DATA PROTECTION
Sprint Consulting Agile Consulting and Service Limited Liability Company as data controller (hereinafter the Company or the Data Controller) hereunder informs the natural and legal persons using its services (hereinafter Client), the employees of the legal entity’s and its contact persons about their personal data management by the Company.
Company also provides information on the personal data management concerning the visitors of the Company’s www.agilegettogether.hu website and those interested in its services (hereinafter Website Visitors).
By means of this Privacy Policy (hereinafter Privacy Policy) and its publication, the Company complies with the Regulation (EU) 2016/679 of the European Parliament and of the Council (commonly known as the General Data Protection Regulation or GDPR) and the 2011 Act on the Right to Information Self-Determination and Freedom of Information CXII. statutory information obligation.
The current version of the Privacy Policy is available electronically on the website of the Agile Get-together 2022 Conference (www.agilegettogether.hu) under the “Privacy Policy” tab, further on the website https://agilegettogether.ticketninja.io, as well as in printed form at the office of Sprint Consulting Llc.
INFORMATION ON THE DATA CONTROLLER
Company name: Sprint Consulting Llc.
Seat: 1082 Budapest, Corvin sétány 2. A
Company registration number: 01-09-981936
Company Registry: Metropolitan Court of Registration
Tax number: 14567975-2-42
Representative: Árpád Zsolt Bodó (independent), Bernadett Bugnyár, Judit Üveges, Tamás Rábaközi
Telephone number: +36209777466
E-mail: info@sprintconsulting.com
Website: www.agilegettogether.hu and www.sprintconsulting.com
CHAPTER I INFORMATION ABOUT CERTAIN DATA PROCESSES FOR CLIENTS AND CLIENTS’ EMPLOYEES
1. Data management related to the registration for conference service and sponsorship package services provided by the Company, the establishment and fulfilment of the contract for the use of the service, establishment of future contact, including data processing for the purpose of invoicing
The range of personal data processed for legal entity clients
- the name, position, email address, telephone number of the employee of the client participating in the conference
- the name, email address, phone number of the client’s contact person
The range of personal data processed is for natural persons
- name, company name, position, tax identification number, e-mail address, telephone number.
We inform our clients that the provision of the personal data listed above is a precondition for concluding a contract for the registration to the conference, the provision of the data is mandatory, in case of failure to do so we cannot enter into a contract, thus we cannot provide services.
The data subject
In case of legal entity clients
- an employee of the client participating in the conference
- the client’s contact person
In the case of natural person clients, the natural person is the client who registers to use the conference service.
The purpose of data management is to process registrations for conference services for legal entity clients and natural person clients, to create and fulfil a contract for the use of the service, to provide the service, to contact the client / conference participant, to forward data to the co-organising partners for the purpose of initiating future business relationship. The purpose of managing the contact details is to keep in touch with the client, communication, to fulfil the contractual obligations.
The legal basis for data management for legal entity clients
- The processing of the personal data of the employee of the client who has registered for conference / participates in conference, is based on the legal basis of Article 6 (1) (f) GDPR, the data processing is necessary for the legitimate interest of the Company to comply with the conference services obligations arising out of the contract.
- Balance of interest test: due to the nature of the conference service, it is essential that the Data Controller handles personal data of the employees participating in the conference. Data management covers only the most necessary data that ensures the fulfilment of the data provision obligation or the contact with the employee. Data management also serves the interests of employees, as it allows them to participate in the conference and to keep in touch with the Company and the co-organising partners. The data management in question does not constitute an unjustified interference with the privacy of employees.
- Guarantees: The Company manages personal data only to the extent necessary for the provision of conference services, in order to conduct the training. The data is accessed only by those authorised to do so, and in order to preserve the confidentiality of the data, the Company takes the necessary data security and organisational measures.
Data management in case of contact persons
- Our company manages the contact details of legal entity clients (name, e-mail, telephone number) on a legal basis in accordance with Article 6 (1) (f) of the GDPR. to be able to fulfil our obligations under the contract, to be able to keep in touch with the customer smoothly at all times, and this is possible through the contact person appointed by the customer. The contact person’s right for protection, on the other hand, the right related to his / her privacy, however, the legitimate business interest of the Company and the client in the performance of the contract is stronger than this right. The right to privacy is not violated, as the Company is generally and most likely given the company contact information to the contact person provided by the customer, on which the contact person is required to be available and communicate in order to fulfil his / her job responsibilities.
- Guarantees: The Company handles the contact details only for the purpose of concluding a contract with the customer or performing the contract. Only authorised persons have access to the data.
- Summary: Based on the above, the data controller considers that a legitimate interest in the processing of the data of the customer’s contact person can be established, and this legitimate interest is not overridden by the contact person’s right to privacy.
- If the preliminary negotiations and correspondence do not lead to the conclusion of a contract, the Company shall store the personal data (including the business card) disclosed to it for the purpose of a subsequent contact, establishment of a business relationship based on its legitimate interest (Article 6 (1) (f) GDPR).
- It is in the legitimate interest of the Company to have the client’s data available for the purpose of a possible subsequent conclusion of the contract, thus enabling the contact and conclusion of the contract, which is not only in the interest of the Company, but also in the interest of the client.
The legal basis for data management in case of natural person clients
- The provision of the above data is necessary for the preparation of the registration for the use of the conference service, taking preventive legal steps, establishing and fulfilling the service (Article 6 (1) (b) GDPR).
Duration of data management for legal entity clients and natural person clients
- The personal data of the data subjects are stored for 5 years from the last day of the conference and the service related contract for the use of the service (civil limitation period).
Recipients of personal data in the case of legal entity clients and natural person clients:
- The data controller is, in addition to the Company, the Morgan Stanley Elemző Kft.. The Company conducts the conference, while Morgan Stanley Elemző Kft. initiates future business relationships.
