Data management information on the handling of personal data
Data management information on the handling of personal data
Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (GDPR ) Pursuant to Articles 13 and 14, the Data Controller shall provide the data subjects with the following information regarding the processing of personal data.
International JIAIDO Association
8692 Szőlősgyörök, Petőfi Sándor utca 20.
Legislation underlying data management
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) GDPR, the current text of the legislation is available at the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ : L: 2016: 119: TOC )
Act CXII of 2011 on the right to information self-determination and freedom of information. Act (hereinafter: Infotv., the current text of the legislation is available via the following link: http://njt.hu/cgi_bin/njt_doc.cgi?docid=139257.338504 )
According to the GDPR, "personal data" means:
any information relating to an identified or identifiable natural person ("data subject"); identify a natural person who, directly or indirectly, in particular by an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable.
The term "consignee" means:
the natural or legal person, public authority, agency or any other body to whom or with which the personal data are disclosed, whether a third party or not. Public authorities that may have access to personal data in the framework of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing.
purpose of treatment:
Use of personal data for the delivery of electronic newsletters, information or other targeted content,
Registration for programs, events and courses organized by the Association.
The processing of personal data lasts until the data subject's request or cancellation of the consent.
List or categories of personal data processed (different for each program, event):
Why is it necessary?
For the organization and conduct of another event organized by the Data Controller after the event, necessary for the fulfillment of the objectives according to a) and b) or after the event, for the purpose of delivering electronic advertising, newsletters, information or other addressed content
City (place of residence)
Getting to know the geographical location of those interested in the activities of the Association.
Occasionally necessary to compile the program of the event (the structure of the JIAIDO exercises).
Data required for registration. The participant is required to contact and register with a natural person.
"How did you hear about the program?"
In order to keep in touch and to get acquainted with the JIAIDO information channels.
“What other form of exercise have you practiced / practiced recently?”, “Do you have any health problems that we need to pay attention to during the exercises?”
To protect the health of participants in JIAIDO exercise meditation exercises.
Legal basis for data management:
By registering the checkbox during registration, you consent to the processing (ie recording, recording, systematization, storage, use, querying, transmission, blocking, deletion, destruction, to prevent further use). The processing of personal data starts with the application (by ticking the checkbox) and the Data Controller deletes the personal data at the end of the storage period (see above).
You can voluntarily withdraw your consent at any time, but the withdrawal of your consent does not affect the lawfulness of the data processing prior to the withdrawal. Incomplete, contradictory or incomprehensible designation must be interpreted by the Data Controller as a refusal of consent.
Automated decision making or profiling
Does the Data Controller use this? No.
Information on applied logic - Not relevant.
What is the significance and consequence for the data subject - Not relevant
IF YOU HAVE AN ADDRESSEE
Name of recipients
Purpose of communication
WHO CAN KNOW YOUR PERSONAL INFORMATION?
As a general rule, the personal data of the data subject may be disclosed to the volunteers of the Data Management Association in order to perform their duties. For example, the data management event management volunteers for the organization. Personal data will be transferred to those indicated at the Recipients.
The Data Controller will only transfer the personal data of the data subject to other state bodies in exceptional cases. For example, if a legal dispute between the data subject and the Data Controller is the subject of legal proceedings and the trial court requires the transfer of documents containing the data subject's personal data, the police will contact the Data Controller and request the transfer of the data subject's data. In addition, for example, a lawyer representing the Data Controller will also have access to personal data in the event of a dispute between the data subject and the Data Controller.
DATA SECURITY MEASURES
The Data Controller stores the personal data provided by the data subject at the Data Controller's registered office or at the registered archive storage location. In order to process the personal data of the data subject, the Data Controller uses the data processing service indicated at the Recipients.
The Data Controller shall take appropriate information security measures to ensure that the data subject's personal data is protected against, inter alia, unauthorized access or alteration. For example, access to personal information stored on servers is logged, so you can always check who, when, what personal information you have access to. The Data Controller shall take appropriate organizational measures to ensure that personal data cannot become accessible to an indefinite number of persons.
TRANSFER TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANIZATION
Name of third country or international organization
EU Commission decision on compliance, in the absence thereof, indication of guarantees
Binding company rule (if relevant)
Derogations for specific situations (if relevant)
Pursuant to Article 15 of the GDPR, the data subject may request access to personal data concerning him or her as follows:
(1) The data subject has the right to receive feedback from the Data Controller as to whether the processing of his / her personal data is in progress and, if such data processing is in progress, he / she has the right to access the personal data and the following information:
the) the purposes of data management;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular third country recipients or international organizations;
d) where applicable, the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;
e) the data subject's right to request the Data Controller to rectify, delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data;
f) the right to lodge a complaint with a supervisory authority;
g) if the data were not collected from the data subject, all available information on their source;
h) the fact of automated decision-making, including profiling, and, at least in these cases, comprehensible information on the logic used and the significance of such data processing and the expected consequences for the data subject.
(2) The Data Controller shall provide the data subject with a copy of the personal data subject to data processing. The Data Controller may charge a reasonable fee based on administrative costs for additional copies requested by the data subject. If the data subject has submitted the request electronically, the information shall be provided in a widely used electronic format, unless the data subject requests otherwise. The right to request a copy must not adversely affect the rights and freedoms of others.
Pursuant to Article 16 of the GDPR, the data subject has the right to request the rectification of personal data concerning him or her.
Upon the request of the data subject, the Data Controller is obliged to correct inaccurate personal data concerning him / her without undue delay. Taking into account the purpose of the data processing, the data subject has the right to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary statement.
