Privacy Notice

For the data processing of CSP Korlátolt Felelősségű Társaság in connection with the series of events called Night of companies”

Version number: 1.0

Updated: 11.09.2020.

  1. Introduction

CSP Solutions Korlátolt Felelősségű Társaság (registered office: 1163 Budapest, Galgahévíz utca 44, company registration number: 01-09-300650, tax number: 25995769-2-43) (hereinafter: Service Provider, data controller) processes data in connection with the “Night of companies” series of events in accordance with this Privacy Notice.

  1. Name of data controller

CSP Solutions Korlátolt Felelősségű Társaság

registered office: 1163 Budapest, Galgahévíz utca 44.

company registration number: 01-09-300650

tax number: 25995769-2-43

  1. Name of the Data Protection Officer

Csilla Deák-Nagy

e-mail: csilla@cebp.hu

phone: +36208235783

  1. Purpose and legal basis of data processing
  1. General purpose and legal ground
  • The general goal of data processing is to ensure the effective participation of employers and interested parties in the online series of events called “Night of companies” (www.nightofcompanies.com). The general legal ground is the consent of the data subject in accordance with Article 6 (1) (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council.
  1. Registration
  • Regarding the registration, the purpose of data processing is to ensure contact between the CSP Solutions Korlátolt Felelősségű Társaság and the registering client through an online user account, participation, obtaining information about the event, accessing companies participating as employers and creating a platform for providing data to them. The username and e-mail address are essential for identification in the database and serve as a link between the Authority and the notifier. To meet data security requirements, a password is required to identify the user.
  • Legal ground: Consent of the data subject pursuant to Article 6 (1) (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council
  • Duration: 1 year or an erasure request received earlier.
  1. Application for participation, data provided during data upload
  • During the application for participation and data upload, the participant can provide other data and professional CV in addition to their username and e-mail address so that the companies participating in the event as employers can see such data in a way that they become accessible for the company stated in the data subject’s express consent. With this consent, the data subject expressly agrees that CSP Solutions Korlátolt Felelősségű Társaság provides access for these specifically designated companies on the interface to the relevant data of the data subject, which such companies are obliged to handle in the manner specified in their privacy notice, regulations and in the relevant legal regulations. .
  • Legal ground: Consent of the data subject pursuant to Article 6 (1) (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council
  • Duration: 1 year for data managed by CSP Solutions Korlátolt Felelősségű Társaság or an erasure request received earlier.
  1. Data provided by participating companies as employers

The CSP Solutions Korlátolt Felelősségű Társaság processes the data provided by the companies participating as employers in accordance with the agreements concluded between the employer companies and CSP Solutions Korlátolt Felelősségű Társaság and in accordance with the relevant legal provisions. necessary and sufficient for the execution of the agreements.

Legal ground: Consent of the data subject pursuant to Article 6 (1) (a) of Regulation (EU) 2016/679 of the European Parliament and of the Council

Duration: in respect of the data provided during the execution of the contract, the exercise of the rights and obligations arising from the contract, for the purpose of contact in order to perform the contract, 5 years after the termination of the contract. The legal ground for processing the provided data for accounting and tax purposes is the fulfilment of a legal obligation, in this context the duration of data storage is 8 years.

  1. Data Processors

– During the processing of data CompOffice-R Kft. (registered office: 1147 Budapest, Benkő u. 10-14. tax number: 13155478-2-13) and rentIT Rendezvényinformatikai Korlátolt Felelősségű Társaság (registered office: 2030 Érd, Festő utca 93.; tax number: 23894930-2-13) act as processors with regard to data stated in Sections IV.1, IV: 2, IV.3. by operating the event website and the virtual online event space. Data processors will erase the data of the operated systems on 10 October 2020 and will not have no access to any data of the event thereafter.

– The accounting tasks are performed by:

  1. Purpose limitation of data processing

Personal data may only be processed for a specific purpose, in order to exercise a right and fulfil an obligation. At all stages of data processing must be appropriate to the purpose of processing, and the recording and processing of data must be fair and lawful. Only personal data that are necessary for the realization of the purpose of data processing and suitable for the achievement of the purpose may be processed. Personal data may only be processed to the extent and for the time necessary to achieve the purpose.

  1. VII.The source of the personal data and the scope of the processed data, if they were not provided by the data subject to CSP Solutions Korlátolt Felelősségű Társaság

CSP Solutions Limited Liability Company does not process personal information that is not collected from the data subject.

