I. DATA Controller
Scientific association for Mechanical engineering
Registered office: 1147 Budapest, Czobor utca 68.
TAX number: 19815682-2-42
EU TAX number: HU19815682
Registration number: 01-02-0000401
Bank account: K&H Bank Zrt. 10200830-32310236-0000000
II. CONTACT DETAILS OF THE DATA PROTECTION OFFICER
We do not carry out any activities that would justify the appointment of a Data Protection Officer.
III. PURPOSES AND LEGAL GROUNDS FOR PROCESSING
The purpose of this notice is to enable visitors to this website and our future partners to understand in a transparent and clear manner what personal data we process and on what basis we do so. We believe that clarity can only be ensured if the precise legal requirements are listed in a separate section, which is placed at the end of this notice.
1. CONTACT FORM
The contact form on this website is intended to provide an online contact facility. The form asks for your name and email address. We process this data on the basis of consent.
2. Blog AND NEWS POSTS
The purpose of blog posts is to start a conversation on a specific topic with the blog readers. In order to post a comment to the blog, you will be asked to provide a name and email address. The legal basis for the processing is the consent of the data subject.
3. NEWSLETTER / eDM
We will send a newsletter about our news, updates and important events to those who have given their consent. The newsletters contain the name and contact details of the association and are therefore considered as advertising. You can subscribe to the newsletter by providing your name and email address. The legal basis for processing is the consent of the data subject.
4. FACEBOOK PAGE
On our Facebook page, which is operated for the purpose of online contact, commenting on news, expressing opinions, advertising our association, acquiring potential partners, we also come across personal data (name, comments), which we access with the consent of the data subject.
If you order/pay for one of our services/products and we issue an invoice for this, as required by law, we will ask you for your billing name and address, tax number and email address.
6. CONTACT US BY TELEPHONE
When you call the telephone number posted on the website, we will see your telephone number. Presumably you will introduce yourself, so we will get your name. We will process this data on the basis of your consent, in order to be able to call you back if we are unable to answer the phone. If no business/partner relationship is established between us, the telephone number and associated name will not be stored.
7. REGISTERING FOR AN EVENT
When you register for our events, the following information will be collected. The name of the person concerned, the name, address, tax number and job title of the workplace or company concerned. Contact details of the data subject, such as email address and telephone number. If the data subject does not have a registered place of work, the data processed is the address of the data subject.
8. MEMBERSHIP OF AN ASSOCIATION
Upon membership, the following data will be collected through the Membership Registration Form. Name of the person concerned, maiden name of the mother, place and date of birth of the person concerned, address, contact details (email address and telephone number), name, address, contact details (email address and telephone number) of the place of work or business of the person concerned, position of the person concerned.
9. CONTACT DETAILS OF BUSINESS AND PROFESSIONAL PARTNERS
In the course of our business/professional relations, we process personal data of our partners’ managers, employees, contacts: name, telephone number, email address, etc. on the basis of legitimate interest.
A cookie is a set of letters and numbers that websites usually send to your browser to save certain settings, facilitate the use of the website and help us collect some relevant, statistical information about visitors. Cookies do not contain any personal information and are not used to identify an individual user. Cookies often contain a unique identifier – a secret, randomly generated sequence of numbers – that is stored on your device. Some cookies are deleted after you close the website, some are stored on your device for a longer period of time.
You can prevent all cookie-related activity, delete data files placed during your previous visits, and find out exactly how to do this in your browser’s instructions, which can be found on the following pages:
Some browsers also allow you to automatically delete your browsing data each time you close them. You can read about this here.
If you’ve previously received a cookie from Facebook – either because you have an account or because you’ve visited facebook.com – your browser will send information about that cookie when you visit a site with a “Like” button or other social plug-in (like this website). More information about this can be found here.
When you comment or leave a review on the website, our website uses a cookie to store your name and email address so that you do not have to type it in again on a subsequent visit (we will of course ask for your consent).
Sharing buttons (Facebook, Google+) and embedded content (e.g. YouTube videos) may also place a cookie on your device.
IV. WITHDRAWAL OF CONSENT
Our processing is based on consent (see above) for the following activities:
- sending a newsletter including advertising
- contact by interested parties via the contact form on the website
- operation of a Facebook page
- posting comments on the website via the Facebook contact form
- contacting you by phone
- registration for events
- membership of an association
Consent can be withdrawn at any time, in the same simple way as it was given.
You can withdraw your consent by clicking on the unsubscribe link at the end of the newsletter.
