Dare to Change Ltd.
DATA PROCESSING INFORMATION
The operator of the website www.recruitechcee.com is Dare to Change Limited Liability Company (registered office: Hungary, 1039 Budapest, Kalászi Street 20., company registration number: 01-09-206488, hereinafter referred to as the Data Controller). The Data Controller hereby informs users, customers, and partners about data processing related to the website and the services provided by the Data Controller, in accordance with Act CXII of 2011 on Informational Self-Determination and Freedom of Information and Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as GDPR).
The Data Controller acknowledges the content of this data processing information as binding. The Data Controller attaches great importance to respecting the right to informational self-determination of its partners, users, customers, and all other data subjects. Therefore, personal data is treated confidentially, and all necessary measures are taken to ensure the security of the data.
During data processing, Dare to Change Ltd. complies with the guidelines of the National Authority for Data Protection and Freedom of Information, as well as the applicable legislation on data processing, in particular:
Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Elker. tv.),
Act C of 2003 on electronic communications (Eht),
Act CXII of 2011 on informational self-determination and freedom of information (Infotv),
Act XLVIII of 2008 on the essential conditions and certain limitations of commercial advertising activities.
The Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as GDPR) also applies.
2.1. Website: The entirety of content and services available under the domain www.recruitechcee.com, where users can obtain information about the activities of the Data Controller.
2.2. Event: The event named "recruiTECH CEE" organized by the Data Controller, which will take place on May 22-23, 2024.
2.3. Data Subject: Any identified or identifiable natural person in the course of data processing. This includes customers, users, presenters, and all those whose personal data is processed by the Data Controller.
2.4. Customer: A person who purchases a conference ticket for the Event and attends the event.
2.5. User: A person using the internet interface. The services of the website can only be used by individuals over 18 years of age.
2.6. Recipient: Business partners of the Data Controller to whom the Data Controller transmits data.
2.7. Presenter: Natural persons giving presentations at the Event.
2.8. Personal Data: Any information relating to the Data Subject. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
2.9. Data Processing: Any operation or set of operations performed on data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
2.10. Data Controller: Dare to Change Ltd (Hungary, 1039 Budapest, Kalászi Street 20., company registration number: 01-09-206488), who determines the purpose of data processing, makes decisions regarding data processing, and carries it out, or has it carried out by a data processor authorized by them.
2.11. Data Processing: Performing technical tasks related to data processing, regardless of the method and means used to perform the operations, as well as the location of the application.
2.12. Data Processor: A natural or legal person, or an organization without legal personality, who or which processes personal data on behalf of the Data Controller.
2.13. Consent: Any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2.14. Data Transmission: Making data accessible to a specific third party.
2.15. Disclosure: Making data accessible to anyone.
2.16. Data Erasure: Making data unrecognizable in such a way that its restoration is no longer possible.
2.17. Data Destruction: The complete physical destruction of data or the data carrier containing it.
2.18. Objection: A statement by the Data Subject in which they object to the processing of their personal data and request the termination of the data processing or the deletion of the processed data. In this case, the Data Controller may not continue processing the personal data, unless they can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject, or for the establishment, exercise, or defense of legal claims.
2.19. Data Blocking: Making it permanently or for a specified period impossible to transmit, know, make public, transform, alter, destroy, erase, link, or harmonize the data, and to use it.
2.20. Third Party: A natural or legal person, or an organization without legal personality, who or which is not identical with the Data Subjects, the Data Controller, or the Data Processor.
2.21. Data Processing Information: Considering that a contract between the Data Subjects and the Data Controller is concluded with the use of the Data Controller's services, the visit to the Website, and the contractual relationship with the Data Controller, and personal data processing occurs in connection with this, the Data Controller informs the Data Subjects in accordance with the relevant legal provisions through this data processing information. The Data Controller reserves the right to modify this data processing information within 15 days if there are substantial changes in the data processing, and to publish it on the Website.
The Data Controller informs the Data Subjects that by entering into a contract with the Data Controller and by accessing the Website and using its functions, they acknowledge without any further declarations that they have become aware of the content of this Data Processing Information.
