9700 Szombathely, Zanati út 32-36.

+36 94 505 003

EN

Privacy policy

Name: Pannon Business Network Association
Headquarters:             9027 Győr, Gesztenyefa u. 4.
Stat. number:  18984303-9412-529-08
Tax number:    18984303-2-08
E-mail:             info@pbn.hu
The phone:      (94) 505 003

Purpose and scope of the information
The Pannon Business Network Association handles, processes and stores the personal data obtained in the course of its activities for purposes specified by law.
The purpose of this information is to determine the legal order of the records kept at the Data Controller and to ensure that the constitutional principles of data protection, the right to information self-determination and the requirements of data security are enforced. The further purpose of this information is to record the data protection and data processing principles applied by the Data Controller, the Data Protection and Data Protection Policy of the Controller, which it recognises as binding on itself.
The purpose of the information notice is to ensure that the activities of the Pannon Business  Network Association, through the application and operation of the present information, comply with the legal requirements on data protection, ensure that the fundamental rights relating to the protection of personal data defined in the data management are respected and that data security requirements are complied with.
 
Definitions of concept:
Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special categories ofpersonal data: personal data revealingracial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data for the purpose of uniquely identifying a natural person, health data and personal data relating to a natural person’s sex life or sexual orientation.
Data management: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
Data transfer: making the data available to a specific third party.
Disclosure: making the data available to anyone.
Data deletion: making data unrecognizable in such a way that it is no longer possible to recover them.
Registration system: a collection of personal data in any way, whether centralised, decentralised or structured according to functional or geographical aspects, which is accessible on the basis of specific criteria.
Data Controller: who, alone or jointly with others, determines the purposes and means of processing.
Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Affected by: any natural person identified or, directly or indirectly, identifiable on the basis of personal data.
Consignee: the natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether a third party or not.
Third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.
Personal data breach: a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
E-mail: (Electronic mail) is an e-mail. Its name refers to the method of writing or transmitting, which is carried out entirely electronically by means of computer networks.
The Internet: the Internet (Internetworking System) is a global network of computer networks (so called metanetwork) that spans the entire Earth, connecting governmental, military, commercial, business, education, research, and other institutions, as well as individual users.
Website, Website, Website, Website: an electronic interface suitable for appearance and information, typically located on servers connected to the Internet (Webserver). These pages, pages, have a unique address (link) that you can enter into a browser application to navigate to that page. The technology of the Websites allows you to jump back and forth between content elements and links (hypertext).
Cookies (Cookies): software component for creating the comfort functions of websites. There are two basic types. One is a session cookie that is stored on your own computer and the other is stored on the server side. From the point of view of data management, the management of session cookies should be regulated. Visitors must be informed and informed about the use of cookies on the websites.
E-newsletter: e-mail, transactional, advertising or other campaign information sent to the e-mail address of persons subscribed to a list of addresses, typically created automatically and sent by an application designed to do so.

Principles of dara processing
The Pannon Business Network Association is committed to protecting the personal data of the data subjects, and considers it extremely important to respect the right of self-determination of the data subjects. The personal data recorded will be treated confidentially in accordance with data protection laws. In addition, we will take all technical and organizational measures to ensure that your personal data will be kept securely.
Personal data may only be processed for specified purposes, for the exercise of rights and for the fulfilment of obligations. At all stages of data processing, the purpose of data management must be met, the recording and processing of data must be fair and lawful.
The processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case for the establishment, exercise or defence of legal claims. Personal data may only be processed to the extent and for the period necessary to achieve the purpose.
The data subject has the right to object at any time to processing of personal data concerning him or her for such marketing. The data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing.

Possible legale bases and prurposes of data processing
Personal data may be processed if at least one of the following applies:
  • the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;
  • the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
  • the processing is necessary for compliance with a legal obligation to which the controller is subject;
  • the processing is necessary for the protection of the vital interests of the data subject or of another natural person;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Security of data processing
The Data Controller is obliged to plan and carry out data processing operations in such a way as to ensure the protection of the privacy of data subjects when applying legislation and other rules relating to data processing.
The Data Controller or the Data Processor is obliged to ensure the security of the data, to take the technical and organisational measures and to establish the procedural rules necessary to enforce the legal requirements.
The data shall be protected by appropriate measures against unauthorised access, alteration, transmission, disclosure, erasure or destruction, as well as against accidental destruction and damage and from becoming inaccessible as a result of changes in the technology used.
 