For Facebook pages, you can withdraw by unliking the page, and for private messages and comments, by deleting them.
For other data processing operations based on consent, please send a short message to email@example.com
Processing prior to withdrawal of consent is considered lawful.
V. CONTRACT AND LEGAL OBLIGATION
We have a legal obligation to keep billing records and issue invoices. If the requested data are not provided by our client, it is impossible for us to provide the service we have undertaken to provide.
VI. INDICATION OF LEGITIMATE INTEREST
We process the contact details and names of our business partners on the basis of legitimate interest. By business partners, we mean the persons with whom we work on a specific project, e.g. the marketing manager of a large company who gives us orders or instructions for specific work, the printer who prints our professional materials, the programmer who helps us with web work, etc.
These personal data have been obtained from the data subjects themselves in the course of our previous correspondence and meetings over many years, and the data subjects have already been assured of their confidentiality. The right to object is granted to all our partners.
VII. DURATION OF DATA STORAGE
Contact form (name, email address) – until the end of the business relationship, but reviewed every six months
Comments received on website (name, email address, comments) – until request for deletion
Newsletter subscription (name, email address) – until unsubscribe
Facebook page (name, comments) – until page deletion, until revocation of page by data subject, until data subject’s deletion action
Billing name and address – for the period required by law
Cookies from gteportal.eu website – until the cookies expire or until the user deletes them from their browser
VIII. SECURITY MEASURES
Our association has appropriate security measures in place to protect personal data against, inter alia, unauthorised access, disclosure or alteration. Access to our computers is only possible by entering a password. We use fingerprint identification on our phones. We use double authentication to access our mail and Facebook. We also do our utmost to prevent unauthorised access to our website and use SSL encryption.
In designing appropriate security measures, we have taken into account the current state of science and technology, the nature, scope, context and purposes of the processing, and the varying likelihood and severity of the risk to the rights and freedoms of natural persons.
IX. DATA PROCESSORS
Our company uses data processors to perform certain tasks.
101 Avenue of the Americas 10th Floor New York, NY 10013 United States
GDPR Notice: https://www.digitalocean.com/legal/gdpr/
(Access the full content of the website)
One Microsoft Way, Redmond, WA 98052-7329, USA
Privacy Notice: https://privacy.microsoft.com/en-gb/privacystatement
(Access to all emails)
Menlo Park, California, USA
(Access to user’s name, comments.)
X. TRANSFERS TO THIRD COUNTRIES
Third countries to which data is transferred are the United States of America and Germany.
The USA was the subject of an adequacy decision on 12 July 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en), which was adopted by
Google (https://policies.google.com/privacy/frameworks) and
This website can be accessed from DigitalOcean’s data centre in Frankfurt, Germany, their Privacy Shield statement can be found here: https://www.digitalocean.com/legal/privacy-shield/
XI. RIGHTS OF THE DATA SUBJECT
1. ACCESS TO PERSONAL DATA
Visitors to our website, our customers, our partners have the right to request feedback on whether their personal data is being processed and, if so, to have access to the following information:
- the purposes of the processing
- the categories of personal data concerned
- recipients to whom/which the personal data have been or will be disclosed, including third country recipients and international organisations,
- the envisaged duration of the storage of the data and, if this is not possible, the criteria for determining this duration,
- the right of the data subject to obtain from the controller the rectification, erasure or restriction of the processing of personal data relating to him or her and to object to the processing of such personal data
We will provide you with a copy of the personal data that are the subject of the processing. We will charge a reasonable fee for additional copies and administrative costs. If the request is made electronically, the information will be provided in a commonly used electronic format (.doc, .pdf, .xls, .jpg, etc.) unless the data subject requests otherwise.
The right to request a copy must not adversely affect the rights and freedoms of others.
2. RIGHT TO RECTIFICATION
Visitors to our website, our customers, our partners have the right to have inaccurate personal data relating to them corrected upon request. Taking into account the purpose of the processing, we may request the completion of incomplete personal data. We must inform any recipient to whom we have disclosed the personal data of the rectification, unless this is impossible or involves a disproportionate effort. The data subject will be informed of the recipients upon request.
3. RIGHT TO ERASURE
We are obliged to delete personal data relating to a customer, client or website visitor without undue delay, upon request or without request, if
- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- the client/customer/visitor withdraws the consent on which the processing is based and there is no other legal basis for the processing;
- the client/customer/visitor objects to the processing and there is no overriding legitimate ground for the processing;
- the personal data have been unlawfully processed;
- the personal data must be erased in order to comply with a legal obligation under EU or Member State law applicable to the controller;
- the personal data were collected in connection with the provision of information society services.