Pursuant to Article 17 of the GDPR, the data subject has the right to request the deletion of personal data concerning him / her from the Data Controller as follows:
(1) The data subject has the right to request the deletion of personal data concerning him or her, and the data controller is obliged to delete personal data concerning the data subject without undue delay if one of the following reasons exists:
the) personal data are no longer required for the purpose for which they were collected or otherwise processed;
b) the data subject withdraws his or her consent on which the processing is based and there is no other legal basis for the processing;
c) the data subject objects in the public interest, in the exercise of a public authority or in the legitimate interest of the data controller (third party) and there is no overriding legitimate reason for the data processing, or the data subject objects to the data processing for direct business acquisition;
d) personal data have been processed unlawfully;
e) personal data must be deleted in order to fulfill a legal obligation provided for in the applicable EU or Member State law (Hungarian law);
f) personal data were collected in connection with the provision of information society services.
(2) Where the controller has disclosed personal data and is required to delete it pursuant to paragraph 1, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that the the data subject has requested that the links to the personal data in question or a copy or duplicate of such personal data be deleted.
(3) The right of the data subject to be deleted can only be limited if the following exceptions are written in the GDPR, ie if the above reasons are met, the further retention of personal data can be considered lawful:
if the exercise of the right to freedom of expression and information, or
if compliance with a legal obligation, or
if the performance of a task in the public interest, or
if by reason of the exercise of official authority vested in the controller, or
if, in the public interest in the field of public health,
if for the purpose of archiving in the public interest, or
if for scientific and historical research or statistical purposes, or
if necessary for the submission, enforcement or defense of legal claims.
Pursuant to Article 18 of the GDPR, the data subject has the right to request the Data Controller to restrict the processing of personal data concerning him or her as follows:
(1) The data subject has the right to restrict the data processing at the request of the Data Controller if one of the following is met:
the) the data subject disputes the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Data Controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the deletion of the data and instead requests that their use be restricted;
c) the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims; obsession
d) the data subject has objected to the processing of data in the public interest, in order to exercise a public authority or in the legitimate interest of the controller (third party); in this case, the restriction shall apply for the period until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the data subject.
(2) Where the processing is subject to restrictions as set out above, such personal data may be removed from storage only with the consent of the data subject or for the purpose of bringing, enforcing or protecting legal claims or protecting the rights of another natural or legal person, or can be treated.
(3) The Data Controller shall, at the request of the data subject at whose request the data processing has been restricted pursuant to paragraph 1, inform in advance of the lifting of the data processing restriction.
Pursuant to Article 21 of the GDPR, the data subject has the right to object to the processing of personal data concerning him or her by the Data Controller as follows:
(1) The data subject has the right to object at any time, for reasons related to his or her situation, to the processing of his or her personal data in the public interest, in the exercise of public authority or in the legitimate interest of the controller (third party), including profiling. In this case, the Data Controller may not further process the personal data, unless the Data Controller proves that the data processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or for the submission, enforcement or protection of legal claims. are related.
(2) Where personal data are processed for the purpose of direct business acquisition, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for that purpose, including profiling, in so far as it relates to direct business acquisition. If the data subject objects to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for this purpose.
(3) The right to protest shall be explicitly brought to the attention of the data subject at the latest at the time of first contact and shall be clearly and separately displayed.
(4) In connection with the use of information society services and by way of derogation from Directive 2002/58 / EC, the data subject may also exercise the right to object by automated means based on technical specifications.
(5) Where personal data are processed for scientific and historical research or statistical purposes, the data subject shall have the right to object to the processing of personal data concerning him or her on grounds relating to his or her situation, unless such processing is necessary for the performance of a task carried out in the public interest.
Under Article 20 of the GDPR, the data subject is entitled to the portability of personal data concerning him or her as follows:
(1) The data subject shall have the right to receive personal data concerning him or her made available to a controller in a structured, widely used machine-readable format and to transfer such data to another controller without being hindered by the controller whose provided personal data if:
if the legal basis of the data processing is the consent of the Data Subject or the performance of the contract concluded with the Data Subject
and data management is automated.
(2) In exercising the right to data portability, the data subject shall have the right, if technically feasible, to request the direct transfer of personal data between data controllers.
(3) The exercise of the right to data portability shall not infringe the right of erasure. The right to carry data shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority conferred on the controller.
(4) The right to data portability must not adversely affect the rights and freedoms of others.
Pursuant to Article 7 (3) of the GDPR, the data subject has the right to withdraw his or her consent to the processing of his or her personal data at any time as follows:
The data subject has the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of the consent-based data processing prior to withdrawal. You have the right to withdraw your consent in the same simple way as you give it.
The right of appeal of the person concerned is a complaint to a supervisory authority before a court
In case of illegal data processing experienced by the data subject, he / she may initiate a civil lawsuit against the Data Controller. The trial falls within the jurisdiction of the tribunal. The lawsuit - at the option of the person concerned - can also be initiated before the court of the place of residence (you can view the list and contact details of the courts through the following link: http://birosag.hu/torvenyszekek
Without prejudice to other administrative or judicial remedies, any data subject shall have the right to complain to a supervisory authority, in particular in the Member State in which he or she has his or her habitual residence, place of employment or suspected infringement, if he or she considers that the processing of personal data the GDPR.
National Authority for Data Protection and Freedom of Information (NAIH)
title: 1125 Budapest, Szilágyi Erzsébet avenue 22 / c
postal address: 1530 Budapest, Pf .: 5
phone: +36 (1) 391-1400
fax.: +36 (1) 391-1410
Budapest, May 25, 2018