In line with Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (the “Information Act”), this Data Management Notice lays down the data protection related rules governing the use of Szarvas International Jewish Youth Campoperated by JDC Hungary Foundation (“Controller”) and of related information, registration (application) on reg.szarvas.camp.
1. The Controller
Name: JDC Hungary Foundation
Registered seat: 12 Síp str., 1075 Budapest, Hungary
Address data processing: 12 Síp str., 1075 Budapest, Hungary
Website of actual data processing: szarvas.camp
E-mail: info kukac szarvas.camp
2. The purpose of data processing
The purpose of data processing is to enable the Controller to learn more about the participants, better preparation for the season of Szarvas International Jewish Youth Camp, and to ensure adequate level of security in case of online registration, including especially the following purposes:
- improving the quality of the services of the Controller;
- organising data required for making online registration (application);
- administrative and legal purposes, including without limitation the keeping of internal records;
- developing the content of the szarvas.camp according to the needs of our visitors;
- exercising and performing the rights and obligations arising from our contract with the Guest;
- sending newsletters via e-mail regarding the activity of the Controller (e.g. promotions, notifications, offers, programme leaflets, reminders).
- customer support for the user in case of online payment, confirming transactions and fraud-monitoring.
The Controller does not use the data for any purpose other than those mentioned above.
The Controller applies cookies at the szarvas.camp website. Cookies are small files of information stored by your browser on your hard drive. Cookies allow web applications to adjust their operation to your preferences, likes and dislikes, by collecting and storing preference-related information.
Data subjects include adults, as well as minors when an adult Guest provides the personal data of any minor during registration (“Guest”). (To protect minors, only legal guardians over 18 can register.) During the registration, each Guest creates a password that is used to log in our website. Guests and their legal guardians are responsible for keeping their password confidential. Do not share your password with any third party.
5. Application, bank card purchase, invoicing
The Guest accepts that in the course of buying the tickets online JDC Hungary Foundation at reg.szarvas.camp to provide the following personal data stored in its user database to Barion Payment zRt. (Infopark sétány 1., Budapest 1117): family name, given name, e-mail address. The Controller does not tie the information provided during the online ticket purchase process on the payment (whole name, e-mail address, phone number, post code, city, address) to the data of registration, but process it among the data of the Controller pertaining to ticket purchase, and transfer it to the JDC Hungary Foundation invoicing software in order to provide the electronic invoice.
6. Sending newsletter via e-mail and/or post
At the registration the Guest agrees with sending him newsletters via e-mail and/or post regarding the activity of the Controller (e.g. promotions, notifications, offers, program leaflets, reminders).
The Controller keeps records about the recipient’s Personal data which is set out in paragraph 8. until the recipients Opt-out from the Additional Service. In case of Opt-out the Controller deletes immediately all of the Personal data of the recipient from the records and henceforth the Controller does not send newsletters to the recipient anymore.
7. Camera usage, making pictures and videos
The Controller operates electronic surveillance equipment (cameras) in the Szarvas International Jewish Youth Camp. By the online registration the Guest is informed that the Operator may take individual photos, group pictures and make individual and/or group or landscape videos during his or her presence in the Szarvas International Jewish Youth Camp, and the Operator may use these group pictures and videos online (Webpage, facebook, Instagram, youtube, twitter, etc.). This information is deemed to be accepted by the Guest when entering the Camp (consent implied by conduct).
These recordings are “mass recordings” under Act 2:48 of Hungarian Civil Code, which provides that no express consent of the Guest is needed to making and use of this recordings in line with the rules of this section. In the event the purpose of the use or conveyance of the recordings is direct profit, survey or scientific research, the Guest is entitled to protest against it in line with section 16.
8. Legal basis of data processing
Guests consent to the processing (transmission, storage, and processing) of their personal data by providing personal data during registration at szarvas.camp or in Szarvas International Jewish Youth Camp. The Controller takes all reasonable measures to ensure that such data is processed in a secure manner and in line with the rules laid down herein.
Thus, the legal basis of data processing is the consent of the data subject Guest, according to Section 5(1)(a) of the Information Act.
9. Personal data processed by the Controller
9.1 Guests are required to provide all the compulsory data (“Data”) during online registration:
9.2 Guest shall provide the following data during the ticket purchase for invoicing and bank card payment:
- name (surname, first name) (when differs from the camper’s name);
- e-mail address;
- phone number;
Data entered on the Barion payment page (bank card details) will not be disclosed to the Controller, since Barion’s website is fully independent and secure.
9.3 Guests are not required to provide any optional data.
10. Data processing
Data processing is carried out by the Controller.
The Controller agrees not to provide registered Guests with any Additional Service without request or prior consent by, and to make it possible to stop the provision of such services at any time.
11. Period of data processing
Data processing is carried out while the Guest concerned is a registered user, and it is stopped when the Guest requests the termination of his registration or user account. If the Guest requests the termination of his registration or user account, the Controller deletes all Guest data within 10 working days.