- As part of this, the Morgan Stanley Elemző Kft. manages the following personal data: name, company name, position, e-mail address, telephone number.
- For details on data management by the Morgan Stanley Elemző Kft., see the following page: https://www.morganstanley.com/privacy-pledge
- See Section III – Data processors
- Further, the data controller is, in addition to the Company, the UST España SAU. The Company conducts the conference, while UST España SAU initiates future business relationships.
- As part of this, UST España SAU manages the following personal data: name, company name, position, e-mail address, telephone number.
- For more information on data management by UST España SAU, see the following page: https://www.ust.com/es/legal-notice/privacy-policy
- See Section III – Data processors
1/a Invoicing related data management information
Data management for the purpose of invoicing and the fulfilment of related legal obligations is closely related to data processing related to conference organisation and to the creation and fulfilment of a service contract, however, due to legal requirements for invoicing, data processing related to invoicing for tax and accounting purposes is detailed separately below.
Scope of personal data
- The invoice issued to the legal entity clients does not contain personal data. The performance certificate attached to the invoice contains the name, email address, telephone number of the employee(s) participating in the conference service and the detailed name of the service.
- The invoice issued for the name of the natural person client contains the client’s name, address, tax identification number, as well as the name of the service, the date of use and other mandatory data.
- Pursuant to Section 169 of the VAT Act, the name and address of the client are the mandatory data content of the invoice, so their provision is mandatory due to the force of this legislation, in the absence of such data, it is not possible to conclude a contract and provide services.
The data subject is the employee of the legal entity client as well as the natural person client.
The purpose of data management is to issue an invoice for the service used, to preserve the invoice, and to fulfil tax and accounting obligations.
Legal basis for data management
- The data processing takes place on a legal basis in accordance with Article 6 (1) (c) of the GDPR, i.e. the data processing is necessary to fulfil the legal obligation (tax and accounting obligations) of the Company (e.g. Act CXXVII of 2007 on Value Added Tax) – hereinafter referred to as the VAT Act, the obligation to issue invoices pursuant to Section 159 (1) of the VAT Act, to Section 169 of the VAT Act and to Section 167 of Act C of 2000 on Accounting, hereinafter referred to as the Accounting Act, compliance with the data content requirements of the invoice / accounting document).
- The indication of the name, email address and telephone number of the legal entity client’s employee on the certificate of performance and thus its management is based on the legitimate interest of the Company, the detailed information on which is provided in point 1 above.
Duration of data management
- The preservation of the issued invoice as an accounting document on paper basis takes place until the deadline pursuant to Section 169 of the Accounting Act (currently 8 years), Section 78 (3) of the Tax Act 2017 (new Art.) and pursuant to Section 202 takes place until the right to a tax assessment expires.
Recipients of personal data
- The Company complies with the 2017 CLI on tax administration regulations pursuant to Section 98 of the Act, in the event of a possible tax audit procedure, it is obliged to make the issued invoices and accounting documents available to the tax authority.
- See Section III – Data processors
1/b Online payment related data management information
Data management for the purpose of online payment and the fulfilment of related legal obligations is closely related to data processing related to conference organisation and the creation and fulfilment of a service contract, however, due to legal requirements for invoicing, data processing related to invoicing for tax and accounting purposes is detailed separately below.
Scope of personal data
- SimplePay: contact person name and email address, telephone number, TicketNinja order ID, transaction amount, IP address, date and time of transaction, delivery address, billing address, number of bank card data saved during payment (token card storage), expiration date, CVV code, name on the bank card, data indicated in the certificate of use of the service used, the data collected from the customer’s browser used during online shopping: the value of the accept http header, which is the format that appears in the body of the http request; the name and version number and default language of the browser and operating system used; the source IP address of the browser; whether the browser can run java code; browser language; browser colour depth; browser screen height; browser screen width; your browser’s time zone
- OTP Mobil Ltd.: Visitor name, surname, name, country, telephone number, email address
- OTP Mobil Szolgáltató Llc., seat: 1143 Budapest, Hungária krt. 17-19.
- Purpose of data processing: conducting and authorising online payment transactions, related fraud monitoring, prevention and related Chargeback assessment, 3D Secure strong customer authentication.
- Scope of processed data: scope of data according to the above data management information list.
- OTP Mobil Limited liability company
- See Section III – Data processors
2. Handling and answering inquiries
Scope of personal data processed
- The content of the email, email address, phone number, response to the request.
- In case the request is made or the Company is contacted by filling in the form at the website www.agilegettogether.hu, the range of personal data processed is: name, company name, position, LinkedIn-profile, email address, country, time zone, telephone number, the content of the inquiry, the response to the inquiry.
The data subject is the sender of the request or, depending on the content of the letter, an additional person that can be identified by the personal data contained therein.
The purpose of data management is to handle and answer the inquiry.
Legal basis of data management
- If your inquiry is about the conference service in the request or you want to negotiate the service contract, we will process the provided personal data on the legal basis according to Article 6 (1) b) of the GDPR, i.e. data processing is necessary to create a service contract and to take steps at your inquiry prior to concluding a contract.
- If the subject of the inquiry is not related to the conference service, or if the request comes from a natural person acting on behalf of a legal entity, the personal data of the data subject(s) under this point shall be provided in accordance with Article 6 GDPR pursuant to subsection (1) (f), we treat it in the light of our legitimate interest in responding to the data subject’s inquiry and in settling the claims arising from the inquiry.
Our company has performed the balance of interest test and examined the relationship between the above legitimate interest and the right to the protection of privacy concerned. The Company has established that in the case of inquiries, the data subject is the person, who initiates the contact with the Company, voluntarily provides his / her personal data to the Company. It is in the interest of the data subject to receive a response to the request, which requires the processing of the personal data contained in the request by the Company. Based on the above, the Company considers that a legitimate interest in the processing of personal data contained in the request can be established; data processing is essential to respond to the request which do not override a legitimate interest in the data subject’s right to privacy, also given that the request is initiated by the data subject itself.
