Data Management Policy
This document contains information on the data management policy shared by the Budapest Academic Choral Society (hereinafter BAC) and the movements Let the Country Sing (hereinafter LCS) and Choir of the Nations (hereinafter CN).
The lawful basis for data handling for all of the above is the data subject’s consent. You can unsubscribe at email@example.com.
1 Information and Contact of the Data Handler
Company name: Interkultur Hungaria Nonprofit Ltd.
Seat: Rottenbiller u. 16 Budapest H-1074
tax number: 18162644-2-42
Company registration number: 01-09-913119
Phone number: +36 1 462 0330
Fax: +36 1 342 9362
home site: www.interkultur.hu
represented by: Dr Eszter Borbála Hámori, née Hazai
data file: the sum total of data registered and handled in a system;
data processing: the carrying out of technical operations on data that is independent of the method and means or location of executing these operations, supposing that the technical task is carried out on the data;
data processor: the natural or legal person or unincorporated organisation that processes data as per their contract with the data handler, including contracts by legal provisions;
data management: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
data controller: the natural or legal person or unincorporated organisation that – independently or in cooperation with others – sets the goal of data management, makes and executes decisions regarding data management (including the device to be used) or contracts a data processor to do so.
data identification: ascribing an identification number to the data for the purpose of differentiation;
data destruction: the complete and physical destruction of the data carrying medium (degaussing);
data forwarding: making data accessible to certain third parties;
data deletion: overwriting data from an electronic medium so that it can no longer be recovered (wiping);
data blocking: assigning an identification tag to data so as to block its handling definitely or indefinitely;
data subject: a particular natural person who can be identified directly or indirectly through personal data;
consent: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
personal data: any information relating to a data subject; such as a name, an identification number, or one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person who can be identified directly or indirectly, in particular by reference to such an identifier;
objection: a statement made by the data subject whereby they object to the handling of their data and request it to be stopped or request the deletion of their data handled (practising one’s Right to be Forgotten);
3 Management of Personal Data, Data Security
Data controller is committed to ensure the protection of personal data. Within their remit, data controller shall take appropriate measures, prepare necessary procedures and create all internal rules associated with data privacy and data security to ensure that the handling of personal data complies with Hungarian legislation and relevant EU legal acts so that they could be unshakably trusted by citizens.
With regard to requirements of data security and data privacy, data controller shall always act in compliance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter GDPR) and with Law no. CXII of 2011 “on the protection of personal data and access to data of public interest” (hereinafter Info law), as well as in accordance with all relevant data privacy regulations and the jurisprudence and shall observe the legislation in force.
As regards personal data that have come into data controller’s possession, data controller shall provide all technical conditions and IT processes through which data security provisions and requirements can be fully enforced.
The data privacy officer appointed by data controller is a person with a higher education degree who has relevant work experience in the field of data privacy and IT. The data privacy officer is fully entitled to control and act in all data management and data process tasks as regards the personal data managed by data controller.
3.1 The Right to and Time Period of Data Handling
The legal basis of data handling is the consent of the data subject.
The deadline for the deletion of data is the withdrawal of this consent.
Modification and deletion of personal data may be requested via e-mail at firstname.lastname@example.org.
3.2 Range of Personal Data and Purpose of Data Management
3.2.1 Identification Data
Purpose of Data Management: To identify members of BAC, LCS and CN; to keep in touch with them and to inform them about events organised by Budafok Dohnányi Orchestra.
Range of data handled: name, email address, phone number, date of birth (this last one being optional).
3.2.2 Data related to the choir’s activities
Purpose of Data Management: Organising and running the choir.
Range of data handled: choir part, concert related administration.
3.2.3 Travel Related Data
Purpose of Data Management: Organising trips, ensuring accommodation and special diets.
Range of data managed: home address, ID number, food intolerance(s), special requirements for accommodation.
3.3 Data Processors
3.3.1 Registration procedure
Data are received by controller through the registration of data subjects. During registration data controller avails of the services of the following data processing company:
Company name: Jotform Inc.
Seat: 111 Pine St. #1815 San Francisco, CA 94111, USA
Home site: www.jotform.com
All personal data managed by Jotform Inc. are kept in European servers. (https://www.jotform.com/eu-safe-forms/).
3.4 Data Forwarding
Data described in chapter 4.2.3 is forwarded by Data Handler to organisations cooperating in travel management. Only the data necessary to assure quality service will be forwarded.
3.5 Rights of Data Subjects
Data subjects may request information on the handling of their data and the correction of their personal data. They may also request the deletion of their personal data – except for the obligatory data management – as described at registration or by contacting data controller at the contact address shown above.
Upon data subject’s request, data controller will provide information on data subject’s data being managed, their sources, the purpose, legal basis and time period of data management, the name, contact and data processing activity of the data processor, and, in case of data forwarding, on the legal basis and recipient thereof. Data controller shall provide written information no later than 30 days after the handing in of the request. This service is free of charge if the person requesting information has not handed in any other requests regarding the same range of data in the current year. In any other case, data controller will set a fee.
Data controller has 30 days to delete, block or correct personal data. Should data controller not satisfy data subject’s request for correction, blocking or deletion, data controller shall notify data subject about the reasons for rejecting the request.
Data subject may object to the processing of their data if
a) the processing of personal data is a legal requirement to be met only and exclusively by data controller or if it is for the purposes of the legitimate interest of data controller, data importer or a third party, except when it is ordered by the law
b) the use or forwarding of the personal data serves purposes of direct marketing, polling or scientific research, and also c) in other cases defined by the law.
Data controller shall examine the objection within 15 days of its handing in and decide whether it is well-founded and let data subject know about their decision in writing. If data controller finds data subject’s objection well-founded, data controller shall stop the management of the data in question – including data registration and forwarding – and informs all parties to whom the data concerned has been forwarded to earlier, parties that should take adequate measures to manage rights of objection.
Should data subject not agree with the decision made by data controller, data subject may apply to court within 30 days of receiving the decision.
Data controller may not delete data subject’s data if data management was ordered by the law. The data concerned, however, may not be forwarded to () data importer if data controller accepted the objection or if the court found the objection legitimate.
In case of infringement of the data subject’s rights data subject may turn to court where the case will be given priority.
Remedies and complaints may be filed with the Hungarian National Authority for Data Protection and Freedom of Information:
Name: Hungarian National Authority for Data Protection and Freedom of Information Headquarters: Szilágyi Erzsébet fasor 22/C Budapest H-1125
Home site: http://www.naih.hu
Residents of EU member states may turn to the data protection authority of their country of residence.
3.6 Data Protection Officer
Data controller appoints a data protection officer responsible for data processing activities who shall cooperate in all issues related to data processing.
Contact data protection officer at: email@example.com
© Budapest Academic Choral Society