Privacy policy
PRIVACY NOTICE
HFDA Spot
MAGYAR DIVAT & DESIGN ÜGYNÖKSÉG NONPROFIT Zrt. (HFDA Ltd., registered office: Hungary, 1027 Budapest, Kacsa utca 15-23) (hereinafter: Agency, Data Controller), in this case as DATA CONTROLLER, is committed to respecting the rights of the Data Owners to privacy and the protection of their personal data and proceeding during its operation in compliance with the General Data Protection Regulation of the European Union (hereinafter: GDPR), the Hungarian Privacy Act (hereinafter: Infotv.) and the other legal regulations, guidelines and the established data protection practice, by also taking into account the most important international recommendations on data protection.
HFDA Spot was created to make it as easy as possible for the players in the creative industry to get to know each other and to find common cooperation opportunities. This platform, helps to establishing professional relationships, it facilitates sales processes and also contributes to reducing labor shortages.
When you accepting this this privacy notice by sending your registration, you represent and warrant that you have read and expressly agreed to this version of this document, and you give your consent to further processing of your personal data.
The Agency as Data Controller, considers the contents of this legal notice binding. It undertakes to ensure that all data processing related to its services meets the requirements set out in this notice and in all applicable legislation.
The Ageny will store your personal data on the servers of the Data Controllers and Data Processors.
The processing activities of the Agency are in compliance with the following legal regulations on data protection:
Regulation of the European Parliament and of the Council (EU) 2016/679 (27 April 2016)- on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);
Act CXI I of 2011on the Right of Informational Self-Determination and on Freedom of Information (Infotv.);
Act V of 2013on the Civil Code (Ptk.);
THE DATA CONTROLLERS
NAME OF DATA CONTROLLER:
HUNGARIAN FASHION AND DESIGN AGENCY LTD. (MAGYAR DIVAT ES DESIGN ÜGYNÖKSÉG NZRT., Registration number: 01-10-049808, Office: 1027 Budapest, Kacsa utca 15-23., Tax number: 26338972-4-41, Represented by: Zsófia Bata-Jakab)
POSTAL ADDRESS OF DATA CONTROLLER: H-1027 Budapest, Kacsa utca 15-25.
EMAIL ADDRESS OF DATA CONTROLLER: info@hfda.hu
PHONE NUMBER OF DATA CONTROLLER: +36 30 302 6146
DATA PROTECTION OFFICER: Levente Papp. privacy@mtu.gov.hu
DATA PROCESSORS CONCERNED
Data Controller may uses the following service provider companies as concerned Data Processors:
HUNGARIAN TOURISM AGENCY LTD. (registration number: 01-10-041364, Office: 1027 Budapest,Kacsa utca 15-23. tax number: 10356113-2-41, represented by: dr. Zoltan Guller)
The Data Processors will not use the personal data for their own purposes, they only process data for the Data Controller.
THE SCOPE OF YOUR PERSONAL DATA
Name, username, facebook or google ID, email address and phone number of the Data Subject
THE PURPOSE OF DATA PROCESSING
The Data Controller processes certain personal data of the Data Subjects for the purpose of building business database, which is necessary for sending professional newsletters and for keeping in touch.
DURATION TO STORE YOUR PERSONAL DATA:
The personal data automatically deleted if you withdraw your intention to attend or until you withdraw your consent. You have the right to withdraw your consent at any time, but this will not affect the legitimacy of the data processing prior to the withdrawal.
LEGAL GROUNDS OF DATA CONTROLLING:
The legal ground of processing your personal data is your consent.
RECIPIENTS OF YOUR PERSONAL DATA AND RECIPIENT CATEGORIES:
The personal data provided by you can be accessed by the direct employees of Data Controller and Data Processors, so that they can perform their job-related tasks. These employees will controll and process the data in accordance with the law and internal rules in a confidential manner.
RIGHTS OF THE DATA SUBJECTS
The Data Subject may request information on the processing of their personal data, the rectification of their personal data and may also request the erasure of their personal data, with the exception of processing required by law.
RIGHT TO PRIOR INFORMATION:
The Data Subject has the right to obtain information regarding the facts and information about the processing, prior to its start. One of the reasons why this Privacy Notice was created was to guarantee that right.
ACCESS RIGHT:
The Data Subject may request the Agency to:
-confirm the processing of their personal data;
-provide a copy of such data;
-provide information about their personal data, including especially the data recorded by the Agency and the purpose of their use, the parties with whom these data are shared, whether the data are transferred abroad and the method used to protect such data, the duration of storage of
the data and the manner and form of submitting complaints and, finally, the source from which the agency obtained the data of the Data Subject.
