We kindly ask you to read carefully this information about data processing, in which our company informs its website visitors about processing and protecting data, and about the right of the data’s subject. If you are under 18, please read this information with your legal representative.
In case of any questions or comments, please contact us: firstname.lastname@example.org,
phone: +36 12250210. Company registration number for data handling NAIH-89669/2015.
Let us introduce ourselves: whom you process your personal data and how you can contact us.
Diamond Congress Ltd. (seated: 1012 Budapest, Vérmező út 8, central and head office: 1015 Budapest, Csalogány utca 28.) is a Hungarian resident business company providing conference organizing services as core activity for more decades.
Diamond Congress Ltd.
Seat: 1012 Budapest, Vérmező út 8. II/4/a
Central office: 1015 Budapest, Csalogány utca 28.
EU VAT number: HU10946130
Contacts: details: email@example.com, +3612250210, www.diamond-congress.hu
Company registration number for data handling NAIH-89669/2015.
Represented by: Attila Varga, managing director, Róbert Hohol company leader
In case of data protection queries, please contact us above or our consultant:
Dr. Zsuzsanna Árva
- Email: firstname.lastname@example.org
- Phone: +36203637567
Whose data are subject of data processing?
Our data procession regulation and information governs the procession of natural person’s data, i.e. governs all data processions in which our company acquires data that may be connected to natural persons, may identify natural persons. During providing our activities, first of all, we acquire data of conference participants that are necessary to fulfil the services ordered by them. We mainly acquire data from the natural person himself/herself registering in the conference database, sometimes by the former organiser of the given conference or the professional organising body.
Which regulations govern the data procession?
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
Law Nr CXII from the Year 2011 about the information self-governing right and the freedom of information
Opinions of the Commission’s Working Group Nr 29 and of the National Data Protection Office.
Which principles are regarded by us during data procession?
Our company processes data according to the regulations of the GDPR regarding the following principles:
- lawfulness: the company has in the regulation determined legal basis for data procession, the data procession is reasoned
- fairness: the data procession occurs according to the legal regulations regarding the interests of the data’s subject
- transparency: the data procession may be followed in all steps of the process
- limited purpose: the data will be processed only according to the goal determined in advance about which the data subject has been informed
- data minimization: data will be collected in quantity and so long till it is necessary to the legal basis
- accuracy: data will be registered according to its real content, that is why we ensure the right for updating, limiting and right of erasure
- storage limitation: we store the data only to the legal basis necessary time
- integrity and confidentiality: we ensure access to data only to persons whose access is necessary for fulfilling the services or for the determined goal.
Why are my data processed?
You have consented the data processing as follows:
Our webpage visitors (hereinafter: visitors) may register at their own will and give voluntarily data, with which they may be identified (name, e-mail address, contact data, address, profession, working place) other data given by the visitor voluntarily). With providing the data voluntarily the visitor consents that the exclusive operator of the webpage i.e. our company processes the data according to the principles set up in this information. Please take all the necessary measures to keep your user id and password confidential. Please give us only those data that are necessary to keep contact with you.
Abstracts, posters, e-mails
As it is common by scientific conferences, participants may publish lectures, studies, posters that may be collected in abstract books. The programme book of the conference includes furthermore the name and e-mail address, sometimes scientific degree or other data of the participants.
Lectures, posters, programme and abstract books will be preserved during the Diamond Congress Ltd. exits because of legal interest to reference. We draw your attention that these materials will be provided to the participants, i.e. it becomes publicly available.
Our company processes the data to fulfil the conference services:
We have to process your data to fulfil the conference services. Data processed: name, address, contact information (telephone, e-mail), invoice address, and card number in case of credit payment by mail order authorisation. Other eventual necessary data: data of workplace.
Furthermore our company may process your data if it may prove the legal interest regarding your data processing.
Sometimes the data processing is a legal obligation to us to fulfil tax and duties administration.
How do we process your data?