Duration of data management
- Inquiries and responses to them will be stored until the inquiry is processed and for an additional 10 years for future contact.
- The data processing is subject to the provisions of Section II / 1, if the request is necessary for the establishment of a contract, for taking pre-contractual steps and if our Company finally concludes a contract with the data subject.
- If the request is followed by an application for a training course, the personal data will be processed as set out in point 1 below.
Recipients of personal data: See Section IV – Data processors
3. Data management for the purpose of handling complaints
Scope of managed personal data
- In case of a complaint made via email: e-mail address, the content of the request, complaint, the response of the Company
- In case of a complaint made via written request: the content of the request, the complaint, a copy of the reply
- In the case of an oral complaint communicated via telephone or in person, if the client does not agree with the handling of the complaint or it is not possible to investigate the complaint immediately: the Company takes a report about the complaint, and its opinion about the complaint, with a content set out in CLV of 1997 on Consumer Protection and treats the report and a copy of the reply as personal data.
- Pursuant to Article 17/A (5) on Consumer Protection the report on the complaint must contain the following information:
- name and address of the consumer,
- the place, time and manner of submitting the complaint,
- a detailed description of the consumer’s complaint, a list of documents, documents and other evidence presented by the consumer,
- a statement by the Company of its position on the consumer’s complaint, if an immediate investigation of the complaint is possible,
- the signature of the person who took the minutes and the consumer, with the exception of an oral complaint made by telephone,
- place and time of recording the minutes,
- in case of an oral complaint communicated by telephone, the unique identification number of the complaint.
The data subject is the natural person client making the complaint and, depending on the content of the complaint, an additional data subject can be identified by the personal data contained therein.
The purpose of data management is to handle complaints received by the Company orally, via telephone, in writing and via electronic mail based on Article 6 (c) of the GDPR, fulfilment of the legal obligation contained in Article 17/A on Consumer Protection.
Duration of data management: Pursuant to Article 17/A (7) on Consumer Protection the report of the complaint and a copy of the reply to the complaint shall be kept by the Company for five years and shall be presented to the audit authorities upon request.
Recipients of personal data:
- The consumer protection authority, if the Company is obliged to present the report of the complaint and a copy of the reply are presented by the Company in accordance with Article 17/A (7) on Consumer Protection
- See also Section III – Data processors
4. Sending direct marketing inquiries
Scope of managed data
- First name, surname, email address, in case of subscription through the website, the date of subscription.
The data subject is the person who has subscribed to the dm (direct marketing) inquiries / newsletter.
The purpose of data management is to send an e-mail message, direct marketing inquiry with information about the new training opportunities, promoting the Company’s services, sending information about future events.
The legal basis for data processing is the voluntary consent of the data subject (Article 6 (a) GDPR), which can be provided when registering on the website, in person during the training or with a statement of consent given online after the training.
Duration of data processing: until the withdrawal of consent.
Recipients of personal data: See Section III – Data processors
5. Data management related to taking and publication of photographs and videos
Our company or its cooperating partner may make photo and video recordings of the participants in the conference. Sprint can publish the completed recordings on the conference and Sprint Consulting’s own websites, as well as on Facebook, Twitter, LinkedIn, and Instagram pages (“Websites”), as well as in print media, magazines, reports and advertising platforms. The scope of personal data: image and sound recording (photo, movie, video).
Data subject is the person participating in the conference.
Purpose of data management
- Recordings are made and published for the purpose of promoting and advertising our services, and documenting the conference. Publication takes place at the website www.agilegettogether.hu and www.sprintconsulting.com, on the Company’s electronic and paper-based advertising and marketing materials and on social media interfaces.
- The further purpose of the recording is to subsequently check and improve the quality of the service provided by the Company.
Legal basis for data management
Data processing is carried out on the basis of Article 6 (a) of the GDPR, i.e. with the consent of the data subject. Participants are therefore asked to consent to the recording and publication of photographs and videos at the time of the registration for the conference.
By making your statement, you acknowledge that the producer and owner of the photographs, audio and video recordings is Sprint Consulting Kft. By giving your consent, you also consent to Sprint Consulting Kft. making the photo recording, audio and video recording made in this way available to the public, distributing it without geographical and time restrictions, and subsequently modifying it, which consent also extends to the product created as a result of the editing. By giving your consent, in accordance with Article 6 (1) of the GDPR you consent to Sprint Consulting Kft. taking a picture of you in connection with its activities and publishing it. By giving this consent, you expressly waive any claim for remuneration related to the use of the image, and – to the extent permitted by the laws in force at any time – you waive any claim for compensation or damages resulting from the use of the image. You can voluntarily withdraw your consent at any time, however, the withdrawal of consent does not affect the legality of the data processing before the withdrawal.
Duration of data management
- Until withdrawal of the data subject’s consent.
- Withdrawal of consent may be notified at any time by post or e-mail to the registered office of the Company (see Chapter I for contact details).
- If the consent is withdrawn, the Company will delete the photo or video recording, terminate its publication or, if possible, make the data subject unrecognisable on the published photo or video recording in order to prevent further processing of personal data.
- Withdrawal of consent shall not affect the lawfulness of data processing, photo and video recording and publication prior to the withdrawal.
Recipients of the personal data
- The person making the recording, if the Company instructs a third party to do so.
