarations for the performance of the contract, to carry out other actions (e.g. delivery, complaint handling, take-over procedure, etc.).

Legal basis for processing: legitimate interest of the contracting parties in the performance of the contract.
Data processed: name, name and address of place of work, job title, e-mail address, telephone number (company), fax number (company).
Duration of data processing: data processing takes place during the contract. After the termination of the contract, the data is deleted unless it is included in the main text of the contract, in which case the data is processed by the Data Controller for the period required by the applicable legal provisions (e.g. general limitation period, tax limitation period). In the event of an objection by the Data Subject, the processing will be terminated by the Controller if the objection was lawful.

Transfer of data. In addition to the above cases, a transfer to the data controller may also take place on the basis of a legal requirement.

4. Managing CVs

Legal basis for processing: the processing of CVs is carried out with the consent of the data subject.

The data are processed solely for the purpose of providing support and advice to the Applicant on the basis of his/her application, voluntary disclosure of data, in relation to his/her future employment, and to examine the possibility of employment of the Applicant for the indicated positions, to invite him/her for an interview and to interview him/her. In addition, if no employment relationship is established, the CV will also be stored for one year from the date of submission of the CV in order to contact the Applicant with any future employment offers (duration of data processing). After this period, the CV will be deleted/destroyed. In the case of a fixed employment contract, the CV will be destroyed once the employment relationship is established. In case of withdrawal of consent, the CV will be deleted/destroyed.

No data will be transferred. Access to applicants’ data will be restricted to employees of the HR department or the head of the area for which the applicant is applying. Scope of the data processed: according to the CV.
Consent is a prerequisite for the conclusion of the contract, possible consequences of not giving it: the Data Controller cannot employ the Candidate without consent, given that it cannot take an informed decision on the employment in the absence of a CV.

 

V. Access to data, disclosure of data to third parties, storage of data

 

1. General provisions

The Data Controller shall ensure that data protection is provided by default and by design. To this end, the Data Controller shall apply appropriate technical and organisational measures in order to:

precisely control access to the data;
Allow access only to those persons who need the data to perform the task for which they are collected, and then only to the minimum necessary for the performance of that task;
carefully select the data processors it engages and ensure the security of the data through appropriate data processing contracts;
ensure the integrity (data integrity), authenticity and protection of the data processed.

2. Transfers, processing, access

The Data Controller shall endeavour not to disclose any of the Data Subjects’ data to third parties. However, in certain cases, the disclosure of data cannot be avoided. The Data Controller will primarily disclose data to third parties in the following cases:

Disclosure to public authority(ies): in connection with the establishment, performance and termination of contracts or participation in events, the Data Controller may be subject to reporting obligations arising from legal requirements. In this respect, data is primarily transferred to the NAV, the OEP, the National Tax Authority. Other data may also be disclosed in response to a request from the authorities or based on suspicion of a criminal offence.
Disclosure of contact details: it may be necessary to maintain contact with customers, partners and other persons as a result of the performance of contracts. In this respect, the Data Controller may be entitled to disclose to third parties the Data Subject’s company contact details (primarily: name, company e-mail address, company telephone number, position). In such cases, the basic contract will provide for the third party to whom the data will be transferred.
In addition to the cases set out above, the Data Controller may also disclose data to third parties, which may be done in accordance with the legal provisions in force at the time.

3. Storage period

The Data Controller shall store the data for the period specified above for each purpose of data processing, after which the data shall be destroyed. The storage period of the data shall also be subject to the legal provisions in force at the time, i.e. if a legal provision requires the data to be stored beyond the period specified above, the Data Controller shall be entitled to store the data for the period specified in the legislation.

 

VI. Data protection measures taken by the Data Controller

 

The Data Controller shall implement reasonable physical, technical and organisational security measures to protect the Data Subjects’ data, in particular against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure, use, access or processing. The Data Controller shall immediately notify the Data Subject of any known unauthorised access to or use of personal data which is known to the Data Controller and which presents a high risk to the Data Subject.

 

VII. Remedies

 

Each participant has the right to request information about the processing of his/her personal data, to access, modify, correct, block or delete his/her personal data. A participant has the right to receive the personal data concerning him/her that he/she has provided to Régió-10 Ltd. in a structured, commonly used, machine-readable format. Upon the participant’s request, Régio-10 Kft. will transfer these data to another data controller. Furthermore, the participant has the right to object to the communication of his/her personal data within the limits of the law.

If you have any questions or comments regarding data protection, please contact info@regio10.hu. The participant may exercise the above (data subject) rights only by sending an e-mail to info@regio10.hu or by sending a postal letter to the address of Régió-10 Kft. (H-6720 Szeged, Dugonics tér 12.). In addition, the data subject may lodge a complaint by sending an e-mail or a letter to the aforementioned addresses. Régió-10 Kft. will respond to the participant’s request or complaint within 25 days; in case of the participant’s objection to data processing within 15 days. We recommend that if you wish to make a complaint or comment, you should first contact Régió-10 Kft.

In relation to the processing of your personal data, the data subject may initiate proceedings before the data protection authority (National Authority for Data Protection and Freedom of Information, hereinafter referred to as the “NAIH”). The contact details of the NAIH are as follows:

Official e-mail address: ugyfelszolgalat@naih.hu
Postal address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c
Telephone number: +36 (1) 391-1400
Website: https://www.naih.hu/

In case of violation of the participant’s rights, the participant may bring an action against Régió-10 Kft. before a court (tribunal) within 30 days of the date of notification of the decision or the last day of the deadline available to Régió-10 Kft. as data controller. The participant may decide to bring any legal action before the court of the place of residence or domicile.