3. DATA PROCESSING:
Our data processing activities are based on the legal grounds provided by Article 6(1) of the GDPR:
a) Consent: The data subject has given consent for the processing of their personal data for one or more specific purposes.
b) Contractual Necessity: Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
c) Legal Obligation: Processing is necessary for compliance with a legal obligation to which the controller is subject.
d) Vital Interests: Processing is necessary to protect the vital interests of the data subject or of another natural person.
e) Public Task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
f) Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
3.1. Processing of Personal Data of our Customers:
Scope of Data Subjects: Customers who purchase conference tickets for the Event.
Purpose of Data Processing:
b) Sending conference tickets,
d) Enforcement of rights and claims.
Categories of Processed Data: Name, phone number, email address, address, company name, position.
Legal Basis for Data Processing: a) to c): Article 6(1)(b) GDPR - Contractual Necessity, d): Article 6(1)(f) GDPR - Legitimate Interest.
Source of Data: Data subject.
Data Deletion Period: 8 years after the performance of the contract.
Data Transmission: In accordance with section 3.8.
During data storage, data may be transferred to a data processor based in the USA.
3.2. Data Processing of Contact Persons of Corporate Customers:
Scope of Data Subjects: Contact persons of our corporate customers.
Purpose of Data Processing: Communication, contract performance, enforcement of rights and claims.
Categories of Processed Data: Name, phone number, email address, position.
Legal Basis for Data Processing: Article 6(1)(f) GDPR - Legitimate Interest.
Source of Data: Our corporate customers.
Data Deletion Period: 5 years after the termination of the contract. If the data forms part of the contract, the data will be deleted after 8 years from the termination of the contract, in accordance with accounting regulations.
During data storage, data may be transferred to a data processor based in the USA. No data transfer to other data processors will occur.
3.3. Data Processing for Marketing Purposes and Newsletter Sending:
A/ Marketing Outreach:
People who have previously purchased conference tickets from the Data Controller or used any of their other services will be contacted via phone or email with offers related to our current products.
Data Subjects: Previous customers
Processed Data: Name, phone number, company name, position, email address
Purpose of Data Processing: Providing information about services
Legal Basis for Data Processing: GDPR Article 6(1)(f) - legitimate interest
Data Retention Period: Data will be stored until the Data Subject objects.
The Data Controller will also contact those who have previously provided their data and consented to the processing of their personal information. In this case, the legal basis for data processing will be GDPR Article 6(1)(a) - consent. The data will be processed until consent is withdrawn, after which the data will be deleted.
To object to the processing of personal data, withdraw consent for marketing outreach, request data deletion, or modify provided information, please contact us at firstname.lastname@example.org or send a letter to: Dare to Change Ltd., Hungary, 1039 Budapest, Kalászi utca 20.
If a Data Subject requests the deletion of their personal data, and the Data Controller complies, the Data Controller commits to instruct all Data Processors to delete the Data Subject's personal data.
B/ Newsletter Sending:
Data Subjects: Recipients of the newsletter
Processed Data: Name, email address
Source of Data: The Data Subject
Purpose of Data Processing: Sending newsletters containing information and economic advertising, business offers, direct marketing outreach to interested parties, and maintaining contact.
Legal Basis for Data Processing:
The Data Subject's consent, GDPR Article 6(1)(a), Section 13/A of the Information Act, and Section 6(5) of the Trade Act. If you have previously purchased conference tickets from the Data Controller, the legal basis for data processing will be GDPR Article 6(1)(f) - legitimate interest.
Data Retention Period: Until consent is withdrawn, until unsubscribed from the newsletter, until objection to the processing of personal data, or until a request for data deletion is received.
To withdraw consent for sending direct marketing messages and to delete personal data, or to request modification of provided data, please contact us at:
Postal Address: Dare to Change Kft, Hungary, 1039 Budapest, Kalászi utca 20.
Or by clicking on the "unsubscribe from the newsletter" link in the newsletter.
If you initiate the deletion of your personal data and the Data Controller complies, the Data Controller commits to instructing all Data Processors to delete your personal data. The Data Controller is not allowed to link or supplement the provided data with data from other databases without the consent of the Data Subject.
Data transfer may occur to a data processor based in the USA during marketing contacts and newsletter sending.
3.4. Data Handling for Event Orders:
Scope of Data Subjects: Customers participating in the Event.