- See Section III – Data processors
CHAPTER II DATA PROCESSING REGARDING THE DATA OF THE COMPANY’S BUSINESS PARTNERS
The scope of personal data in case of legal entity business partners
- in case of presenters of the conference the name, company name, position, LinkedIn profile address, email address, country, time zone, telephone number of the business partner, the “Call for Papers” form filled by the business partner, the agreement signed with the business partner
- name, email address, telephone number of the business partner
- the invoice received, and the data it includes
- name, address, tax identification number, email address, company name, position, telephone number, the agreement signed with the business partner
Data subject
- employee of the business partner cooperating during the conference
- Contact person of the business partner
Purpose of data management
- Pre-contractual negotiations and concluding contracts with business partners in order to use our services, fulfilment of the concluded contract, related administration, contact, enforcement of possible claims, fulfilment of tax and accounting obligations related to the contractual relationship.
Legal basis for data management
- Our company manages the contact details of the legal entity clients (name, email address, telephone number) on the legal basis according to Article 6 (1) (f) of the GDPR, data management is necessary to enforce our legitimate interest and the legitimate interest of the client, to be able to enter into a contract, to use the service under the contract, to be able to keep in touch with the client at all times, and to fulfil our contractual obligations, and these are possible through the contact person designated by the client. The protected right of the contact person, on the other hand, may be a right related to his / her privacy, however, the legitimate business interest of the Company and the client in the performance of the contract is stronger than that right. The right to privacy is not violated, as the Company is generally and most likely given the company contact details provided to the contact person by the client, on which the contact person is required to be available and communicate in order to fulfil his / her job responsibilities.
- Our Company manages the data of natural person clients on the legal basis pursuant to Article 6 (1) (b) of the GDPR, the data processing is necessary for the establishment and performance of the contract between the Company and the natural person client. The processing of personal data brought to the attention of the Company during the negotiations prior to the conclusion of the contract is also carried out on the legal basis pursuant to Article 6 (1) b) of the GDPR (data necessary for the establishment and performance of the contract).
- Guarantees: The Company manages the contact details exclusively for the purpose of concluding a contract with the client and fulfilling the provisions of the contract. Only authorised persons have access to the data.
- Summary: Based on the above, the data controller considers that a legitimate interest in the processing of the data of contact persons included in the contract can be established, and this legitimate interest is not overridden by the right of the contact person to protect privacy.
- If the preliminary negotiations and correspondence do not lead to the conclusion of a contract, the Company shall store the personal data (including the business card) disclosed to it, for the purpose of subsequent contact and establishment of a business relationship based on its legitimate interest (Article 6 (1) (f) GDPR). It is in the legitimate interest of the Company to have the data of the client available for the purpose of concluding a subsequent contract, thus enabling keeping in contact and the conclusion of the contract, which is not only in the interest of the Company, but also in the interest of the client.
- The contract and the account (and its data) are managed on a legal basis in accordance with Article 6 (1) (c) of the GDPR in order to fulfil a legal obligation, the data processing is necessary to fulfil the tax and accounting obligations of the Company.
Duration of data management
For the preservation of the contract and the received invoices until the deadline according to § 169 of the Accounting Act (currently 8 years), § 78 (3) and § 202 of the CL Act 2017 on the taxation system (new Art.) until the tax limitation period.
Recipients of personal data
- The Company is subject to the 2017 CLI on tax administration regulations, pursuant to Section 98 of the Act, in the event of a possible tax audit procedure, it is obliged to make the received invoices, accounting documents and contracts available to the tax authority.
- See Section III – Data processors
1/a Invoicing related data management information
Data management for the purpose of invoicing and the fulfilment of related legal obligations is closely related to data processing related to the creation and fulfilment of a service contract, however, due to legal requirements for invoicing, data processing related to invoicing for tax and accounting purposes is detailed separately below.
Scope of personal data
- The invoice issued to the legal entity clients does not contain personal data. The performance certificate attached to the invoice contains the name, email address, telephone number of the employee(s) participating in the conference service and the detailed name of the service.
- The invoice issued for the name of the natural person client contains the client’s name, address, tax identification number, as well as the name of the service, the date of use and other mandatory data.
- Pursuant to Section 169 of the VAT Act, the name and address of the client are the mandatory data content of the invoice, so their provision is mandatory due to the force of this legislation, in the absence of such data, it is not possible to conclude a contract and provide services.
The data subject is the employee of the legal entity client as well as the natural person client.
The purpose of data management is to issue an invoice for the service used, to preserve the invoice, and to fulfil tax and accounting obligations.
Legal basis for data management
- The data processing takes place on a legal basis in accordance with Article 6 (1) (c) of the GDPR, i.e. the data processing is necessary to fulfil the legal obligation (tax and accounting obligations) of the Company (e.g. Act CXXVII of 2007 on Value Added Tax) – hereinafter referred to as the VAT Act, the obligation to issue invoices pursuant to Section 159 (1) of the VAT Act, to Section 169 of the VAT Act and to Section 167 of Act C of 2000 on Accounting, hereinafter referred to as the Accounting Act, compliance with the data content requirements of the invoice / accounting document).
- The indication of the name, email address and telephone number of the legal entity client’s employee on the certificate of performance and thus its management is based on the legitimate interest of the Company, the detailed information on which is provided in point 1 above.
Duration of data management
- The preservation of the issued invoice as an accounting document on paper basis takes place until the deadline pursuant to Section 169 of the Accounting Act (currently 8 years), Section 78 (3) of the Tax Act 2017 (new Art.) and pursuant to Section 202 takes place until the right to a tax assessment expires.
Recipients of personal data
- The Company complies with the 2017 CLI on tax administration regulations pursuant to Section 98 of the Act, in the event of a possible tax audit procedure, it is obliged to make the issued invoices and accounting documents available to the tax authority.
- See Chapter III – Data processors
CHAPTER III DATA PROCESSORS
Our company uses the following data processors during data management. A data processor is a natural person or legal entity that performs data processing operations on personal data on behalf of the Company as a data controller and on the basis of its instructions.
