Meetup data protection
1. Data controller and their contact options
Company name of the data controller: aiMotive Kft. (hereinafter: the “Data Controller”)
Registered seat: 1025 Budapest, Szépvölgyi út 22
E-mail address: [email protected]
Phone number: + 36 1 770 7234
Data protection officer: Végh Dávid / [email protected]
Website: www.aimotive.com
2. Scope of processed data, purpose, legal basis of data processing, the period for which the personal data is stored
a.)
Category of personal data concerned: Name and e-mail address
Purpose of data processing: Identification, keeping contact and providing further information (about current meetup, future events, open positions)
Legal basis of data processing: Consent
Period for which the personal data is stored: Until the withdrawal of consent but maximum for a period of 36 months
b.)
Category of personal data concerned: URL to LinkedIn profile and the personal data available there
Purpose of data processing: Choosing topics for further meetups or other events, evaluating if the participant (who registered to any meetup) will be informed about any open position
Legal basis of data processing: Consent
Period for which the personal data is stored: Until the withdrawal of consent but maximum for a period of 36 months
c.)
Category of personal data concerned: Profession
Purpose of data processing: Choosing topics for further meetups or other events, evaluating if the participant (who registered to any meetup) will be informed about any open position
Legal basis of data processing: Consent
Period for which the personal data is stored: Until the withdrawal of consent but maximum for a period of 36 months
Concerning the above instances of data processing the Data Controller highlights that if the Participant (the person registering for the meetup) does not provide at least their name and e-mail address then registration to the meetup is not possible.
2. Recipients or categories of recipients of the personal data
The Data Controller does not process any category of personal data to third parties or other addressees.
3. Processing of special categories of personal data
The Data Controller does not process any special category of personal data in the course of the registration for the meetup.
4. Data of the data subject obtained from other sources
No data is obtained from other sources in connection with registration for the meetups or other similar events organized by the Data Controller.
5. Rights of the data subject
The Participant may request from the Data Controller access to personal data concerning the Participant, rectification of inaccurate personal data, erasure of personal data, in certain cases the restriction of processing, furthermore the Participant also has the right to object to the processing of personal data. Additionally, the Participant is entitled to the right to the portability of data, to lodge a complaint with a supervisory authority and to an effective judicial remedy; additionally, in the case of automated individual decision-making (including profiling) the right to obtain human intervention on the part of the Controller and to express his/her point of view and to contest the decision. In the case of data processing based on consent the Participant is also entitled to withdraw his/her consent at any time, which, however, does not affect the lawfulness of data processing performed based on consent before the withdrawal.
Withdrawal can be made either by clicking the “unsubscribe” link (or the link with similar wording) at the bottom of the registration e-mail or any other e-mail from the Data Controller where such link is available, or by sending a notice about withdrawal in e-mail to [email protected].
Right to access
The Participant is entitled to request information at any time about whether and how the Data Controller processes their personal data, including the purposes of data processing, the recipients to whom the data was disclosed or the source where the Data Controller received the data from, the envisaged period for which the personal data will be stored, any right of the Participant concerning data processing, information concerning automated decision making, profiling, and information concerning related guarantees in the case of forwarding to third countries or to any international organization. When exercising the right to access the Participant is also entitled to request copies of the personal data undergoing processing; in the case of a request submitted electronically the Data Controller – in lieu of a request from the Participant that says otherwise – provides the requested information electronically (in pdf format). If the right to access of the Participant has a detrimental effect on the rights and liberties, in this regard especially the business secrets or intellectual property of others, the Data Controller is entitled to refuse to comply with the request to the necessary and proportionate extent. If the Participant requests the above information in several copies, the Data Controller charges a reasonable amount of fee, proportionate to the administrative costs of preparing the additional copies, HUF 200 per copy/page.
Right to rectification
At the request of the Participant the Data Controller corrects or completes personal data concerning the Participant. If any doubts arise concerning the corrected data, the Data Controller may request from the Participant the certification of the corrected data for the Data Controller appropriately, primarily with documents. If the Data Controller disclosed the personal data of the Participant with this right to another person (e.g. the addressee as data processor), then the Data Controller shall immediately inform such persons after correcting the data, provided it is not impossible or it does not require a disproportionate amount of effort from the Data Controller. At the request of the Participant the Data Controller informs them about such addressees.
Right to erasure (“right to be forgotten”)
If the Participant requests the erasure of any or all personal data of theirs, the Data Controller shall erase such data without undue delay if:
the Data Controller does not need the personal data in question any more for the purpose such data was collected or otherwise processed for;
it concerns data processing that was based on the consent of the Participant, but the Participant withdrew the consent and the data processing has no other legal basis;
it concerns data processing that was based on the legitimate interests of the Data Controller or third parties, but the Participant objected to the data processing and – with the exception of objection to data processing for direct marketing purposes – there are no legitimate grounds for the data processing that would have priority;
the Data Controller illegally processed the personal data, or
the deletion of personal data is necessary for the performance of legal obligations.