Purpose of Data Handling:
Sending information and offers
Range of Processed Data: Name, phone number, email address, company name, position
Legal Basis for Data Handling: Consent of the Data Subject, Article 6(1)(a) of the GDPR
Source of Data: Data Subject
Date of Data Deletion: The Data Controller manages the data until the withdrawal of consent. Upon receipt of a request for consent withdrawal or data deletion, the Data Controller promptly deletes the data.
Data Transfer: As per point 3.8.
3.5. Data Handling for Event Speakers:
Scope of Data Subjects: Speakers giving presentations at the Event.
Purpose of Data Handling: Promoting the Event, disseminating knowledge
Range of Processed Data: Name, phone number, email address, image and sound recordings of the presentation
Legal Basis for Data Handling: Consent of the Data Subject, Article 6(1)(a) of the GDPR
Source of Data: Data Subject
Date of Data Deletion: The Data Controller manages the data until the withdrawal of consent. Upon receipt of a request for consent withdrawal or data deletion, the Data Controller promptly deletes the data. In the absence of withdrawal, the data will be deleted after 5 years following the Event.
Data Transfer: As per point 3.8.
3.6. Data Handling for Contests
The conditions, terms, scope of processed data, purpose, duration, legal basis, possibility of data correction, data controllers authorized to access the data, and the rules of the contest are included in the regulation of the contest.
3.7. Data Handling through Automatic Data Collection Related to the Website
Subjects of Data: Users visiting the website
Processed Data: IP address, country, used browser, type and version of device and operating system, used language, time and frequency of visits, time spent on the website, openings
Source of Data: Automatically collected by the Data Controller
Purpose of Data Handling: Smooth operation and development of the website, user recognition, creating statistics
Legal Basis for Data Handling: GDPR Article 6(1)(f): legitimate interest
Data Deletion Date: 2 years from the visit
Data Transfer: Not performed
Cookies are small text files containing data that are created by the visited page. If allowed, these files are stored on the User's computer. Their content includes the websites and advertisements you visited and searched for. The cookie itself cannot identify you in any way, it can only identify your computer.
The cookies used by the Data Controller serve the following purposes:
Gain more insights into our customers' information usage habits in order to further improve the quality of our services. For this reason, we use these so-called functional cookies to collect data such as relevance, recommendations, searches, openings, as well as data about the most important and frequently used functions.
Enhance the convenience of using the website and analyze the operation of the site.
Determine whether you have visited our website before, and help identify the functions/services that may be of most interest to you.
Other Third-Party Cookies:
The Data Controller may also use tracking identifiers in their newsletters or other services for the purpose of improving and tracking user habits.
If you do not want Google Analytics to use your data, you can install the Google Analytics Opt-out Browser Add-on.
3.8. General Rules for Data Transmission
With the consent of the Data Subject, the Data Controller transmits the data to the Recipients through an encrypted channel, who, as independent data controllers, further process the personal data of the Data Subject based on their own data processing information. The Data Controller is not responsible for the data processing of the Recipients in compliance with legal regulations and their own data processing provisions.
By accepting this Data Processing Policy, the Data Subject declares that they are aware that the data managed by the Data Controller will be transferred to the Recipients based on the commissioning of the data processing, billing, accounting, claims management, delivery, customer service personnel, as well as the authorities entitled to settle legal disputes according to the law, and the sponsor(s) of the event: ######, ######. The individuals receiving the personal data in accordance with the above provide services to the Data Controller, primarily operating in Hungary or within the European Economic Area. These individuals act in accordance with the instructions of the Data Controller regarding the data and may not use the data for a purpose other than that for which it was intended, and they are bound by confidentiality and data protection obligations.
The Data Subject may assert their rights to information self-determination related to data processing (request for information about data processing, request for correction, blocking, deletion of personal data, objection to the processing of personal data) with the Data Controller and directly with the Recipient at the contact details provided at the time of contact.
The Data Controller undertakes to forward the requests submitted by the Data Subjects concerning the processing of their personal data related to data processing by the Recipients and informs the Recipient whether they have complied with the request. The Data Controller takes all measures expected of it to ensure that the Recipient responds to the request and complies with it. Upon receipt of the response from the Recipient, the Data Controller also informs the Data Subject.
Please send your request to both the Data Controller and the Recipients involved in data transmission.
During the storage of data, data may be transferred to a data processor based in the United States.