1. Website, email and server related service providers of our Company
1/a Web hosting, email server and email hosting service
The operation of www.agilegettogether.hu website is provided and operated by Jakus és Jakus Szolgáltató Kft. Jakus és Jakus Kft. also provides e-mail services to the Company, in the framework of which it provides an email server and email hosting.
company name: Jakus és Jakus Szolgáltató Kft.
seat: 2030 Érd, Szigetvári u. 39., Hungary
company registration number: 13-09-118040
tax number: 14208304-2-13
E-mail address: jakus [dot] henrietta [at] nicro [dot] hu
Jakus és Jakus Kft. does not process personal data for its own purposes, it performs technical operations on them only to the extent strictly necessary for the performance of the service.
1/b The hosting provider of www.agilegettogether.hu website
company name: Dotroll Kft.
seat: 1148 Budapest, Fogarasi út 3-5., Hungary
company registration number: 01-09-882068
e-mail address: support [at] dotroll [dot] com
website: https://dotroll.com/hu
The hosting provider does not process personal data for its own purposes, it only provides storage space for our Company to store the content of the www.agilegettogether.hu website and the data provided there.
2. Operator of our company’s internal management system (including the data stored there)
2/a
company name: Cloud Consulting Kereskedelmi és Szolgáltató Bt.
seat: 2100 Gödöllő, Mohács utca 10., Hungary
company registration number: 13-06-069671
email address: robert [dot] vlajk [at] gmail [dot] com
As the operator of the business system, Cloud Consulting Bt. does not process personal data for its own purposes, it only provides storage space for our Company to store personal data managed by the Company.
2/b
company name: Backupify Inc.
seat: 17 Sellers Street, Cambridge, MA 02139, United States
e-mail address: backupify-info [at] datto [dot] com
website: www.backupify.com/
The provider responsible for backing up electronic storage. Backupify Inc. does not process personal data for its own purposes, it only provides storage space for our Company to store personal data managed by the Company.
3. Maintainers of our company’s computers, printers and their operating system
3/a
company name: X-kontroll Irodatechnikai és Informatikai Kereskedelmi Szolgáltató Kft.
seat: 2220 Vecsés, Álmos utca 7., Hungary
tax number: 13008345-2-13
company registration number: 13-09-094157
website: https://x-kontroll.hu/
The maintenance and repair works of the Company’s printers and their operating systems are performed by X-kontroll Kft. During the performance of the above tasks, the data processor may access electronically stored personal data to the extent and for the purpose strictly necessary for the performance of the task, but may not process them for its own purposes.
3/b
company name: LANSYSTEM Számitástechnikai Szolgáltató és Fejlesztő Korlátolt Felelősségű Társaság
seat: 1113 Budapest, Diószegi út 60/b. I. em. 3, Hungary
tax number: 10491623-2-43
company registration number: 01-09-074423
e-mail address: klambauer [at] lansystem [dot] hu
website: https://lansystem.hu/
The maintenance and repair works of the Company’s computers, printers and their operating systems are performed by Lansystem Kft. During the performance of the above tasks, the data processor may access electronically stored personal data to the extent and for the purpose strictly necessary for the performance of the task, but may not process them for its own purposes.
4. Accounting service providers of our company
4/a
company name: IronAge Kereskedelmi és Szolgáltató Bt.
seat: 2310 Szigetszentmiklós, Petőfi utca 9., Hungary
company registration number: 13-06-049297
tax number: 21823411-1-13
e-mail address: ironagekonyveloiroda [at] gmail [dot] com
4/b
company name: Creative Account S.R.L.
seat: Str. Petuniel nr. 5 ap. 53, Cluj-Napoca, jud. Cluj, Romania
company registration number: J12/2528/2008
tax number: RO 24025436
E-mail address: creative [dot] account [at] consultingro [dot] com
In order to fulfil its tax, accounting and payroll obligations, our Company uses the above external service providers, who manage the invoices issued to clients and received from business partners in order to fulfil the tax, accounting and payroll obligations of our Company. On behalf of the Company they also manage the data contained therein, as well as the contracts concluded with partners and employees.
5. Partner companies, which provide card payment services
5/a
company name: OTP Mobil Szolgáltató Korlátolt Felelősségű Társaság
seat: 1143 Budapest, Hungária krt. 17-19., Hungary
company registration number: 01-09-174466
tax number: 24386106-2-42
e-mail address: ugyfelszolgalat [at] simple [dot] hu
By providing the SimplePay service, Simple qualifies as the Company’s data processor with regard to the transaction data provided to Simple by the persons concerned in connection with the purchase. A description of Simple’s services and relevant policies are available on the https://simplepay.hu/ website.
5/b
company name: PayPal (Europe) S.à r.l. et Cie, S.C.A.
seat: 22-24 Boulevard Royal, L-2449 Luxembourg
company registration number: R.C.S. Luxembourg B 118 349
tax number: LU22046007
e-mail address: enquiry [at] paypal [dot] com
By providing the PayPal service, PayPal qualifies as the Company’s data processor with regard to the transaction data provided to PayPal by the persons concerned in connection with the purchase. A description of PayPal’s services and relevant policies are available on the https://www.paypal.com/hu/home website.
6. Partner companies, which participate in the organisation of the conference
6/a
company name: Morgan Stanley Magyarország Elemző Kft.
seat: Budapest, Lechner Ödön fasor 8., 1095
tax number: 13702410-2-44
e-mail address: zsolt.lukacs@morganstanley.com
6/b
company name: UST Global España, S.A.U.
seat: C/ Santa Leonor, 65 Edificio G 28037 Madrid, Spain
tax number: ESA84816644
contact: Omar Heriberto Santos Velasco
email: Omar.Velasco@ust.com
The above partner companies of our Company participate in the organisation of the conference. Applications for training abroad are made through our Company in the same way as for domestic training. After the registration, our Company forwards the data of conference participants to the relevant partner companies. Partner companies only process personal data necessary for the initiating and conducting future business relationship.