The data provided for the online payment during online ticket purchase shall be processed by the Barion Payment zRt. (Infopark sétány 1., 1117 Budapest, Hungary) as controller in compliance with the information provided on the www.barion.com Website
12. Data storage and access
All Data are stored on the servers and computers of the Controller, in printed or digital format, or in computer systems located on the premises of designated third parties.
The processed Data may be accessed only by authorized staff members of the Controller who are involved in the provision of the services relating to the Data. For the purposes specified in this Data Management Notice, the Data may be also accessed by third parties. In such a situation, the Controller is subject to the obligations specified in Sections 9(1) to (5) of the Information Act.
With a view to ensuring the security of the Data, the Controller applies a security system that is at least common in the profession, including the regular updating and extension of that system, and takes any and all reasonable measures to prevent unauthorized persons from accessing the processed Data.
13. Data transfer
The Controller may transfer the Data to third parties in line with this Notice, or in other cases with the prior and voluntary consent of the Guest concerned given on the basis of detailed and exhaustive information. This restriction does not apply, if the Controller is required by law to transfer any Data.
14. Rights of Guests
Guests have the rights specified by the Information Act, and they may contact the Controller via post or e-mail (at the above address) requesting any of the followings:
- information on the processing of his personal data;
- correction of his personal data; and
- deletion or blocking of his or her personal data (except for mandatory data processing)
- declaration of the Controller in connection with the protest against data processing.
Within 30 days of submission of the request, the Controller informs the Guest in writing about the followings:
- the scope of processed data;
- the source of such data;
- the purpose of data processing;
- the legal basis of data processing;
- the period of data processing; and
- the legal basis and recipient of any data transfer.
The information is provided for free, if the request is submitted by a Guest who has not yet submitted to the Controller any other request for information regarding the same scope of data during the same calendar year. In other situations, the information may be provided against a fee.
15. Correction and deletion of Data
If any Data is incorrect and the correct data is available to the Controller, the Controller corrects the data.
A piece of Data must be deleted, if:
- its processing is unlawful;
- requested by the Guest concerned;
- it is incomplete or incorrect, and the situation cannot be remedied in any lawful manner, provided that deletion is not prohibited by law;
- the purpose of the processing is cancelled, or the statutory retention period expired;
- ordered by a court or other authority.
The Controller informs the Guest concerned about any correction or deletion of Data. No notice is required if the correction or deletion does not harm the legitimate interests of the Guest, taking into account the purpose of data processing.
The Guest may withdraw his or her consent granted via registration or other event to handling his or her data (e.g. sending newsletters) anytime in written form by contacting the Controller via post (12 Síp str., 1075 Budapest, Hungary) or sending an e-mail (info at szarvas.camp).
In the event the Guest requires to have his or her registration data deleted or withdraws his or her consent to handling data connected to the registration, it shall automatically lead to the deletion of the Guest’s registration. In this case the Guest may use the Szarvas International Jewish Youth Camp’s services only after a new registration (giving his or her particulars again).
The Guest has the right to protest against the handling of his or her personal data
- if the handling or conveyance of the personal data is required merely to perform the legal obligations applying to the Controller, or if it is required to enforce the legal rights of the Controller, the person who obtains the data or a third party except for mandatory data handling
- if the purpose of the use of the personal data is direct profit, survey or scientific research
- in other cases stipulated by law.
The Contoller shall investigate the claim within 15 days as of date when it was submitted, the Controller shall render a decision whether the claim is well-founded and notify the claimant of the decision in writing. In the event the Guest does not agree with the decision or the deadline is not met, the Guest may turn to court upon receiving the decision or within 30 days after the last day of the deadline for making a decision. In the following, section 21 of Information Act shall apply.
16. Enforcement of claims
Any person may initiate an investigation by the Hungarian National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22c, the “Authority”) by submitting a complaint regarding any violation, or the imminent threat thereof, concerning the processing of the Data. The proceedings of the Authority are free of charge.
Guests may also file a lawsuit in case of any violation to their rights. Such matters are handled by the courts with urgency. The Controller is required to show that the processing of personal data is pursued in full compliance with applicable legislation. Such matters fall within the competence of district courts. Guests may also file the lawsuit with the court having jurisdiction over the place of residence or stay of the Guest concerned.
The website of the Controller may include referrals and links to websites operated by other service providers, where the Controller does not have any influence over the processing of Data. By clicking on such links, visitors are forwarded to websites operated by other service providers. Such websites do not and may not fall within the control of the Controller. Thus, the Controller may not be held liable for any data provision or personality rights related proceedings of such websites.
19. Consent of the Guest
The Guests understand that they consent to the processing of their data freely and voluntarily, and they may withdraw their consent at any time by contacting the Controller by the means specified in the Data Management Notice.