RIGHT TO RECTIFICATION:
The Data Subject may request the Agency to rectify or supplement inaccurately or incompletely recorded personal data. Prior to the rectification of any erroneous data, the Agency may inspect the authenticity and accuracy of the Data Subjects data.
RIGTH TO WITHDRAW CONSENT
The Data Subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the Data Subject shall be informed thereof It shall be as easy to withdraw as to give consent.
RIGHT ERASURE, RIGHT TO BE FORGOTTEN :
The Data Subject may request the erasure of their personal data.
RIGHT TO RESTRICT PROCESSING (RIGHT OF BLOCKING):
The Data Subject may request a restriction of the processing of their personal data (blocking of data).
DATA PORTABILITY:
The Data Subject may request the Agency to transfer their personal data to the party concerned in an orderly, transparent manner, legible also for information systems and to transfer the data directly to a different controller.
RIGHT TO OBJECTION:
For reasons relating to their own situation, the Data Subject may object to the processing of their personal data at any time when they believe that it is required to exercise their fundamental rights. The Data Subject may object to the processing of their personal data for direct marketing purposes at any time, without providing any reasoning, in which case the Agency terminates the processing within the shortest possible time.
AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING:
The Data Subject has the right to excuse themselves from the force of resolutions which are based exclusively on automated processing (including profiling) and would have an effect on them or would affect them in any other way of similarly significant extent. The Agency does not operate any procedure during which it applies automated decisions.
INFORMATION TO THE DATA SUBJECT ON ANY POTENTIAL PERSONAL DATA BREACH:
The Agency protects the personal and other data of the Data Subject in compliance with the applicable laws and regulations and in proportion to the risks, uses an advanced and reliable IT environment and selects its co-operation partners with special care. It performs its internal processes in a regulated and supervised manner in order to prevent or avoid even the smallest error, problem or incident occurring during the processing of personal data and to detect, inspect and manage any event that may still happen. If an incident relating to personal data still occurs provenly and it is likely to impose a high risk to the rights and freedoms of the Data Subjects, the agency undertakes to inform the Data Subject and the data protection authority about the personal data breach in a manner and providing the information specified in the effective data protection regulations, without any unreasonable delay.
RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY:
Complaints about processing may be submitted to the Hungarian National Authority for Data Protection and Freedom of Information:
Registered office: H-1125 Budapest, Szilagyi Erzsebet fasor 22/c
Postal address: 1534 Budapest, P.O. Box: 834
Phone: (+36 1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
RIGHT TO AN EFFECTIVE JUDICIAL REMEDY AGAINST A SUPERVISORY AUTHORITY:
Without prejudice to any other administrative or non-judicial remedy, each natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them.
RIGHT TO AN EFFECTIVE JUDICIAL REMEDY AGAINST A CONTROLLER OR PROCESSOR:
Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77, each Data Subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.
SAFETY OF THE DATA PROCESSED BY US
The Agency arranges for creating backups that are suitable according to the IT data and the technical environment of the Website. The backups are stored according to the criteria applicable to the retention period of the specific data and, thereby guaranteeing the availability of data during the retention period, after which they will be finally destroyed.
The IT system and the integrity and operability of the environment storing the data are checked with advanced monitoring techniques and the required capacities are provided constantly. The events of the IT environment are registered with complex logging functions, thus ensuring subsequent detectability and legal proof of any data breach.
We use a high broadband, redundant network environment to serve our websites, with which any load can be safely distributed among the resources. The disaster tolerability of our systems is scheduled and guaranteed, and we use organisational and technical instruments to guarantee high- level business continuity and constant services to our users.
The controlled installation of security patches and manufacturer updates that also ensure the integrity of our information systems is a key priority, thus preventing, avoiding and managing any access or harmful attempt involving the abuse of vulnerability.
We apply regular security tests to our IT environment, during which the detected errors and weaknesses are corrected because enhancing the security of our information system is a continuous task.
High-security requirements are also set for our staff, which also include confidentiality, and compliance with which is ensured with regular training. During our internal operation, we try to use well designed and controlled processes. Any personal data breach detected during our operation or reported to us is investigated transparently, with responsible and strict principles within 72 hours. The actual data breaches are all processed and recorded.
During the development of our services and IT solutions we arrange for complying with the principle of installed data protection, as data protection is a priority requirement even in the design phase.
COMMUNICATION OF A PERSONAL DATA BREACH
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the Data Subject without undue delay. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.