In order to protect data files processed electronically in different registers, appropriate technical solutions should ensure that the data stored in the registers are not directly interconnected and assigned to the data subject.
The Data Controller and the Data Processor shall take into account the state of the art when defining and applying measures to ensure the security of the data. A number of possible processing solutions should be chosen to ensure a higher level of protection of personal data, unless this would create disproportionate difficulties for the controller.
Taking into account the state of the art and the cost of implementation, the nature, scope, context and purposes of the processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, inter alia, where appropriate:
  1. pseudonymisation and encryption of personal data;
  2. the continued confidentiality, integrity, availability and resilience of systems and services used to process personal data;
  3. in the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner;
  4. the procedure for regularly testing, assessing and evaluating the effectiveness of the technical and organisational measures taken to ensure the security of data processing.
 
The computer tools, systems, data retention facilities and tools of the Pannon Business Network Association are located in the office building of the Pannon Business Network Association in Szombathely.
According to the current state of the art and the best of the knowledge of the Pannon Business Network Association, the used computing tools and computer systems can be considered protected from unauthorised access, data theft, deletion, alteration, accidental destruction, and unintentional disclosure.
The Pannon Business Network Association ensures the protection of data in accordance with the technical level available at the given time, and that the data cannot be directly linked and assigned to the data subject, with the exception of legal exceptions.
In order to present and promote the activities and services of the Pannon Business Network Association, it operates a web interface (website, website, web site) belonging to its own domain name.
 
Storage of personal data in connection with the operation of the website:
The hosting and server provider: Unique IMG Bt.
Address: 9932 Viszák, Main Road 56.
UNIQUE IMG Bt. stores the data and is not authorised to process it.
 
The Data Controller declares that it has taken appropriate security measures to protect the personal data against unauthorised access, alteration, transmission, disclosure, erasure or destruction, as well as accidental destruction and damage, as well as from becoming inaccessible as a result of changes in the technology used.
 
 
Information on the use of cookies
What is a cookie?
The Data Controller uses so-called “cookies” when visiting the website. A cookie is a set of letters and numbers that our website sends to your browser in order to save certain settings, facilitate the use of our website and help us collect some relevant statistical information about our visitors. Cookies do not contain any personal information and are not suitable for identifying the individual user. Cookies often contain a unique identifier — a secret, accidentally generated sequence of numbers — which is stored on your device. Some cookies cease to exist when the website is closed and some are stored on your computer for a longer period of time.
 
Legal basis and legal basis for cookies:
The background for data processing is the provisions of the General Data Protection Regulation (GDPR), Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.) and Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services. The legal basis for data processing is Art. 6 (1) (f) GDPR for session cookies, Art. 6 (1) (a) GDPR for other cookies. In accordance with Section 5(1)(a) of your consent.
 
The main features of the cookies used by this website are:
 
Session cookie: These cookies are temporarily activated while you are browsing. That is, from the moment the user opens the browser window until it is closed. As soon as the browser closes, all session cookies will be deleted. No personal data is stored in a session cookie.
This website uses the following functional cookies: PHPSESSID, YSC
Purpose: record user status while browsing
 
Security cookie: We use securitycookies to authenticate users, prevent misuse of login data, and protect user data from unauthorised persons.
 
Google Adwords Cookie: When someone visits our site, the visitor’s cookie ID is added to the remarketing list. Google uses cookies, such as NID and SID cookies, to customise ads in Google products, such as Google Search. For example, these cookies are used to remember your recent searches, previous interactions with individual advertisers’ ads or search results, as well as visits to advertisers’ websites. AdWords Conversion Tracking uses cookies. To track sales and other conversions from the ad, cookies are stored on the user’s computer when the person clicks on an ad. Some common uses of cookies are: selecting ads based on what is relevant to a particular user, improving campaign performance reports and avoiding the display of ads already viewed by the user. (Data Processor: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
 
Google Analytics cookie: Google Analyticsis a Google analytics tool that helps website owners and app owners get a more accurate picture of their visitors’ activities. The service may use cookies to collect information and compile reports from statistical data on website usage without individually identifying visitors to Google. The main cookie used by Google Analytics is the “__ga, _gat, _gid” cookie. In addition to reporting from site usage statistics, Google Analytics, along with some of the advertising cookies described above, may also be used to display more relevant ads in Google products (such as Google Search) and across the Internet. (Data Processor: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
 
1P_JAR cookie: This cookie provides information about how the end-user uses the website and any advertisements that the end user may have seen before visiting the website.
 
__Secure-3PSID: It is used for targeting purposes to create a profile of the interests of website visitors to display relevant and personalised Google ads.
 