6/c
company name: Zoom Video Communications, Inc.
contact: https://explore.zoom.us/docs/en-us/contact.html
Zoom Video Communications, Inv. is our Company’s partner in delivering the conference online. Please note that it is your responsibility to tell anyone near your device’s camera or microphone that users and others nearby can see or hear them. If you Permit any others to be within the range of your device’s camera or microphone during the conference you consent on their behalf, to the fullest extent permitted by law, to this Privacy Policy, Zoom Events Participant Terms of Use and Zoom Privacy Statement.
6/d
company name: SZINTÉZIS-NET Szoftverfejlesztő és Szolgáltató Korlátolt Felelősségű Társaság
seat: 9024 Győr, Vasvári Pál út 1/C.
company registration number: 08-09-011535
tax number: 13116057-2-08
email address: hello@ticketninja.io
Szintézis-Net Kft. is our Company’s partner in organising the conference, also providing our own landing page, automatic payment and invoicing options and marketing support. Please note that Szintézis-Net Kft. in the course of its activities, if it performs data management operations on personal data on behalf of our Company (reads, stores, transmits, analyzes, deletes or modifies them), it is considered as data processor. At the same time, Szintézis-Net Kft. acts as an independent data controller in certain cases regarding the management of visitor data, in connection with which the guidelines are described in the Data Management Regulations of Szintézis-Net Kft.
CHAPTER IV DATA SECURITY
The Company will take the necessary technical and organisational measures and develop appropriate procedural rules to ensure the security of personal data throughout the data management process. The Company undertakes to ensure data security, to take the technical and organisational measures and to establish the procedural rules to ensure that the recorded, stored and processed data are protected and to prevent their destruction, unauthorised use and unauthorised change.
Personal data may only be accessed by designated persons with the highest level of access controls in place. Within the framework of the above, the Company develops and selects IT solutions in such a way as to ensure the exclusive access of those who are entitled to have access to the data and that the data retains their authenticity and integrity. It uses among other measures, password-protected access systems, user authentication, certificates, activity logging, firewall settings, and regular backups. The Company shall take appropriate measures to protect the servers used for data storage.
Communication takes place via an encrypted channel between the browser of the user visiting the website and the web servers.
The Company always monitors the development of technology, applies the available technical, technological, organisational solutions and solutions that meet the level of protection justified by its data management.
CHAPTER V INFORMATION ABOUT THE RIGHTS OF THE DATA SUBJECT
We inform you below about your rights to the processing of personal data under the present Privacy Policy.
- Right to information (Article 13 GDPR)
Subject to the fact that both customers and business partners provide their personal data to the Company themselves, our Company complies with its information obligation under Article 13 of the GDPR with the present Privacy Policy.
- Right of access (Article 15 GDPR)
You may at any time request information about whether our Company is processing your personal data and, if so, exactly which personal data is being processed by our Company. Upon request, we will provide information on the purposes, legal basis, duration of data processing related to you, as well as who receives or has received your data and for what purpose.
In case there is data that we did not obtain from you, you may at any time request information on the source of the data. If automated decision-making or profiling takes place in relation to you, we will inform you about this and the logic used, indicating also the expected consequences of such data processing for you. At present, neither automated decision-making nor profiling takes place at our Company. Should personal data be transferred to a third country or international organisation, we will inform you of the appropriate guarantees under Article 46 of the GDPR regarding the transfer.
We provide the first copy of the personal data that is the subject of data processing free of charge. Additional copies may be subject to a reasonable fee based on administrative costs, depending on the amount of data, but it will be communicated to you in advance. If you have submitted your request for information / access electronically, the information will be provided to you in electronic format, unless you request otherwise. The right to request a copy must not adversely affect the rights and freedoms of others.
- The right for correction or supplementation (Article 16 GDPR)
You have the right to request that we correct inaccurate or incorrectly recorded personal information about you. If the data is incomplete, you can request it to be supplemented.
- Right to delete personal data (“right to be forgotten) (Article 17 GDPR)
You can request the deletion of your personal data from us at any time, which we are obliged to comply with, if you have any of the following reasons:
- personal data are no longer required for the purpose for which they were collected or processed;
- you have withdrawn your consent to the processing and there is no other legal basis for the processing;
- you object to the Company’s processing of data based on public interest or a legitimate interest pursuant to Article 21 (1) of the GDPR and there is no overriding legitimate reason for such processing, or you object to the processing of data for direct business purposes pursuant to Article 21 (2) of the GDPR against data management;
- we have processed your personal data unlawfully;
- your personal data must be deleted in order to comply with a legal obligation under Union or Member State law applicable to the Company;
- personal data have been collected in connection with the provision of information society services referred to in Article 8 (1) of the GDPR.
We will not delete the requested data if the data processing is:
- necessary for the exercise of the right to freedom of expression and information;
- necessary for the performance of a legal obligation applicable to the Company (e.g. fulfilment of tax and accounting obligations) or for the performance of a task performed in the public interest or in the exercise of a public authority conferred on the Company;
- in the public interest in the field of public health, in accordance with Article 9 (2) (h) and (i) and Article 9 (3) of the GDPR;
- in accordance with Article 89 (1) of the GDPR, for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes, if the right of deletion would make such processing likely to be impossible or seriously jeopardise, or
- necessary for the submission, enforcement and defence of legal claims.
