Purpose of the Notice
The purpose of this Privacy Notice (“Notice”) is to set out the data protection and data processing principles applied by the Together for Autistic People Foundation (“Controller”).
During the operation of the http://www.egyuttazautistakert.hu website (“Website”) the Controller processes the personal data of Website visitors, people who have subscribed to newsletters through the Website, donors and people who have sent e-mails (“Data Subjects”).
Details of the Controller:
Name: Together for Autistic People Foundation
registered office: 1027 Budapest, Margit krt. 12. 2/12.
Email: [email protected]
Visitors to the website run by the Controller, people who subscribe to newsletters through the Website, donors, and people who have sent e-mails.
The processed data
When subscribing to the newsletter, donating online or sending an e-mail, the Data Subject is obliged to provide the following personal data: name, e-mail address and the data necessary for online donation. For individuals: name and e-mail address. For companies: name, VAT number, registered office, name and email address of the contact person.
The Controller does not verify the supplied personal data. Liability for the accuracy of the supplied data shall be assumed exclusively by the person that supplied it. When providing e-mail addresses, Data Subjects are responsible for ensuring that only they use services from the provided e-mail address. In view of this liability, all liabilities concerning the given e-mail address rest solely with the Data Subject that provided the e-mail address.
During the operation of the system, the following technical data is automatically recorded: the data of the Data Subject’s login computer which is generated during the use of the service and is recorded by the Controller’s system as an automatic result of the technical processes. The automatically recorded data is logged by the system upon entry and exit, without any special declaration or action by the Data Subjects. This data may not be linked to other personal user data, except for in those cases required by law. Only the Data Controller has access to the data.
The legal grounds, purpose and the method of data processing
The legal grounds for data processing is the voluntary consent by the Data Subject under Section 5 (1) a) of Act CXII of 2011 on the right of informational self-determination and freedom of information. Data Subjects give their consent to have their data processed by using the Website and by voluntarily supplying the data in question.
The purpose of data processing is to ensure the provision of the services accessible on the Website. The Controller processes the data provided by the Data Subject limited to purpose, exclusively in order to manage donations, to respond to a contact, or to send a newsletter if the Data Subject subscribed to one.
The purpose of automatically recorded data is to produce statistics, to facilitate technical development of the IT system, and to protect the rights of the Data Subject.
The Controller does not, and may not use the supplied personal data for purposes other than those described in these paragraphs. The release of personal data to third parties or authorities is only possible with the prior express consent of the Data Subject, unless otherwise stated by law.
The Controller and the Data Processor process the personal data of the Data Subjects in a traceable manner and according to the legal regulations.
Advertisements or letters (newsletters) containing advertisements are sent by the Controller to the electronic e-mail addresses given by the Data Subjects upon registration only with the express consent by the Data Subject, in the cases and in the manner complying with relevant legal prescriptions. The newsletter has direct marketing elements and contains advertisements. When sending newsletters, the Controller processes the data supplied by the Data Subject. The Controller processes the data provided by the Data Subject when subscribing to the newsletter until the Data Subject unsubscribes from the newsletter. If a Data Subject unsubscribes from a newsletter, the Controller will not send any further newsletters and offers to the Data Subject. Data Subjects may unsubscribe from the newsletter at any time, free of charge, and may withdraw their consent to data processing.
Period of data processing
The processing of personal data supplied when using the Website starts when voluntary supply and lasts until the expiry of the general limitation period (five years) or until the data is deleted upon the request of the Data Subject. The erasure of the data by the Controller upon request by the Data Subject is possible at any time.
The above provisions do not affect the fulfilment of the storage obligations specified by law (e.g. by the accounting laws).
The personal data of Data Subjects that subscribe to newsletter is processed until the Data Subject unsubscribes from the newsletter.
Persons accessing data, data transfer, data processing
Primarily, the Controller and the Controller’s internal associates are entitled to access data.
The Controller uses the following data processors for operating the basic IT system, the website and the online payment service used for donations, constituting the legal grounds for data transfer.
Description of the Data Processors:
- For online donations: Barion Payment Zrt. (registered office: 1117 Budapest, Infopark sétány 1. I. épület 5. emelet 5., telephone: +36 1 464 7099)
- For newsletters: André Timár, sole trader (registered office: 7635 Pécs Lepke d. 4/A TT 3/A, e-mail: [email protected], telephone: +36304098960)
- For website operation: André Timár, sole trader (registered office: 7635 Pécs Lepke d. 4/A TT 3/A, e-mail: [email protected], telephone: +36304098960)
- For accounting: Molnár Mónika Varga (registered office: 1042 Budapest, Árpád út 51-53. A. épület 4. emelet, e-mail: [email protected], telephone: +36303718300)
The Data Processors store the personal data based on the contract signed with the Controller and they are not entitled to access the personal data.
The Data Subject’s rights and their enforcement
The Data Subjects may request information about the personal data on them that is being managed by the Controller at any time. They may also modify this data at any time. The Data Subjects may contact the Controller’s associates through the a.m. contacts with questions and comments concerning data processing.
If requested by the Data Subjects, the Controller provides information:
- About the data processed by the Controller with regard to the Data Subjects,
- About the data and their sources processed by the Controller or by the data processor mandated by the Controller,
- About the purpose, the legal ground and the period of data processing,
- About the name, the address and the data processing-related activities of the data processor,
- About the circumstances of data processing incidents and the measures taken to eliminate them
- And if the Data Subject’s personal data is transferred about the legal ground and the recipient of data transfer.
The Controller shall provide the requested information within the shortest possible time from the submission of the request, but not later than 25 days later in written form.
Data Subjects may also request to have their data deleted with any of the contacts listed above. Information about the deletion shall be sent to the Data Subject and to all people to whom the data was transferred for data processing. Such information may be ignored if, in view of the purpose of data processing, no legitimate interests of the Data Subject are infringed.
If the Controller fails to fulfil the Data Subject’s request for deletion, it shall inform the Data Subject about the factual and legal reasons for rejecting the request for deletion within 25 days from receipt of the request, in writing.
Data Subjects may challenge the processing of their personal data. The Controller shall consider any such challenge after the request is submitted, but at the latest within 15 days, it shall make a decision on its merits, and shall notify the requestor about its resolution in writing.
By virtue of the Info Act and the Civil Code (Act V of 2013), Data Subjects may turn to the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság, 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; https //www.naih.hu) or they may enforce their rights in Court.
Measures taken to ensure data security
The Controller is obliged to ensure data security, to take technical actions to protect the collected, stored and processed data as well as to take all actions to prevent the destruction, unauthorized usage and unauthorized modification of such data. The Controller is also obliged to call on all third parties to whom the data is eventually transferred or delivered to fulfil their relevant obligations.
Budapest, 27 April 2020