  1. VIII.“Cookie” data processing

In order to use the www.cegekejszakajabudapest.hu website in a customized and efficient manner, as well as for the fullest possible user experience, the website will place a small data package called cookies on the user’s computer. Cookies are identifiers that the website or the server of the partner collecting the cookie can send to the computer used by the user to identify the computer used during the stay on our website and stores technical data about the use of the website (such as clicks, other navigation data). Most browsers automatically accept these cookies by default. You can turn off the storage of cookies, or you can set it in your browser to be notified before a cookie is stored on your computer. These settings only apply to the browser and computer you are using, and the settings and disabling of cookies must be set separately for each computer and browser. By disabling cookies, we cannot guarantee the proper functioning and full use of all functions of the website.  Our website uses Google and Facebook remarketing tools for marketing purposes, which also use cookies.

Cookies operated by Google and Facebook for this purpose in this case identify the user and, after visiting the website, display advertisements promoting the service on Google and Facebook’s own page.

CSP Solutions Korlátolt Felelősségű Társaság will not have access to such personal information of the user, it will remain specifically managed by Google and Facebook. Advertising can be disabled in Facebook and Google settings.

  1. Newsletter

Pursuant to Section 6 of Act XLVIII of 2008 on the basic requirements and certain restrictions of commercial advertising activities the data subject may agree in advance and expressly to be contacted with advertising offers and other items at the contact details provided during registration. Subject to the provisions of this notice, the data subject may consent to the processing of the personal data of CSP Solutions Korlátolt Felelősségű Társaság necessary for the sending of advertising offers. CSP Solutions Korlátolt Felelősségű Társaság will not send unsolicited promotional messages and the data subject may unsubscribe from receiving offers free of charge without restriction or justification. In this case, CSP Solutions Korlátolt Felelősségű Társaság deletes all personal data – necessary for sending advertising messages – from its records and does not contact the data subject with its further advertising offers. Data subjects can unsubscribe from the ads by clicking on the link in the message.

Pursuant to Section 20 (1) of the Act, Act CXII of 2011 on the Right of Informational Self-determination and Freedom of Information the following shall be specified in the scope of data processing of newsletter sending:
a) the fact of data collection,
b) the range of stakeholders,
c) the purpose of the data collection,
d) the duration of the data processing,
e) the potential data controllers entitled to access the data,
f) a description of the data subjects’ rights in relation to data processing.

The fact of data processing, the scope of processed data: name, e-mail address, date, time.
Stakeholders: all stakeholders who subscribe to the newsletter.
The purpose of data processing is to send electronic messages containing advertisements to the data subject, to provide current information, products, promotions, new features, etc.
Duration of data processing, deadline for erasing data: data processing lasts until the withdrawal of the consent statement, i.e. until unsubscription.
Potential data controllers entitled to access the data: Personal data may be processed by the data controller’s staff, respecting the above principles.
Description of the data subjects’ rights regarding data processing: The data subject can unsubscribe from the newsletter at any time, free of charge.
The legal ground of data processing: the voluntary consent of the data subject, Section 5 (1) of Infotv., Section 6 (5) of Act XLVIII of 2008 on the basic requirements and certain restrictions of commercial advertising activities.

  1. Data Security

The controller is obliged to plan and carry out data processing operations in such a way as to ensure the protection of the privacy of the data subject. Data Controllers, and within their sphere of competence, data processors must implement adequate safeguards and appropriate technical and organizational measures to protect personal data, as well as adequate procedural rules to enforce the provisions of the Information Protection Act and other regulations concerning confidentiality and security of data processing. The data shall be protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, accidental destruction and damage, and loss of access due to changes in the technology used. In order to protect the data files processed electronically in the various registers, an appropriate technical solution must be used to ensure that the data stored in the registers cannot be linked directly and assigned to the data subject, unless permitted by law.
During the automated processing of personal data, CSP Solutions Korlátolt Felelősségű Társaság and the data processor apply additional measures to

1. prevent unauthorized data entry;
2. prevent the use of automatic data-processing systems by unauthorized persons using data communication equipment;
3. ensure the verifiability and traceability of the bodies to which personal data have been or may be transmitted using data communication equipment;
4. ensure the verifiability and traceability of which personal data have been input into automated data-processing systems, when and by whom;
5. check the resilience of installed systems in the event of a breakdown; and
6. ensure that errors in automated processing be reported.

  1. Other principles of data processing

Personal data retain this quality during data processing as long as its connection with the data subject can be restored. The connection with the data subject can be restored if the data controller has the technical conditions necessary for the recovery.
The accuracy and completeness, and – if deemed necessary in the light of the aim of processing – the up-to-dateness of the data must be provided for throughout the processing  operation, and shall be kept in a way to permit identification of the data subject for no longer than is necessary for the purposes for which the data were recorded.