4. RIGHTS OF THE DATA SUBJECT, REMEDIES:
The Data Subject may request information about the processing of their personal data, request correction, and - in the case of consent-based data processing - deletion, restriction, withdrawal, and in certain cases, object to the processing of their personal data.
Right to Information:
The Data Controller provides the Data Subject with all information and details regarding the processing of personal data in a concise, transparent, clear, and understandable manner. The right to information may be exercised in writing. Information may also be provided verbally to the Data Subject - after verifying their identity.
Right to Access:
The Data Subject is entitled to receive feedback from the Data Controller regarding whether the processing of their personal data is in progress, what personal data is being processed, for what purpose, for how long, who it is transferred to, where it originates from, and what rights they have in connection with this.
The Data Controller provides this information within 30 days from the submission of the request.
Right to Rectification:
The Data Subject may request the correction of inaccurate personal data concerning them that is processed by the Data Controller, as well as the completion of incomplete data.
Right to Erasure:
The Data Subject is entitled to request the Data Controller to promptly erase their personal data if any of the following reasons apply:
The personal data is no longer needed for the purposes for which it was collected or otherwise processed.
The Data Subject withdraws their consent, and there is no other legal basis for the processing.
The Data Subject objects to the processing, and there are no overriding legitimate grounds for the processing.
The personal data has been unlawfully processed.
The erasure of personal data is required to fulfill a legal obligation under Union or Member State law applicable to the Data Controller.
The personal data has been collected in relation to the offer of information society services.
Data erasure cannot be initiated if the processing is necessary for compliance with a legal obligation which requires processing by Union or Member State law to which the Data Controller is subject, or for the establishment, exercise, or defense of legal claims.
Personal data can only be requested for erasure if the Data Controller processes the data based on the Data Subject's consent. If the withdrawal of consent pertains exclusively to direct marketing activities, the Data Controller will only remove the Data Subject from the direct marketing database, but may still be entitled to process the Data Subject's personal data for other purposes.
Right to Object:
The Data Subject has the right to object to the processing of their personal data if it is carried out solely for the legitimate interests pursued by the Data Controller or a third party, including profiling. In this case, the Data Controller may not further process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject, or for the establishment, exercise, or defense of legal claims.
If the personal data is processed for scientific or historical research purposes or statistical purposes, the right to object may be restricted, except if the processing is necessary for the performance of a task carried out for reasons of public interest.
The Data Controller will examine the objection as soon as possible and inform the Data Subject about the outcome within 30 days.
Right to Restriction of Processing:
Upon the request of the Data Subject, the Data Controller shall restrict the processing of personal data if any of the following conditions are met:
The Data Subject contests the accuracy of the personal data, in which case the restriction shall be applied for a period enabling the Data Controller to verify the accuracy of the personal data.
The processing is unlawful, and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead.
The Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise, or defense of legal claims.
The Data Subject has objected to processing, pending the verification of whether the legitimate grounds of the Data Controller override those of the Data Subject.
If processing is restricted, except for storage, the personal data shall only be processed with the Data Subject's consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
The Data Controller shall inform everyone to whom the personal data has been disclosed regarding any rectification, erasure, or restriction of processing carried out, unless this proves impossible or involves disproportionate effort. The Data Subject has the right to be informed about these recipients upon request.
Right to Lodge a Complaint:
If the Data Subject believes that their rights regarding data processing have been violated, they have the right to lodge a complaint with the competent supervisory authority:
National Authority for Data Protection and Freedom of Information (Address: Hungary, 1055 Budapest, Falk Miksa Street 9-11., Mailing Address: Hungary, 1530 Budapest, Pf.: 5., Phone: +3613911400, Fax: +3613911410, Email: email@example.com, Website: http://www.naih.hu)
A decision of the National Authority for Data Protection and Freedom of Information (NAIH) may be subject to judicial review.
In addition to the above, the Data Subject may bring an action against the Data Controller. The court shall proceed with the matter on an expedited basis.
The Data Subject can exercise the above rights by sending an email to firstname.lastname@example.org or by sending a postal letter to the registered office of the Data Controller. The Data Controller undertakes to inform the Data Subject about the measures taken within 30 days from receiving the request.
5. THE DATA CONTROLLER'S DETAILS:
Company Name: Dare to Change Korlátolt Felelősségű Társaság (Dare to Change Limited Liability Company)
Registered Office: Hungary, 1039 Budapest, Kalászi utca 20.
Company Registration Number: 01-09-206488, Tax Identification Number: 25290538-2-41
Represented by: Gábor Toldi, CEO
Phone: +36205959796, Email Address: email@example.com
In case of any issues related to data processing by Dare to Change Ltd, you can contact the Data Controller's representative for data protection matters: Gábor Toldi (phone: +36205959796, email: firstname.lastname@example.org).
6. DATA PROCESSORS:
To carry out the data processing activities, the Data Controller utilizes the following Data Processors:
6.1. Consult-Trator Tanácsadó Iroda Kft.
Registered Office: Hungary, 1033 Budapest, Polgár utca 1. II/10.
Company Registration Number: 01-09-931375, Email: email@example.com
Purpose of Data Processing: Accounting, payroll
Scope of Data Concerned: Data necessary for performing the task. The Data Processor may not use the personal data for purposes other than the performance of the task.
Registered Office: 675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308 USA
Purpose of Data Processing: Newsletter sending
Registered Office: 25 First St., 2nd floor, Cambridge Massachussuetts 02141 USA
Purpose of Data Processing: Database management
Registered Office: HU-9022 Győr, Bajcsy-Zsilinszky út 59 fszt
Purpose of Data Processing: Server hosting
6.5. Openonline Kft
Registered Office: Hungary, 9231 Máriakálnok, Orgona utca 31.
Company Registration Number: 08-09-024464
Purpose of Data Processing: Preparation of name tags for conference/event participants, management of the Data Controller's Google Analytics account.
Scope of Data Concerned: Names of participating individuals. Data appearing in the Data Controller's Google Analytics account (name, email address). The Data Processor may not use the personal data for purposes other than the performance of the task.
6.6. Hosting Service Provider
The Data Controller reserves the right to engage additional data processors in the future, and will inform the Data Subjects of such changes by modifying this Data Processing Information.
6.7. rentIT Kft.
Registered Office: Hungary, 2030 Érd, Festő utca 93.
Company Registration Number: 13-09-155650
Purpose of Data Processing: Providing ticket purchase, registration and on-site access for participants
Scope of Data Concerned: Name, position, email address, phone number. The Data Processor may not use the personal data for purposes other than the performance of the task.
7. DATA PROTECTION:
The Data Controller processes personal data solely for the purposes and duration specified in this Data Processing Information. The Data Controller only processes personal data that is essential for achieving the purpose of data processing and suitable for that purpose.
The Data Controller protects personal data against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental destruction, damage, and becoming inaccessible due to changes in the applied technology. The Data Controller ensures the integrity of personal data and that only those who are authorized or have a task related to the data processing have access to the personal data.
The Data Controller commits to instruct any third parties to whom the data is transmitted or provided with the consent of the Data Subject to comply with data protection requirements. The Data Controller also imposes this obligation on its employees and data processors involved in data protection activities.
The computers of the Data Controller are protected by antivirus programs and passwords. The use of external data carriers is restricted and only allowed under safe conditions after verification. Backups of the data are made to external data carriers, which are securely stored.
If the Data Controller becomes aware that the user provided the personal data of another person during registration or caused damage during registration, the necessary measures will be taken to compensate for the damage and hold the offender accountable.
The employees of the Data Controller are regularly trained on the requirements of data and information security. The Data Controller also complies with data security requirements in document management.
In the event of a data protection incident, a report will be submitted to the supervisory authority and a record will be kept within 72 hours in accordance with our incident management policy.
The Data Controller does not assume responsibility for the unlawful hacking of its database or for the authenticity of the data provided by the Data Subject.
8. IMAGE AND AUDIO RECORDING:
The Data Subject acknowledges and gives consent that photos, audio, and video recordings will be taken at the Event, and all or part of it may be broadcasted by the media. The Data Subject may appear and be recognizable in these recordings or broadcasts.
Budapest, November 6, 2023.
9. CONTACT INFORMATION
You may at any time contact Dare to change Ltd. at the address here below.
Dare to change Ltd
Address: HU-1039 Budapest, Kalaszi utca 20.
Business ID: 01-09-206488
EU tax number: HU25290538