If the personal data under this right is disclosed by the Data Controller to another party (e.g. the recipient as for example data processor) then the Data Controller shall immediately inform such persons after the deletion, provided it is not impossible or it does not require a disproportionate amount of effort from the Data Controller. At the request of the Participant the Data Controller informs them about such recipients. The Data Controller is not always obliged to delete personal data, especially for example in the case of the data processing is necessary for the establishment, exercise or defense of legal claims.
Right to restriction of data processing
The Participant can request the restriction of the processing of their personal data in the following cases:
the Participant contests the accuracy of the personal data – in this case the restriction concerns the period enabling the data controller to check the accuracy of personal data;
the data processing is unlawful, but the Participant opposes the erasure of data, requesting the restriction of the usage of the same instead;
the data controller does not need the personal data for data processing purposes any longer, but the Participant needs the data for the establishment, exercise or defense of legal claims; or
the Participant objected to the data processing – in this case the restriction concerns the period until it is established whether the legitimate grounds of the Data Controller override those of the Participant.
The restriction of data processing means that the Data Controller does not process the personal data belonging under the scope of the restriction except for storage, or only processing such data to the extent the Participant consented to, and the Data Controller may process data necessary for the establishment, exercise or defense of legal claims or for the protection of the rights of other natural persons or legal entities or considering the important public interests of the European Union or any European Union member state even in lieu of such a consent. The Data Controller informs the Participant beforehand about releasing the limitation of the data processing. If personal data under this right is disclosed to other persons (e.g. the addressee as for example data processor), the Data Controller shall immediately inform such persons about the restriction of data processing, provided it is not impossible or it does not require a disproportionate amount of effort from the Data Controller. At the request of the Participant the Data Controller informs them about such recipients.
Right to objection
If the legal basis for the data processing concerning the Participant is the legitimate interest of the Data Controller or third parties, the Participant is entitled to object to the data processing. The Data Controller is not obliged to uphold the objection if the Data Controller can prove that
the data processing is justified by legitimate and compelling causes that take precedence over the interests, rights and liberties of the Participant, or
the data processing is connected to the data for the submission, enforcement or defense of legal claims of the Data Controller.
Right to the data portability
The Participant is entitled to request that the Data Controller hands over the personal data of the Participant provided to the Data Controller on the basis of consent or a contract, and processed by the Data Controller by automated means (e.g. by a computer system), to the Participant in a structured, commonly used and machine-readable format even for the purposes of transmitting such personal data to other data controllers or if it is technically feasible, the Data Controller, at the request of the Participant, transmits such personal data directly to another data controller as indicated by the Participant. In the case of such requests the Data Controller provides the requested data as a pdf file. If the Participant’s exercise of the right to data portability had adversely affected the rights and freedoms of others, the Data Controller is entitled to refuse to comply with the request of the Participant to the necessary extent. Measures taken in the scope of the data portability do not mean the deletion of the data, only if, at the same time, the Participant submits a request to delete the personal data as well. Therefore, in lieu of such a request, the Data Controller stores such personal data as long as it has the purpose and the appropriate legal basis for the processing of those data.
Right to lodge a complaint, right to an effective judicial remedy
If the Participant considers that the processing of their personal data by the Data Controller infringes the provisions of the established data protection legal regulations, especially the General Data Protection Regulation, the Participant has the right to lodge a complaint with the competent data protection supervisiory authority in the Member State of his/her habitual residence, place of work or the place of the alleged infringement. In Hungary, this authority is the Hungarian National Authority for Data Protection and Freedom of Information (“NAIH”). Contact details of NAIH:
Website: http://naih.hu/
Address: 1055 Budapest, Falk Miksa st. 9-11
Mail address: 1363 Budapest, PO box 9
Telephone: +36-1-391-1400 Fax: +36-1-391-1410
E-mail: [email protected]
The Participant, regardless of his/her right to lodge a complaint, may also bring proceedings before a court for such infringement. The Participant is entitled to bring proceedings against the legally binding decision of the supervisory authority concerning the Participant as well. The Participant is also entitled to effective judicial remedy if the supervisory authority does not handle the complaint or does not inform the Participant within three months on the progress or outcome of the complaint lodged.
6. Automated decision making, profiling
No automated individual decision-making or profiling is performed in the course of the data processing of the Data Controller concerning the Participants.