Our company processes the provided personal data and information only in connection with the goal of the data providing of the participants, and uses only to fulfil the requests of the participants, to communicate with her/him. The goal of the data processing is the fulfilment of the information requests, communication with the visitor, and fulfilment of the services.
Diamond Congress Ltd. collects, processes, stores and deletes the data according to its contracts or the legal regulations.
Diamond Congress Ltd. processes the data to third persons only in the following cases:
- to subcontractors contributing in the fulfilling of the service, and with whom we sign data procession contract, or
- if the procession to third person is requested or previously consented by the data’s subject or
- we are legally obliged.
Please contact us if you wish to be informed about our data administrators. With our data administrators in every case we conclude data procession contract, in which our administrators oblige themselves to process the data according to legal regulations and this information is given to you.
Diamond Congress Ltd. erases the data if the data’s subject requests us in writing to do so, except we are obliged to preserve the data by the law. We erase the data also, if there are no legal obligations or they are not necessary to prove the delivery of contracted services, or we also erase the data which are processed exclusively according to your consent and you ask us in writing to do so.
Electronic data are erased in such way that their restoration should not be possible; paper data will be erased by erasing machine or by companies whose main activity and profession is the erasing of official documents.
Data will be collected by Diamond Congress Ltd. electronically. Data connected to employees and contracts are available on paper as well. Paper data will be stored on the seat or subsidiary of Diamond Congress Ltd. in folders. Only the authorised employees may have access to the necessary data, other persons have no possibility to access (closed shelves and rooms).
Employees are informed about their right to access and about their obligation to hinder unlawful access (pay attention to key, not entitled third person may not be left alone by open shelves).
Electronically collected data are stored and protected as follows: they are stored on servers at the central office of Diamond Congress Ltd. A multi-level firewall system cares about the outer protection of the information net of Diamond Congress Ltd.
The protection of data in databases are ensured by a two-level access protection system. On data base level data can be accessed directly only by the system administrator, other persons may have access to stored data only through an application connected to the data-base. These applications use own user identification.
In the application zone the Apache server accepts real data and commands only from local terminals (from HAProxy), and after having built the secure data connection and having been convinced that the queries are real, will only serve towards the Internet. The software written in Apache PHP5.2 running environment communicates directly with the MySQL data base located in DB zone. Both the application zone and DB zone marked by green are totally isolated from the direct Internet side.
Erasure of data on request are fulfilled by an employee having access to data, in other cases, permanently, but at least the data will be supervised annually and if their storage is not necessary any more, they are erased by the entitled employees.
Do I have access to my data?
Conference participants may modify their data in the registration system. In case the modification does not work, please contact us, and we do the amendments.
How long are your data preserved?
In case your data are processed according to your consent and there is no other legal basis (e.g.: delivery of contract), we preserve your data, till you revoke your consent or there is no goal for the procession and you consent the erasure.
In case we process the data on contractual basis we preserve the data for 5 years from the termination of contract, those data which are bases for annual balance are preserved 8 years from the termination. After this time period we erase the data.
In case there is legal interest for the processing of data we preserve them till we may prove the legal interest; if there is no more legal interest, we store them for 5 years from the termination of the legal interest.
What shall I know about cookies, other loggings?
Furthermore during the use of our applications your browser may send us automatic information when you open or use a web address such data as: IP address, opened webpage, activity logging. We may get information about the used hardware as type, operation system, its settings or individual identities. These pieces of information depend on your settings, so we suggest to study the user’s menu, user’s guide regarding information-technology, -security before using the hardware.
Diamond Congress Ltd. informs you about cookies also on its homepage and ask for your consent. We do not collect, or store data accessed from cookies.
Why do I get newsletters, what rights do I have regarding newsletters?
Diamond Congress Ltd. sends newsletters (typically conference circulars) only if the data’s subject has given his consent (on paper in writing, in email, or ticked on the internet). We inform you at the bottom of the newsletter about your rights: about the possibility to unsubscribe, or to rectificate your data. In case you unsubscribe, your data will not be stored or processed any more for the goal of newsletter sending.
