(2) The scope of the Policy covers the Data Controllers personal and sensitive data processing of every institutional unit.
2. Legal Basis
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC Act
- CXII of 2011 on information self-determination and freedom of information
- Act V/2013 promulgating the Civil Code.
- Code of Civil Procedure (Act CXXX/2016)
- Act CVIII of 2001 on certain issues of electronic commerce activities and information society services
3. Data Controller
The current data of the Data Controller:
Name: Esport Universum Zrt.
Headquarter: 22 nd Ménesi rd., Budapest, 1118 -Hungary
Company registration number: 01-10-049401
E-mail address: email@example.com
4. Data Processor
(1) In order to provide a full service in connection with the activity, certain services are made by external partners, who may have access to personal data out their work. The participating data processors and joint controllers use the personal data for the most necessary extent and duration, and in any case only in compliance with the EU and national data protection rules.
The current data of the data processors and joint data controllers:
1132 Budapest,Victor Hugo u. 18-22.
|GLS General Logistics Systems Hungary Csomag-Logisztikai Kft.||2351 Alsónémedi, GLS Európa u. 2.||Parcel delivery||data controller||Link|
|Google Ireland Ltd.||Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin||webhosting, advertising||data processor||Link|
|Duelbox Interaktív Rendezvénytechnikai Kft.||1152 Budapest, Szentmihályi út 137. 2. em.||Duelbox service||data processor sometimes data controller||Link|
(2) We share personal data with other body beside the data controllers and data processors, if the regulations or a public authority requires, or the due course of justice implements. This includes the right to share personal data with other bodies and organizations in purpose of protect the Data Controller ‘s rights in order to prevent the offence.
5. Which personal data we collect and process
(1) The data controlling is based on legal justification or the given consent of the Data Subject. In case of the processing is based on the data subjects consent, the Data Controller should have to burden of proving that the data subject has given the consent to the processing operation. In this case, the data subject could ask for information about the controlled data, and the way of the usage. She/he can withdraw the consent, except if the further data controlling is necessary to fulfil the Data Controllers legal obligations (in this case the Data Controller shall give information about the further way of data controlling.)
(2) The submitter is required to disclose every provided data on a best effort basis.
(3) If the submitter gives the personal data of third person to the Data Controller, she/he should have acquire the data subjects consent.
(4) The Data Controller shall make a record about the transferred data to a data processor or third persons. This record must include the recipient, the way, the date, the circle of thetransferred data.
(5) The Data Controllers uses for the operating of the Twitch Fusion International Show the personal data below:
The legal basis of the data collecting: voluntary contribution of the data subject
Collected personal data:
Names and fornames: in purpose of communication with the participants easily, for example: the takeover of the prize.
e-mail address: in purpose of the contact with the participants during the prize game, for example: the takeover of the prize
Birth date or age: we need to ensure, that the participant meets the age limit
Gender: in purpose of show to the participants interesting, targeted contents in the future
Nickname, that the gamer uses and if necessary other data: in purpose of measure the performance in the game during the activity
Phone number: in purpose of notify the winner immediately
Address: in purpose of the prize sending and show to the participants interesting, targeted contents in the future
The purpose of the data controlling: operating of the prize game, the notification of the winners, contact
The deadline of data release: 5 years (in purpose of bringing civil-law claims)
(6) The winner at the time of the notification declares, that he/she contribute to publish his/her given nickname (that he/she used in the Game) on the Organisers official Facebook page (...............................), like the winner of the Game. If the Gamer gives his/her contribution, the Organiser entitled to publish the winners nickname.
6. Data protection rights
(1) The data subjects can ask information from the Data Controller about the personal data controlling protocol, request to delete or change the data, and she/he could withdraw the approval.
(2) The right to information: If the data subject gives an application for information about the personal data controlling, the Data Controller shall provide them in a concise, clear form by the section 13-14. and section 34. of the GDPR.
