Privacy policy

Information on data processing
T-Systems Magyarország Ltd. as data controller (seat: 1097 Budapest, Könyves Kálmán krt. 36..; Hungary; registration no.: 01-10-044852; taxation no.: 12928099-2-44; the „Data Controller”) hereby informs the Data Subjects on the basis of Regulation (EU) 2016/679 of the European Parliament and the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC („General Data Protection Regulation” or „GDPR”) as follows:

1. The identity and the contact details of the Data Controller:
T-Systems Magyarország Ltd.
Postal address:  1097 Budapest, Könyves Kálmán krt. 36.; Hungary
E-mail address: support@eventsguide.hu

2. The name and the contact details of the data protection officer:
dr. Attila Puskás (address: 1097 Budapest, Könyves Kálmán krt. 36., Hungary; Phone number: 06 (1) 458-0561; E-mail address: DPO@telekom.hu)

3. The categories of the processed personal data, the purposes of the processing for which the personal data are intended, the legal basis for the processing and the period for which the personal data will be stored:  
 
A range of managed personal data Legal basis for data management Purpose of data management Duration of data management
Name, email address, telephone number and position of a person User consent under Article 6 (1) (a) of the GDPR Information and participation in events organized by the data controller. If the consent is withdrawn, the entire range of personal data will be deleted.
Name, email address, telephone number and position of a person User consent under Article 6 (1) (a) of the GDPR To stay in touch If the consent is withdrawn, the entire range of personal data will be deleted.
Name, email address, telephone number and position of a person User consent under Article 6 (1) (a) of the GDPR Contacting for business acquisition If the consent is withdrawn, the entire range of personal data will be deleted.
Name, email address, telephone number and position of a person User consent under Article 6 (1) (a) of the GDPR For statistical processing If the consent is withdrawn, the entire range of personal data will be deleted.
Name, email address, telephone number and position of a person User consent under Article 6 (1) (a) of the GDPR Marketing inquiries If the consent is withdrawn, the entire range of personal data will be deleted.

Only those employees have access to the personal data, who need to have access to such data for performing their tasks. No automated decision-making, including profiling takes place in connection with the data processing.   

4. Transfer personal data, the recipients or categories of recipients of the personal data:
The Data Controller uses the following data processors in connection with the processing:
Automated decision making, including profiling, takes place during data management.
Description of logic, which used in automated decision making:
The visitor's personalized unique QR code can be used to navigate the scene of the event.
The QR code can be read in several cases by event staff at each section room, or read by the visitor at the stand readers themselves.
Data management through automated decision-making can have the following significance and the following expected consequences for the affected person: After reading the QR code, the visitor can see in the mobile application of the event which booths he has turned to or participated in. In addition to the general information about the sites visited, we display additional content that may be of interest to the visitor.
Visitors can get access to downloadable material for the stalls and sections that they visit, and content that may be interesting to them based on their activities, but did not visit those venues at the event.
No transfer of data to third countries (i.e. outside the European Union) or to international organizations takes place.

5. Transmission of personal data, recipients of personal data, and categories of recipients:
The Data Controller uses the following data processors for data management:
System Development:
WebDream Magyaroszág Kft. (1037 Budapest, Testvérhegyi dropping down 10.)
Innobyte Informatikai Kft. (1114 Budapest, Villányi út 8. 3. em. 1.)
Quant-it Informatics Ltd. (7691 Pécs, Berkenyés utca 32.)
Personal data will not be forwarded to a third country (ie outside the European Union) or to an international organization.

6. The data subject’s rights in connection with the processing:
The data subject may request from the Data Controller
a) access to his/her personal data,
b) rectification of his/her personal data, and
c) erasure of his/her personal data or restriction of processing concerning the data subject.
The right of access:
The data subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data. The Data Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
Right to rectification:
The data subject shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her.
Right to erasure:
The data subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
  3. the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
  4. the personal data have been unlawfully processed;
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;
  6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
Right to restriction of processing:
The data subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:
  1. the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  4. the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the Data Controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Right to data portability:
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data Controller to which the personal data have been provided, where: (a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and (b) the processing is carried out by automated means.
General rules regarding the data subjects’ rights:
The Data Controller shall provide information on action taken on a request to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Data Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
Information to the data subject and any actions taken shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the Data Controller may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or (b) refuse to act on the request. The Data Controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.
Where the Data Controller has reasonable doubts concerning the identity of the natural person making the request, the Data Controller may request the provision of additional information necessary to confirm the identity of the data subject.

6. Possible legal remedies:
The data subject may turn to the Data Controller’s data protection officer (dr. Attila Puskás; address: 1097 Budapest, Könyves Kálmán krt. 36., Hungary; Phone number: 06 (1) 458-0561; E-mail address: DPO@telekom.hu) in connection with the processing of his/her personal data at any time.
In case of the infringement of his/her rights, the data subject may submit a claim against the Data Controller to the court. The court shall proceed out of turn. The Data Controller shall prove that the processing is in compliance with the applicable laws. The Court of Appeal (törvényszék), in Budapest, the Metropolitan Court of Appeal (Fővárosi Törvényszék) is competent. The lawsuit may also be initiated in front of the Court of Appeal that has jurisdiction based on the permanent or temporary address of the data subject.   
The Data Controller shall compensate the data subject for the damages caused to the data subject by the unlawful processing of the personal data of the data subject or by the infringement of data security requirements. The Data Controller shall be exempted from liability if it can prove that the damages were unavoidable and the causes were out of the scope of data processing. Damages that were due to the data subject’s deliberate or grossly negligent behavior shall not be compensated.  
The data subject has the right to lodge a complaint with the National Authority of Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság, President: dr. Attila Péterfalvi; Postal address: 1530 Budapest, Pf.: 5., Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c, Phone number: +36 (1) 391-1400; Telefax: +36 (1) 391-1410; E-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu).