- Personal data may only be processed for a specific purpose, in order to exercise a right or fulfill an obligation. At all stages of data processing, it must comply with the purpose of data processing, the collection and processing of data must be fair and lawful.
- Only personal data that is essential for the realization of the purpose of data management and suitable for achieving the purpose may be processed. Personal data may only be processed to the extent and for the time necessary to achieve the purpose.
- The personal data shall retain its quality during data processing as long as its relationship with the data subject can be restored. The relationship with the data subject can be restored if the data controller has the technical conditions necessary for the recovery
- In the course of data processing, the accuracy, completeness and, if necessary, with regard to the purpose of data processing, up-to-dateness of the data must be ensured, and that the data subject can only be identified for the time necessary for the purpose of the data processing
Name of the data controller: Hungarian Blackpowder Shooters and Hunters Association (hereinafter: Data Controller)
Address of the data controller: 1044 Budapest, Kálvin János u. 35.
Contact details of the data controller: email: email@example.com
Legal basis for data processing: the consent of the data subject pursuant to Section 5 (1) (a) of Act CXII of 2011 on informational self-determination and freedom of information.
Persons affected by data processing: Natural persons filling out the registration forms published by HBSHA.
Consent to data processing: When filling in the electronic or printed application form HBSHA events and matches, the Users explicitly consent to the processing of their personal data by the Data Controller in the manner described in this prospectus.
Purpose of data processing: Organizing and administering events and matches for muzzleloader shooters.
Method of data processing: automated or manual data processing
SCOPE OF PERSONAL DATA PROCESSED
In the course of voluntary data provision by the user, you can provide the following data (on a voluntary basis, however, essential for the use of the service) when filling in the application form published by MEFLSZ:
Full name – purpose: contact, identification, event administration – mandatory data
e-mail address – purpose: contact, sending information about HBSHA events, event administration — mandatory data to be filled in
Phone number – purpose: contact by phone, information about the event, event administration — mandatory data to be filled in
Address — purpose: contact, identification, event administration —mandatory data to be filled in
Mailing address — purpose: contact, event administration— Mandatory data to fill in
Identity document number – purpose: identification, event administration – mandatory data to be filled in
The timestamp of sending an application — purpose: data processing, filtering out duplicate submissions, determining the time of registration — is recorded automatically.
IP address of the device used for submission – destination: detect duplicate submission – will be recorded automatically
Version of the browser used for submission – goal: to optimize the operation of the page – will be recorded automatically
IDENTITY OF THE DATA PROCESSORS (THOSE PERFORMING TECHNICAL TASKS RELATED TO DATA PROCESSING OPERATIONS):
HBSHA senior officials (President, Secretary-General), event or match organizing committee members.
DURATION OF DATA PROCESSING:
Data will be processed as long as necessary for event or match administration.
The processed data may be transferred between the HBSHA and MLAIC (Muzzleloaders Associations International Confederation), as governing body of MLAIC sanctioned events/matches.
RIGHTS OF DATA SUBJECTS:
The data subject may request the following
- Information about the processing of his/her personal data,
- rectifying his/her personal data, and
- deleting or blocking your personal data.
At the request of the data subject, the Data Controller shall provide information on the data of the data subject managed by him or her or by the data processor entrusted by him or her under his or her provision, their source, the purpose, legal basis, duration of the data processing, the name, address and activities of the data processor, the circumstances of the personal data breach, its effects and the measures taken to eliminate it, and – in the case of the transfer of the personal data of the data subject – the the legal basis and the recipient of the data transfer.
In order to control the measures related to personal data breach and to inform the data subject, the Data Controller shall keep records containing the scope of the personal data concerned, the number of data subjects affected by the personal data breach, the date, circumstances, effects and measures taken to eliminate the personal data breach, as well as other data specified in the law requiring data processing.
The Data Controller is obliged to provide the information in writing within the shortest possible time from the submission of the request, but not later than within 30 days, in an easily understandable form, at the request of the data subject. The information is free of charge if the person requesting the information has not yet submitted a request for information on the same data set in the current year to the Data Controller. In other cases, the Data Controller may determine the reimbursement of costs.
The Data Controller shall delete the personal data if
- its processing is unlawful;
- the data subject requests it;
- it is incomplete or erroneous – and this condition cannot be lawfully remedied – provided that deletion is not excluded by law;
- the purpose of the data processing has ceased to exist or the statutory deadline for storing the data has expired;e) it has been ordered by court or other Authority.
The data subject shall be notified of the rectification, blocking, marking and erasure, as well as all those to whom the data have previously been transmitted for the purpose of data processing. The notification may be omitted if it does not violate the legitimate interest of the data subject with regard to the purpose of data management.
If the Data Controller does not comply with the data subject’s request for rectification, blocking or erase, it shall communicate the factual and legal reasons for rejecting the request for rectification, blocking or erase in writing or electronically with the consent of the data subject within 30 days of receipt of the request.
OBJECTION TO THE PROCESSING OF PERSONAL DATA:
The data subject may object to the processing of his or her personal data,
- if the processing or transfer of personal data is only necessary for compliance with a legal obligation to which the Data Controller is subject or for the enforcement of the legitimate interest of the Data Controller or a third party, except in the case of mandatory data processing;
- if the use or transfer of personal data is carried out for the purpose of direct business acquisition, public opinion polling or scientific research;
- in other cases provided for by law.
The Data Controller shall examine the objection within the shortest possible time from the submission of the request, but not later than within 30 days, make a decision on its merits and inform the applicant of its decision in writing.
If the Data Controller establishes the merits of the objection of the data subject, it shall terminate the data management – including further data collection and data transfer – and block the data, and shall notify all those to whom the personal data affected by the objection has previously been transmitted and who are obliged to take measures to enforce the right to object.
If the data subject does not agree with the decision taken by the Data Controller, or if the Data Controller fails to meet the above deadline, the data subject may turn to court within 30 days of the notification of the decision or the last day of the deadline.
If the data subject objects to the processing of his or her personal data or has a judicial remedy, and if he or she receives a request from a third party for disclosure that is not based on the consent of the data subject, the data may also be disclosed to legal representatives mandated by the Data Controller to the extent necessary to assess the legality of the above.
We kindly ask the data subjects to contact us if they feel that their rights to the protection of personal data have been violated by the Data Controller, so that we can remedy any breach.
The data subject may lodge a complaint or request information from the National Data Protection and Information Authority:
Name: Nemzeti Adatvédelmi ésInformációs Hatóság
Headquarters: 1125 Budapest Szilágyi Erzsébet fasor 22/c.
Postal address: 1530 Budapest, Pf.: 5.
Phone: +36 (1) 391-1400Fax: +36 (1) 391-1410
Website: http://naih.hu ”