Where we have disclosed personal data that we need to delete, we will take reasonable steps, taking into account the available technology and the cost of implementation, to inform the data controllers that have processed the data that our customer/client/website visitor has requested the deletion of the links to or copies or duplicates of the personal data in question.
We do not need to delete personal data if the processing is necessary for the establishment, exercise or defence of legal claims. If we receive a request to delete such data, we will consider it and respond in writing to our decision.
We will inform all recipients to whom we have disclosed the personal data of the erasure, unless this is impossible or involves a disproportionate effort. We will inform our customer/client/user of the recipients upon request.
4. THE RIGHT TO RESTRICTION OF PROCESSING
Our client/customer/visitor to our website has the right to request the restriction of processing if:
- disputes the accuracy of the personal data, pending clarification
- the processing is unlawful and requests the restriction of the use of the data instead of its deletion;
- We no longer need the personal data for the purposes of processing, but the user/customer/client requires it for the establishment, exercise or defence of legal claims;
- the user/customer/client has objected to the processing for legitimate interests; in this case, the restriction applies for a period of time until it is established whether the legitimate grounds of the controller prevail over the legitimate grounds of the data subject.
- Where processing is subject to restriction, personal data other than storage may only be processed with the consent of the user/customer/client or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.
We will inform the user/customer/client in advance of the lifting of the restriction.
We must inform all recipients to whom we have disclosed the personal data of the restriction, unless this is impossible or involves a disproportionate effort. Our client/customer/user will be informed of the recipients upon request.
5. RIGHT TO DATA PORTABILITY
Where data is processed by automated means, where the legal basis for processing is consent or a contractual legal basis, our client/customer/site visitor has the right to receive the personal data concerning him/her that he/she has provided to us in a structured, commonly used, machine-readable format and to have this data transmitted to another controller, where technically feasible.
The right to data portability must not adversely affect the rights and freedoms of others.
6. RIGHT TO OBJECT
Our client/customer may object to the processing of his/her personal data on grounds relating to his/her particular situation at any time, provided that the legal basis for the processing is a legitimate interest. In such a case, we may no longer process the personal data unless we can demonstrate compelling legitimate grounds which override the interests, rights and freedoms of our client/customer or for the establishment, exercise or defence of legal claims.
7. AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES, INCLUDING PROFILING
As we do not carry out automated decision-making and profiling, we cannot provide this fundamental right.
XII. IN THE EVENT OF A COMPLAINT
Your personal data will be treated with the utmost care. If you still feel that we have not taken all reasonable steps to protect your personal data or if you simply have a question, please contact us at firstname.lastname@example.org.
In the event of a breach of the data protection principles by our association, data subjects may exercise their rights of redress before a court of law by bringing a civil action. The court of law will have jurisdiction to decide on the case.
The lawsuit may also be brought before the court of the place of residence of the data subject (for a list of courts and their contact details, click here).
In addition, you can contact the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/C., postal address: 1530 Budapest, PO Box 5, email: email@example.com, wesite: http://www.naih.hu) with any complaints or questions regarding your personal data.
XIII. AUTOMATED DECISION-MAKING
Our association does not operate automated decision-making.
XIV. IN DETERMINING THE LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA, WE HAVE TAKEN THESE LEGAL PROVISIONS INTO ACCOUNT
The sending of newsletters including advertising is only possible with consent, as required by Article 6 (1) (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council and Article 6 (1) – (3) of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities.
In connection with the contacting of the website, the posting of comments on the website, the operation of the Facebook page, visitor statistics and conversion measurement, cookies and the processing of data in connection with business relations and agreements, we have taken into account Article 6 (1) (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
The basis for data processing in connection with invoicing is Article 6 (1) (c) of Regulation (EU) 2016/679 of the European Parliament and of the Council and Article 78 (3) of Act CL of 2017 on the Rules of Taxation (retention period for supporting documents) and Article 169 (e) of Act CXXVII of 2007 on Value Added Tax (mandatory elements of invoices).
XV. OTHER PROVISIONS
This leaflet will enter into force on 1 April 2020 and will be revised as soon as new guidelines, positions and detailed rules become known which require us to amend it. If the scope of our association changes or new marketing tools are introduced, we will also update it.