- Right to restrict data management (Article 18 GDPR)
You may request that we restrict the processing of certain of your personal information. We comply with this request by indicating that the processing of the personal data in question is restricted. Restrictions can occur in the following cases:
- You dispute the accuracy of your personal information, in which case the restriction applies to the period of time that allows us to verify its accuracy;
- The data processing is illegal and you oppose to the deletion of the data, instead requesting a restriction on their use;
- Our Company no longer needs personal data for data processing purposes, but you do so in order to make, enforce or protect legal claims;
- You have objected to the processing pursuant to Article 21 (1) of the GDPR. In this case, the restriction applies as long as it is determined whether we have a legitimate reason to process the data, i.e. whether our Company’s legitimate reasons for retaining and processing the data take precedence over the legitimate reasons for deleting your data.
During the restriction period, we will only store the data, we do not perform any other data processing operation, and we will not modify the data, unless i) you consent to further operations or ii) if the processing of data is necessary for the submission, enforcement or protection of legal claims, further (iii) if the processing is necessary to protect the rights of another natural or legal person, or (iv) where the processing is necessary in the overriding public interest of the Union or of a Member State.
In the event of a restriction on data management, we will inform you in advance of the lifting of the restriction in the form and manner in which you requested the restriction of data management.
Our company will inform all recipients of the rectification, deletion or restriction of data processing you have requested and we carried out, with whom we have communicated personal data, unless this proves impossible or requires a disproportionate effort. Upon your request, we will inform you who and which recipients we are informing as detailed above.
- Right to protest (Article 21 GDPR)
You have the right to object to the processing of your personal data at any time for reasons related to your situation, if the processing is carried out in the public interest or in the legitimate interest of the Company or a third party (Article 6 (1) (e) and (f) GDPR). In this case, our Company will not further process your personal data, unless we prove that the processing is still justified by legitimate reasons that take precedence over your interests, rights and freedoms, or that are necessary to bring, enforce or protect legal claims.
You have the right to object at any time to the processing of personal data related to you for the purpose of direct business acquisition, including profiling (if the Company decides to use such information, we will provide you with prior notice) if it relates to direct business acquisition. In the event of an objection, personal data will no longer be processed for direct business purposes. The Company does not perform data processing for direct business purposes currently. If we do so, we will inform the data subjects separately and obtain their consent in advance.
In the case of data processing for statistical purposes, you have the right to object to the processing of personal data related to you, for this purpose, for reasons related to your own situation, unless the data processing is necessary for the performance of a task in the public interest.
- Right to data portability (Article 20 GDPR)
The data subjects have the right to receive the personal data concerning them provided to us in a structured, widely used, machine-readable format, and to transfer this data to another data controller without our Company preventing this. The data subject’s right to data portability applies to data the processing of which is subject to consent (Article 6 (1) (a) or Article 9 (2) (a) of the GDPR) or performance of a contract (Article 6 (1) of the GDPR) paragraph (b)). If the data subject requests the direct transfer of personal data between data controllers, our Company will indicate whether this is technically feasible on our part.
- Right to complain (Article 77 GDPR)
You can complain to the supervisory authority about the Company’s processing of data, in particular in the Member State where you are habitually resident or where the alleged infringement takes place. In Hungary, the supervisory authority is the National Data Protection and Freedom of Information Authority (1055 Budapest, Falk Miksa utca 9-11., E-mail: ugyfelszolgalat [at] naih [dot] hu, + 36-1-391-1400, chairman: Dr. Péterfalvi Attila, www.naih.hu).
- Right to an effective judicial remedy against the supervisory authority (Article 78 GDPR)
You can seek legal redress and bring an action against a binding decision of the supervisory authority that applies to you (in Hungary, the National Data Protection and Freedom of Information Authority).
You are also entitled to a judicial remedy if the supervisory authority competent under Article 55 or 56 of the GDPR does not deal with the complaint or does not inform you within three months of any procedural developments or the outcome of a complaint under Article 77.
Proceedings against the supervisory authority shall be brought to a court of the Member State in which the supervisory authority has its seat. In Hungary, the Metropolitan Administrative and Labour Court has jurisdiction over legal proceedings against the National Data Protection and Freedom of Information Authority.
- The right to an effective judicial remedy against the controller or processor (Article 79 GDPR)
You have the right to take legal action if, in your opinion, your personal data has not been processed in accordance with the GDPR and as a result, your rights under the GDPR have been violated. The procedure must be initiated in the Member State where our Company operates, i.e. in Hungary. Proceedings can also be brought to a court in your Member State of habitual residence (if different from Hungary).
- Right to compensation (Article 82 GDPR)
If you have suffered material or non-material damage as a result of our breach of the GDPR, you are entitled to compensation. If we violate your right to privacy in this area, you are entitled to claim damages.
- Your information about a data incident (Article 34 GDPR)
A privacy incident is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to personal information processed, such as the hacking of our computer system, loss of your personal information, and so on.
In the event of a data protection incident, we assess its effects and risks (what data are affected, in what quantities, whether they can be replaced, etc.) and take the necessary steps to remedy them immediately.
If a privacy incident is likely to pose a high risk to your rights and freedoms, we will notify you without delay about the incident. This notification shall include all information relating to the incident, in particular:
- The name and contact details of the person who can provide further information on the incident;
- Description of the probable consequences of the incident;
- Description of the measures taken or planned to remedy the data protection incident, including our measures to mitigate any adverse consequences of the incident.
You, as a data subject, do not need to be notified of a data protection incident if any of the following conditions are met:
- appropriate technical and organisational protection measures have been implemented and these measures have been applied to the data affected by the data protection incident, in particular measures that make the data incomprehensible to persons not authorised to access personal data;
- we have taken additional measures following the data protection incident to ensure that the high risk to your rights and freedoms is no longer likely to materialise;
- information would be a disproportionate effort. In this case, we will provide information through publicly available platforms or take a similar measure to ensure effective information.
We will report the incident to the data protection authority within 72 hours of becoming aware of the incident, unless it is not likely to endanger your rights and freedoms. We also keep records of data protection incidents in the detail required by law.