SIDCC: It serves to store information about your use of the website and any advertisements you may have seen before visiting the site, and to help you customise your ads on Google properties by remembering recent searches, past interactions with advertisers’ ads, or search results and visitors on an advertiser’s website.
 
IT’S SID: It is used for securitypurposes and to store the user’s Google account ID, as well as digital signature and encrypted records of the latest login time, which allows Google to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorised parties. This can also be used for targeting purposes to display relevant and personalised advertising content.
 
IT’S HSID: It is used for securitypurposes and to store the user’s Google account ID, as well as digital signature and encrypted records of the latest login time, which allows Google to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorised parties. This can also be used for targeting purposes to display relevant and personalised advertising content.
 
THE SSID: It serves tostore information about the use of the website and any advertisements that the data subject may have seen prior to a visit to the site, as well as to facilitate the customisation of ads on Google properties by remembering recent searches, previous interactions with advertisers’ advertisements, or search results and visitors on an advertiser’s website.
 
APISID: It is used for targeting purposes to create a profile of the interests of website visitors to display relevant and personalised Google ads.
 
SAPISID: It is used for targeting purposes to create a profile of the interests of website visitors to display relevant and personalised Google ads.
 
_secure-3PAPISID: It is used for targeting purposes to create a profile of the interests of website visitors to display relevant and personalised Google ads.
 
_secure-3PSIDCC: It is used for targeting purposes to create a profile of the interests of website visitors to display relevant and personalised Google ads. Date of expiration: It’s two years.
 
Cookie Consent: To store login settings for user cookies.
 
NID: a cookie containing settings that your browser sends to Google websites. The NID cookie contains a unique identifier, which allows Google to remember a number of settings of a particular user, such as the preferred language, the number of results to be displayed in a search, etc. Personal data processed in this way will be deleted after 180 days.
 
HERE’S TO: One of the main advertising cookies used on websites outside Google is “IDE”, which is stored by your browser under the doubleclick.net domain.
 
IT’S RUL: One of the main advertising cookies used on websites outside Google is “IDE”, which is stored by your browser under the doubleclick.net domain.
 
THE DSID: These cookies are used to link the user’s activities on different devices if they have previously signed in to their Google Account. All this is done to align ads to the user across devices and measure conversion events. These cookies are stored on google.com/ads or googleadservices.com. If you don't want your ads to be displayed in a coordinated way across your devices, you can use Ad Settings to turn off ad personalisation.
 
THE YSC: Third-party cookies to facilitate use. This cookie is set by the YouTube video service on pages where embedded YouTube video is placed Anonymously collects data unless you are logged in with a Google user account. Cookies used to automatically adjust the quality of YouTube videos displayed on this page. Session cookie.
 
Pref: This cookie stores your favorite settings and other information, such as: the language you choose, how many search results you want to show on the page, whether you want to turn on the Google SafeSearch filter. Expiry date: Ten years.
 
VISITOR_INFO1_LIVE: This is a cookie set by YouTube to measure bandwidth in order to determine whether the new or old play area is right for you. Expiry date: Eight years.
LOGIN_INFO: YouTube uses it to store user preferences and other unspecified purposes. Expiry date: Ten years.
ANID: It is used for targeting purposes to create a profile of the interests of website visitors to display relevant and personalised Google ads.
 
Facebook pixel (Facebook cookie): A Facebook pixel is a code used to report conversions on the website, compiling target audiences, and providing detailed analysis data about the use of the website by the website owner. Facebook remarketing pixel tracking code allows you to deliver personalised offers and advertisements to website visitors on Facebook. The Facebook remarketing list is not suitable for personal identification (fr, tr).
More information about Facebook Pixel/Facebook pixels can be found here: https://www.facebook.com/business/help/651294705016616
(Data Processor: Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, Phone: + 1 650-543-4800.)
You can delete the cookies set by www.pbn.hu from your browser at any time. For more information on how to delete or manage cookies, see the help page of your browser. You can also use your browser to block cookies or to notify you each time you receive a new cookie. Blocking cookies can technically prevent the use of our website.
If you do not accept the use of cookies, certain features will not be available to you. For more information on how to delete cookies, please refer to the following links:
Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
From Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Chrome: https://support.google.com/chrome/answer/95647?hl=en
The edge: Settings -> Advanced settings -> Cookies (“Allow cookies”/“block all cookies”/“Only block third-party cookies” or: F12 — Troubleshooting — Cookies
 
Purpose and method of data processing:
The processing is based on the voluntary, explicit consent of the users of the content on the www.pbn.hu website, so that the data provided during the visit and use of the website will be used, which serves the continuous relationship between the users of the website and the data controller and the opinion polling.
The purpose of data management is to ensure the provision of services available under the URL on the www.pbn.hu website, to operate an information platform, to produce statistics, to manage questions received through the website.
The storage of visitor statistics is for statistical purposes only.
The Data Controller does not use the personal data for purposes other than those specified. The data provided in this way are processed with the voluntary consent of the user.
 