(3) The right to access: the data subject can ask for information about his/her data controlling process. If the Data Controller uses her/his personal data, she/he has access the information below:
a. her/his personal data;
b. the purpose(s) of the data controlling;
c. the category(es) of the of the personal data;
d. the persons, who could know her/his personal data;
e. the period of the data storage;
f. the right to rectification, erasure, restriction;
g. the right to supervisory authority;
h. the source of the controlled data;
i. profile and/or automated decision making, and the details of these applications, practical effect;
j. The transfer of the personal data to third countries or international organisations.
(4) In the case of the data request above the Data Controller shall make available the copy of the personal data for the data subject. The data subject may ask for electronic delivery in a separate application.
(5) Every other copies costs 500 HUF/page, as administrative fee.
(6) The time limit of the data delivery is 30 days from the acceptance of the claim.
(7) the right to rectification – the data subject can ask the Data Controller to rectify inaccurate personal data and to complete incomplete personal data;
(8) the right to erasure – the data subject can ask the Data Controller to erase her/his personal data as rapid as possible, but maximum in 5 working days, if:
a. the personal data were control unlawfully (without the authorisation by the Act or the data subject);
b. The personal data controlling is unnecessary for the original purpose;
c. The data subject withdraws consent, the Data Controller has no other legal basis for the data controlling;
d. The collecting the data in question held opportunities to provide an information society service;
e. The Data Controller shall erase the personal data to fulfil the legal obligations.
(9) The Controller shall not to erase the data, if it needs the data controlling further for:
a. The further data controlling is necessary to fulfil the Data Controllers legal obligations;
b. To exercise the right to freedom of expression and information
c. Public interest;
d. Archiving, research or statistics purposes;
e. Enforcement of claims or protection.
(10) the right to restrict processing – The data subject can ask the Data Controller to restrict the processing of her/his personal data;
a. The data subject can disput, that her/his data are not precise. The Data Controller shall review her/his personal data in question. The restriction lasts the term of the review.
b. The data processing is unlawful, but the data subject doesn’t want to erase her/his personal data, just restrict the data processing.
c. The Data Processor doesn’t need the personal data for the data processing, but the data subject asks for the further storage the purpose of enforcement of claims or protection.
(11) If the Data Controller decided to impose restriction on any controlled data, It could control those data in the term of restriction the usage below:
a. The contribution of the data subject.
b. Enforcement of the Data Subjects claims or protection.
c. Enforcement of any other persons claims or protection.
d. Enforcement of public interest.
(12) the right to withdraw consent – The data subject can object to the processing of her/his personal data in a written request. In this purpose the Data Processor shall erasure her/his personal data, definitely as soon as possible, except those data, that the Data Controller needs to storage by the Act, or enforce its legitimate interest claims or protection. The objection doesn’t affect the legality of the contributed data processing, that was made before the objection.
(13) the right to data portability – The data subject can ask that the Data Controller transfer her/his personal data to another organisation or to an other Data Controller electronically. The Data Controller must grant the request as soon as possible, but maximum in 30 days.
(14) automated decision making and profiling: The data subject has a right not to be a subject of a data processing, which based on only automated decisions (for example profiling) and have a legal effect on her/him or adversely affected. This right shall not use:
a. if the data controlling is indispensable for the purpose of taking or operating a contract between the data Subject and the Data Controller.
b. if the Data Subject gives her/his explicit consent of this kind of data controlling.
c. if this kind of using legal by the Act.
d. enforcement of claims or protection.
The Data Controller store the incoming e –mail messages and its content (mainly the name and the address of the sender, the attachment) for 5 years, then the data will be deleted.
8. Data storage, data providing
(1) The Data Controller store the used data (paper based and electric too) in the company’s seat, except the data, that the data controller stores in the data processors seat.
(2) The data controllers IT system ensures, that the data:
a. unchanging can be justified (data integrity);
b. credibility can be given (the credibility of the data controlling);
c. can be able to accessible for the person entitled thereto (avaliability);
d. can be protected against the unauthorised accessing (data confidentiality).
(3) The data protection includes in particular:
a. the unauthorised accessing;
b. the changing;
c. the transfer;
d. the erasing;
e. the disclosing;
f. the accidental damage;
g. the accidental destruction;
h. to become unavailable because the applied technology was changed.