CHAPTER VI ENFORCEMENT OF THE RIGHTS OF THE DATA SUBJECT, SUBMISSION OF THE APPLICATION, CONTACT WITH THE COMPANY
In case you are enforcing your rights, please send your request i) in writing, by post ii) in person to the Company’s registered office or iii) by e-mail to our Chapter I e-mail contact details.
In the case of all requests, it is necessary that the sender of the request confirms his / her identity, so please indicate your personal identification data in the request. In case of a contact person, please also provide the details of the business partner.
If we have any doubts about your identity or the information provided is not sufficient for identification, we may request additional identifying information from you that is necessary and appropriate to confirm your identity.
If you are unable to provide the above information, so there is an obstacle to your identification, please contact our Company in person. If you do not have the opportunity to do so and you cannot prove your identity beyond reasonable doubt, we may refuse to process the application.
Our company will inform you of the action taken on the request without undue delay, but in any case within one month of receipt of the request. If necessary, taking into account the complexity of the application and the number of applications, this deadline may be extended by the Company for another two months. Our Company will inform you about the extension of the deadline within one month from the receipt of the request, indicating the reasons for the extension.
If you have submitted your application electronically, we will provide the information electronically where possible, unless you request otherwise.
If the Company does not take action on your request, we will inform you without delay, but no later than one month from receipt of the request, of the reasons for the failure to take action and of the fact that you may lodge a complaint with a supervisory authority and have legal redress.
Information pursuant to Articles 13 and 14 of the GDPR and Articles 15 to 22 and action pursuant to Article 34 shall be provided free of charge. If a request is manifestly unfounded or, in particular because of its repetitive nature, excessive, having regard to the administrative costs involved in providing the information requested or in taking the action requested:
- we may charge a reasonable fee, or
- we may refuse to act on the request.
COOKIES
The Company – with the help of its data processor providing website operation and hosting services – for the technical operation of the www.agilegettogether.hu website, for the prevention and detection of data security abuses and incidents, for security purposes and for the detection of possible errors logs the cookies necessary for the operation of the website, stores them for 7 days from the logging, then archives them in a password-protected form and deletes them after 6 months. The legal basis of data management is the legitimate interest of the Company (Article 6 (1) (f) of the GDPR) to be able to ensure the IT security of the website, its resistance to infringing illegal acts and activities against the website (e.g. unauthorised access), to prevent and detect data security abuses, incidents, and to detect possible errors. Our company has performed the balancing test and examined the relationship between the above legitimate interest and the right to the protection of the privacy concerned. The Company considers that a legitimate interest in the processing of the above personal data can be established, that the data processing is indispensable for the achievement of the purposes detailed above and proportionate to that legitimate interest is not overridden by the data subject’s right.
Guarantees: The Company, through its data processor, manages personal data only to the extent necessary to achieve the above purposes. The data is accessible only to those entitled to do so, and in order to preserve the confidentiality of the data, the necessary data security and organisational measures are taken by the Company’s data processor.
Cookies
The website www.agilegettogether.hu use cookies to personalise content and provide social functionality, to operate the website and to provide basic and convenient features, to enhance the user experience, and to monitor visitor behaviour, and also to compile statistics.
What are cookies? The web server places small text files on the computer, mobile phone, tablet, and any other device used to view the website when you visit the website. Cookies are stored in a separate directory on the visitor’s computer, mobile phone, tablet, and any other device.
An HTTP cookie is a packet of information that a server sends to a browser, and then the browser sends it back to the server each time a request is made to the server. Cookies are created by the web server itself using a browser on the user’s machine, where they are stored in a separate directory.
Essential cookie, Session cookie
Some of the cookies are essential for the operation of the website and its certain functions, for navigating the website. Essential cookies help us make our website usable by enabling basic features such as navigating the site and accessing secure areas of the website. The website cannot function properly without these cookies. These cookies are session cookies and do not store personal information and are not suitable for identifying the user. Session cookies remain on the device until the browser window is closed, and these cookies are automatically deleted when the browser window is closed.
3rd party cookies
These cookies are not necessarily required to use the website, and we ask for your consent in the window at the bottom of the website before placing them. Third-party cookies are downloaded by the visitor’s browser when viewing the website, not from the (sub) domain of the Company, but from the domain of a third party (typically an advertising agency or Facebook), given that the website partly consists of such Third-party modules. Third-party cookies are returned to the third party when a visitor views one of their advertisements or visits their website, for example. The cookie warning window will remain available with a small icon even after consent, through which you can withdraw your consent at any time.
The Company has no control over Third-party cookies, therefore visitors are kindly requested to review the information about these third-party cookies (Third-party cookies):
- Google Analytics
We use the following cookies when browsing our website:
Cookie name |
Cookie description |
Cookie lifespan |
_gat_gtag_UA_15303581_1 |
Google Analytics |
1 minute |
_gid |
Google Analytics |
1 day |
_ga |
Google Analytics |
2 years |
_fbp |
|
3 months |
wp-settings-9 |
WordPress |
1 day |
Language selection cookie |
Immediately after leaving the website |
Cookie settings
The visitor can disable the use of cookies in their browser at any time, as well as delete them from their own computer / other device. In this case, you may not be able to use our website to the full extent.
Cookies can usually be managed in browsers’ Tools/Settings menu under the Privacy/History/Custom Settings menu, called a cookie or trace.
For more information on changing cookie settings, see your browser’s help or the following links:
Mozilla Firefox: https://support.mozilla.org/hu/kb/S%C3%BCtik%20kezel%C3%A9se
Google Chrome: https://support.google.com/chrome/answer/95582?hl=hu&ref_topic=3421433
Internet Explorer: https://support.microsoft.com/hu-hu/help/17442
Opera: http://help.opera.com/Windows/9.63/hu/cookies.html
Safari: https://support.apple.com/hu-hu/guide/safari/manage-cookies-and-website-data-sfri11471/mac