What kind of rights do I have regarding my data procession?
- Right for information
You have right to get understandable information for what reason, which data, how and for how long will be processed by our company. To give you the information we need to identify you, and because of this, we may give you the information only personally in previously agreed office time or you may request it in writing. In case of written request you need two witnesses on the request, in case of requests submitted by e-mail, we give the information only to the email address processed by us. If you may not send the request from the e-mail address processed by us, please send it us per post authorized by two witnesses. We fulfil the request free of charge within 15 days from the receipt.
- Disposition with the data:
right to rectificate, protest, limitation and erasure, data portability
For the request of data’s subject Diamond Congress Ltd. rectificate or supplement the inaccurate personal data without delay.
The data’s subject may protest any time against the procession of her/his data on basis of public interest, execution of public service, legal interest. The data controller may process the data further only if she/he proves that the procession is reasoned by righteous reasons with forcing effect, which have priority against the interests, rights and freedoms of the data’s subject, or they are in connection with submitting, validation or protection of legal claims. If the data’s subject protests against the procession on basis of direct business purposes, the personal data may not be processed further on this legal title.
On the request of the data’s subject the data controller limits the procession, if the accuracy of the data is disputed, the procession is unlawful, but the data’s subject does not ask for the erasure only for limitation, the data controller does not have legal basis for the data, but the data’s subject requests the procession to validate some of her/his rights during the time of the examination in which the lawfulness of the data procession will be examined. About the lifting of the limitation the data’s subject must be informed.
On the request of the data’s subject, in case of the revoke of her/his consent, for her/his protesting the data controller erases without delay the personal data regarding the data’s subject, except for other legal basis the procession is necessary, or public interest reasons the procession, or it is necessary for submitting, validating, protecting legal claims. Data must also be erased in case they have been processed unlawful or their erasure is obligatory according to law.
The Diamond Congress. Ltd informs about the rectification, limitation, erasure of the data the data’s subject, except the information is impossible or needs special force.
- Legal remedy
The data’s subject is entitled to submit a complaint to the authority appointed for this task. Against the decision or silence of the authority the data’s subject may appeal to court. The data’s subject is entitled to go to court in case of unlawful procession of her/his personal data.
May unauthorized third person access to my personal data?
We speak about personal data breach in case your data is accessed by unauthorized third person, or there is a danger of accession.
No personal data breach occurred by Diamond Congress Ltd. in the last decades. The following possible risk may occur:
- loss, steal of hardware containing data (laptop, mobile phone)
- attack against server
- ensuring wilful or negligent access to third unauthorized persons to personal data.
Hindering the above risks, Diamond Congress Ltd:
- allows access to personal data only to those, to whom it is necessary to work, the access is ensured by user’s id and password,
- permanently supervises its information security system, servers and ensures the security on the level reasonably expectable of an information technology services rendering company; Diamond Congress Ltd. ensures the necessary hardware,
- informs the employees about the necessary data protection measures.
In case any of the employees of Diamond Congress Ltd. notice a personal data breach, they report it to the managing director, who appoints the person without delay, who is responsible for investigating within 24 hours: the data’s subject whose personal data have been injured, and the possible risks. She/he suggests without delay how to process the data breach and informs the director. The general manager decides about the necessary measures that are able to avoid, prevent but at least minder the damages.
In case the data breach has high risk for the rights and freedom of the data’s subject, Diamond Congress Ltd. informs the data’s subject about the data breach without reasonable delay with the following content at least: character of the breach, contact person and contact information, possible risks from the breach, measures for remedy.
Present data procession information enters into effect on the 25th of May 2018. Matters not regulated in the present information are governed by the GDPR and the relevant Hungarian regulations.
Budapest, 25 May 2018.
Attila Varga, managing director