  1. XII.Rights of data subjects in relation to data processing

1. Deadline

CSP Solutions Korlátolt Felelősségű Társaság will fulfil requests of data subjects to exercise their rights within a maximum of one month from its receipt. The date of receipt of the application is not included in the deadline.

CSP Solutions Korlátolt Felelősségű Társaság may, if necessary, extend this deadline by an additional two months, taking into account the complexity of the application and the number of applications. CSP Solutions Korlátolt Felelősségű Társaság shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month from the receipt of the request.

2. Rights of data subjects in relation to data processing

2.1. Right of access

The data subject shall have the right to request information from CSP Solutions Korlátolt Felelősségű Társaság as to whether the processing of their personal data is in progress and, if such data processing is in progress, is entitled to know

  • • – what personal information;
  • • – on what legal ground;
  • • – for what data processing purpose;
  • • – and how long data are processed by CSP Solutions Korlátolt Felelősségű Társaság; and
  • • to whom, when, under what legislation, which personal data was granted access to by CSP Solutions Korlátolt Felelősségű Társaság or to whom it transferred their personal data;
  • • the source of their personal data;
  • • Whether CSP Solutions Korlátolt Felelősségű Társaság uses automated decision making and its logic, including profiling.

CSP Solutions Korlátolt Felelősségű Társaság will provide a copy of the personal data subject to data processing free of charge for the first time upon the request of the data subject, after which it may charge a reasonable fee based on administrative costs.

In order to meet the data security requirements and to protect the rights of the data subject, CSP Solutions Korlátolt Felelősségű Társaság is obliged to make sure that the identity of the data subject and the person wishing to exercise the right of access match, and therefore, information, access to and the provision of a copy of the data shall be subject to the identification of the data subject;

2.2. Right to rectification

The data subject can request that CSP Solutions Korlátolt Felelősségű Társaság to modify any of their personal data through the contact details provided in section III. If the data subject can reasonably prove the accuracy of the corrected data, CSP Solutions Korlátolt Felelősségű Társaság will comply with the request within a maximum of one month and will notify the data subject thereof at the contact details provided by them.

2.3. Right to blockage (restriction of processing)

The data subject may request that the processing of their personal data be restricted by CSP Solutions Korlátolt Felelősségű Társaság (clearly indicating the limited nature of the data processing and ensuring separate processing from other data) through the contact details provided in Section III. if

– they dispute the accuracy of their personal data (in this case, CSP Solutions Korlátolt Felelősségű Társaság limits the data processing for as long as it verifies the accuracy of the personal data);

– the processing is unlawful and the data subject opposes the deletion of the data and instead requests that their use be restricted;

– the controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to make, enforce or protect legal claims; or

the data subject objected to the data processing; in such cases the restriction shall only apply to the time period necessary to determine whether the Controller’s justified needs precede the needs of the data subject.

2.4. Right to protest

The data subject may object to the data processing through the contact details provided in Section III, if, in their opinion, CSP Solutions Korlátolt Felelősségű Társaság does not properly process their personal data in connection with the purpose indicated in the privacy notice for the given procedure. In this case, CSP Solutions Korlátolt Felelősségű Társaság must prove that the processing of personal data is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which are related to the submission, enforcement or protection of legal claims.

2.5. Right to erasure

The data subject has the right to have their personal data erased without undue delay at their request by CSP Solutions Korlátolt Felelősségű Társaság and the data controller is obliged to erase the personal data of the data subject without undue delay, unless there are other legal grounds for processing the data.

2.6. The right to data portability

The Data Subject shall have the right to receive the personal data concerning them through the contact details specified in Section III, which they have provided to CSP Solutions Korlátolt Felelősségű Társaság, in a structured, commonly used and machine-readable format and shall have the right to transfer those data to another controller without hindrance from the Authority relating to automated data processing.

3. Right of appeal

If the data subject considers that CSP Solutions Korlátolt Felelősségű Társaság has violated the applicable data protection requirements in the processing of their personal data, then they

– may submit a complaint to the Authority (National Authority for Data Protection and Freedom of Information), address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c, postal address: 1530 Budapest, PO box.: 5. E-mail: ugyfelszolgalat@naih.hu, website: www.naih.hu), or

– may go to a court that is acting in priority proceedings to protect your data. In this case, you are free to decide whether to bring an action before the competent court for your place of permanent residence (permanent address) or place of temporary residence (temporary address), or the registered office of CSP Solutions Korlátolt Felelősségű Társaság. You can find the court competent according to your place of permanent or temporary residence at http://birosag.hu/ugyfelkonnectati-portal/birosag-kereso. According to the registered office of the Authority, the Budapest Capital Regional Court has jurisdiction over the lawsuit.

Budapest, 11 September 2020.