Images and videos displayed on our Facebook page
 
On our Facebook page, we regularly report on news about the activities of our association, conferences in which we participated, events organised by us, as well as our running projects.
We pay special attention to ensuring that the content of the images and videos published on our Facebook page does not violate the privacy rights or legitimate interests of others, and that we are authorised to use them lawfully.
 
Purpose of data processing:
Informing visitors to our Facebook page.
 
Legal basis for data processing
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and Art. 6 para. 1 lit. a GDPR. According to Section 2:48
 
The scope of the data processed:
Our charging cables in the buildings included in the recordings. The images may contain identifiable, recognizable natural persons.
 
Duration of data processing:
Until the withdrawal of the consent of the data subject or the deletion of the relevant content from our website.
 
Data Processor: Facebook Ireland Limited, 4 Grand Canal Square, Grannd Canal Harbour, Dublin 2 Ireland
 
Pannon Business Network Association does not accept responsibility for the earlier pages that have already been deleted, but have been archived with the help of internet search engines. They must be removed by the operator of the search page.


Images and videos displayed on our Instagram page
 
On our Instagram page we regularly report on news about our association’s activities, conferences in which we participated, events organised by us and our running projects.
 
We pay special attention to ensuring that the content of the images and videos published on our Instagram site does not violate the privacy rights or legitimate interests of others, and that we are authorised to use them lawfully.
 
Purpose of data processing:
Informing visitors to our Instagram page.
 
Legal basis for data processing
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and Art. 6 para. 1 lit. a GDPR. According to Section 2:48
 
 
The scope of the data processed:
Our charging cables in the buildings included in the recordings. The images may contain identifiable, recognizable natural persons.
 
Duration of data processing:
Until the withdrawal of the consent of the data subject or the deletion of the relevant content from our website.
 
Data Processor: Facebook Ireland Limited, 4 Grand Canal Square, Grannd Canal Harbour, Dublin 2 Ireland
 
Pannon Business Network Association does not accept responsibility for the earlier pages that have already been deleted, but have been archived with the help of internet search engines. They must be removed by the operator of the search page.


 
Images and videos displayed on our LinkedIn page
 
On our LinkedIn page we regularly report on news about the activities of our association, conferences in which we participated, events organised by us and our running projects.
 
We pay special attention to ensuring that the content of the images and videos published on our Linkedin site does not violate the privacy rights or legitimate interests of others, and that we are authorised to use them lawfully.
 
Purpose of data processing:
Inform the visitors of our LinkedIn page.
 
 
Legal basis for data processing
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and Art. 6 para. 1 lit. a GDPR. According to Section 2:48
 
 
The scope of the data processed:
Our charging cables in the buildings included in the recordings. The images may contain identifiable, recognizable natural persons.
 
Duration of data processing:
Until the withdrawal of the consent of the data subject or the deletion of the relevant content from our website.
 
Pannon Business Network Association does not accept responsibility for the earlier pages that have already been deleted, but have been archived with the help of internet search engines. They must be removed by the operator of the search page.


 
Images and videos displayed on our Twitter page
 
On our Twitter page, we regularly report on news about the activities of our association, conferences in which we participated, events organised by us and our running projects.
We pay special attention to ensuring that the content of the images and videos posted on our Twitter site does not violate the privacy rights or legitimate interests of others, and that we are authorised to use them lawfully.
 
Purpose of data processing:
To inform visitors to our Twitter page.
 
Legal basis for data processing
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and Art. 6 para. 1 lit. a GDPR. According to Section 2:48
 
The scope of the data processed:
The images of identifiable, recognizable natural persons included in the recordings, interviews given by the data subject.
 
Duration of data processing:
Until the withdrawal of the consent of the data subject or the deletion of the relevant content from our website.
 
Twitter is provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you use the Twitter app and the “re-tweet” function, the online services you use are linked to your Twitter account and communicated to other users. At the same time, data will be transferred to the Twitter app.
 
Pannon Business Network Association does not accept responsibility for the earlier pages that have already been deleted, but have been archived with the help of internet search engines. They must be removed by the operator of the search page.


Video recordings on our YouTube channel
 
We regularly publish various summaries of our various projects and events on our YouTube channel.
We pay special attention to ensuring that the content of the images and videos published on our YouTube channel does not violate the privacy rights or legitimate interests of others, and that we are authorised to use them lawfully.
 
 
Purpose of data processing:
Inform the visitors of our YouTube channel.
 
Legal basis for data processing
The legal basis for the processing is Art. 6 para. 1 lit. a GDPR and Art. 6 para. 1 lit. a GDPR. According to Section 2:48
 
 
The scope of the data processed:
The images of identifiable, recognizable natural persons included in the recordings, interviews given by the data subject.
 
Duration of data processing:
Until the withdrawal of the consent of the data subject or the deletion of the relevant content from our website.
YouTube is operated by Google, i.e. YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you use one of our online services with a YouTube plugin, it is connected to YouTube servers and the information about the online service you use is transmitted to YouTube servers. If you are logged into your YouTube account, this allows YouTube to link your browsing activity directly to the user’s profile. This can be prevented by logging out of your YouTube account. 
 
Pannon Business Network Association does not accept responsibility for the earlier pages that have already been deleted, but have been archived with the help of internet search engines. They must be removed by the operator of the search page.
 
Mixed provisions
 
Only our employees are entitled to access the data provided by you.
The data controller does not control the data provided by the user, and the user is solely responsible for their authenticity and conformity.
The controller shall treat all data and facts relating to users confidentially and only use them for the development of its services and for the production of its own research and statistics. These reports may only be published in a form that is not suitable for the unique identification of individual users.
The data management of www.pbn.hu is carried out in accordance with the legal regulations in force at the time and the data protection rules set out in this policy are used only in the course of its activities and will not be passed on to any other natural or private person without the consent of the user. Exceptions are the disclosures based on statutory obligations and the use of data in a statistically aggregated form, which does not include the name or any data of the user capable of identifying it.
If the Data Controller intends to use the data provided for purposes other than those described in this Privacy Policy, the Data Controller shall inform the User accordingly by means of the e-mail address provided and shall obtain the prior express consent of the User, and shall provide the User with the possibility of prohibiting the different use of the data.
In the case of data processing based on consent, we may process your data until it is prohibited by the User in writing at the info@pbn.hu e-mail address, in which case the deletion from the register will be completed within 48 hours. It is also possible to exercise other data subjects’ rights at the same contact details. If data changes are reported, the transfer will be completed within 48 hours.
Pannon Business Network Association does not accept responsibility for the earlier pages that have already been deleted, but have been archived with the help of internet search engines. They must be removed by the operator of the search page.

Data protection incident
The Data Controller declares that it has taken appropriate security measures to protect personal data in particular against unauthorised access, alteration, transmission, disclosure, erasure or destruction, as well as accidental destruction and damage, as well as from becoming inaccessible as a result of changes in the technology used.
The Data Controller shall ensure that the data processed by the Data Controller are only accessible to those authorised to do so, including IT and work organisation measures as well as measures within the organisation to ensure the security of data management.
However, the Data Controller should also inform the data subjects of the fact that data transfers using the Internet in any way are exposed to security measures, software and systems that provide the best protection according to the state of the art, are vulnerable to unlawful, unfair attacks. The computers used by the Data Controller’s staff and contributors are protected by a unique password, and in order to prevent unauthorised access, they are equipped with virus and malware software, firewalls providing protection against intrusions, antivirus software.
The data controller shall notify the personal data breach to the competent supervisory authority without undue delay and, if possible, no later than 72 hours after becoming aware of the personal data breach (National Authority for Data Protection and Freedom of Information: 1055 Budapest, Falk Miksa u. 9-11.; the phone: + 36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; homepage: www.naih.hu), unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
The data subject does not have to be informed if any of the following applies:
  • the controller has implemented appropriate technical and organisational protection measures and those measures have been applied to the data affected by the data protection incident, in particular measures such as encryption which render the personal data unintelligible to persons who are not authorised to access the personal data,
  • following the personal data breach, the controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise,
  • information would require disproportionate effort. In such cases, data subjects should be informed by means of publicly published information or similar measures should be taken to ensure similar information to data subjects.
 