(4) The Data Controller provides for an adequate level of data protection. The degree of the emerging risk is of particular relevance by the conformity clearance procedure. The IT security secures, that the controlled data cannot directly connect with the data subjects (except its legal by the Act).
(5) The Data Controller secures, that:
a. the person entitled thereto is able to access to the data, if it needs;
b. only the person entitled thereto is able to access to the data;
c. the information and the punctuality of the system shall be protected.
(6) The Data Controller and (if it has, the data processor) shall secure the data from cheating, espionage, viruses, burglary, deterioration, natural disaster against the IT system at all times. The Data Controller (and the data processor) uses server and application level protection mechanism.
(7) All the sent messages on the internet to the Data Controller, are under network threaten by modificating the information, unauthorised access or other illegal activities. The Data Controller does every reasonable thing to eliminate the risks. The Data Controller does its outmost to provide against the risk, that it can do reasonably and will live up to its responsibility. To this effect, the measured systems are monitored, it can capture the safety derogations to obtain an evidence of a security incident, and examine the conduct of the protective measures.
9. Procedural rules
(1) If the Data Controller gets an application by the section 15-22. of the GDPR, the Data Controller must give information about the implemented measures to the data subject as soon as possible in a written way, but no later than 30 days.
(2) If the complexity or other objective circumstance of the application appropriates, the deadline shall be extended for once, a maximum period of 60 days.
(3) The Data Controller gives information free, except if:
a. the Data Subject repeatedly asks for basically unchanged information/measurement;
b. the application clearly unsubstantiated;
c. the application is excessive.
(4) In the case of (3), the Data Controller is entitled to:
a. refuse the application;
b. bond the execution of the request to a related, reasonable fee.
(5) If the applicant requests the data giving in a paper-based or electronic storage (CD or DVD), the Data Controller shall give a copy about the concerned data in a requested way (except if the chosen platform makes a technically disproportionally difficult). Every other copies have an administrative fee; 500 HUF/page or CD/DVD.
(6) The Data Controller shall notify the concerned persons, who knew about this data before, about all of the rectification, erasing, restriction, that was made by it. Except, if giving information is impossible or makes a disproportionally difficult.
(7) If the Data Subject asks, the Data Controller shall give information about the persons, who also know about her/his data.
(8) The Data Controller gives its answer in electronically, except if:
a. the data subject would like to get the answer in a specifically different manner, and it doesn’t make additional expenditure for the Data Controller;
b. the Data Controller can’t reach her/him electronically.
(1) If the data subject harmed by material or non- material damage by the violations of the data protection rules, she/he is entitled to ask for a compensation from the Data Controller or the data processor. If the Data Controller and the data processor(s) are concerned in the infringement, they shall to be jointly and severally liable.
(2) The data processor shall be liable only these damages, which were violated the applies of the explicit data protecting rules by data processors, and by the disregarding for the Data Controllers instructions.
(3) The Data Controller and the possible data processor shall be liable, if they can’t prove, that they aren’t responsible for the damage occurred event, circumstance.
11. Questions & Concerns
(1) If you have concerns, problems about the Data Controllers data controlling actions, please contact the Data Controllers Data Protecting Officer, the Dap Sec Ltd. (phone number:06205574860; e-mail: firstname.lastname@example.org).
(2) If the Data Controller/Data Processor violated your data protection rights, the Data Subject can turn to the court having jurisdiction. The court shall handle such disputes with priority.
(3) If the data subject would like to make a complaint, could turn to the Hungarian National Authority for Data Protection and Freedom of Information (Head office: 22/C Szilágyi Erzsébet fasor H- 1125 Budapest,.; mail address: Pf.: 5. Budapest; Phone number: +36-1/391-1400; fax: +366-1/391-1410; e-mail address: email@example.com; website: www.naih.hu)
12. Contact with the appropriate authorities
(1) If the Data Controller gets an informal request from the competent authorities, mandatorily gives the certain personal data to the authorities.
(2) The Data Controller gives only the strictly necessary data (cases under point 1) for the identified aims of the applicant authority.