 
Description of the rights related to data processing:
In accordance with Article 15 of the GDPR, the data subject may request access to personal data relating to him or her as follows:
Each data subject shall have the right granted by the European legislator to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed.
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
where possible, the planned period for which the personal data will be stored or, if specific information is not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Each data subject shall have the right granted by the European legislator to obtain from the controller a copy of the personal data concerning him or her. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. If the data subject has submitted the request by electronic means, the information shall be provided in a commonly used electronic format, unless otherwise requested by the data subject. The right to request a copy shall not adversely affect the rights and freedoms of others.
 
Each data subject shall have the right granted by the European legislator to obtain from the controller the rectification of inaccurate personal data concerning him or her.
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
 
 
Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
the data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(1) of the GDPR.
the personal data have been unlawfully processed;
the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
the personal data have been collected in relation to the offer of information society services.
Where the controller has made the personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required.
The data subject shall have the right to obtain from the controller restriction of processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR.
a) the exercise of the right to freedom of expression and information, or
compliance with a legal obligation, or
the performance of a task carried out in the public interest, or
D) where, in the exercise of official authority vested in the controller, or
for reasons of public interest in the field of public health,
for archiving purposes in the public interest, or
for scientific or historical research purposes or for statistical purposes, or
h) if necessary for the establishment, exercise or defence of legal claims.
 
Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing of personal data concerning him or her.
Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:
the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
D) the data subject has objected to processing in the public interest or in the exercise of official authority vested in the controller or in the legitimate interest of the controller (third party); in this case, the restriction shall apply for a period pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by the Retreat GmbH, he or she may at any time contact any employee of the controller.
 
Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her.
Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. We will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. If the data subject objects to the B & B GbR to the processing for direct marketing purposes, the GbR GbR will no longer process the personal data for these purposes.
The data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by the Aussie GmbH for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
 
In accordance with Article 20 of the GDPR, the data subject has the right to data portability of personal data relating to him or her as follows:
Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format.
a) if the legal basis for data processing is the consent of the Data Subject or the performance of a contract concluded with the Data Subject
B) and the processing is carried out by automated means.
In order to assert the right to data portability, the data subject may at any time contact any employee of the DIY.
The exercise of the right to data portability shall be without prejudice to the right to erasure. The right to data portability does not apply to the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The right to data portability shall not adversely affect the rights and freedoms of others.
 
Each data subject shall have the right granted by the European legislator to withdraw his or her consent to the processing of his or her personal data at any time.
Each data subject shall have the right granted by the European legislator to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of the processing based on consent prior to its withdrawal. You have the right to withdraw consent in the same simple way as to grant it.
Within five years of the death of the data subject, the rights of the data subject in the life of the deceased shall be enforced by the person authorised by the data subject by means of an administrative order or in an authentic instrument or in a private document of full probative value, as authorised by the data controller.
If the data subject has not made a statement, his/her close relative under the Civil Code is entitled to assert certain rights in the life of the deceased even in the absence thereof.
 
Remedies
If, according to the Data Subject, the Data Controller has violated a legal provision relating to data processing or has not complied with a request, the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa u. 9-11., postal address: 1363 Budapest, Pf.: 9, Phone: + 36 (1) 391-1400, Fax: + 36 (1) 391-1410, Email: ugyfelszolgalat@naih.hu URL: http://naih.hu may initiate the procedure.
In the event of a violation of the rights of the Data Subject, or if the Data Controller has failed to comply with a request, the Data Controller may also bring a court against the Controller. The court will proceed with the matter out of order. If the processing of personal data is necessary for the performance of a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, he or she may at any time contact any employee of the controller. The court has jurisdiction to adjudicate on the case. The Data Subject may, at his/her choice, bring the lawsuit before the court competent for the place of residence or place of residence. The party to the proceedings may also be those who otherwise do not have legal capacity to bring proceedings. The National Authority for Data Protection and Freedom of Information may intervene in the legal proceedings in order to ensure that the Data Subject is successful.
If the request is granted by the court, the Controller or the data processor is obliged to do so.
  • the termination of an unlawful processing operation,
  • to restore the lawfulness of data processing,
  • to ensure the enjoyment of the data subject’s rights,
  • if necessary, it shall also decide on the claim for damages and damages.
 
If you experience in connection with the Facebook page of the Pannon Business Network Association that there has been a breach of the legal provisions on data processing or any of your requests have not been complied with, your personal data will be processed by Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). For this reason, the Irish Data Protection Authority has the power to deal with the case, including a complaint to the Irish Data Protection Commission (21 Fitzwilliam Square, South)
Dublin 2, D02 RD28, Ireland)
 
 
]