Privacy Policy
Weco-Travel (‘Controller’ or ‘Service Provider’) is committed to fully respect the rights of its clients related to processing of personal data, and shall process personal data in compliance with the provisions of the relevant laws.
Controller’s (contact) details:
Controller’s name | Weco Travel Idegenforgalmi Kft. |
Controller’s representative | Balázs Horváth, Managing Director |
Registered office | 1053 Budapest, Kossuth L. u. 7-9. ground fl.. |
Registration No. | 01-09-065625 |
Registering authority/court | Budapest Metro. Court, Company Registrar |
VAT No. | 10331615-2-41 |
Phone No. | +36 1 266 9443 |
Data Protection Officer | p2m Informatika Kft. |
E-mail address: | adatvedelem@wecotravel.hu |
CONFERENCE ORGANIZATION, REGISTRATION
Purpose and term of processing
Purpose of processing: identification, booking, performance of orders, provision of services, preparation of results related to the participation of its partners to conferences and establishment of conferences, according to Client’s demand.
Term of processing: for the term of Agreement or provision of services, until the performance of the accounting obligation stipulated by the Act on Accounting.
Scope of personal data processed
Type of data required to provide services: name, position, medical seal No., e-mail address, phone No., workplace, workplace’s address, billing address, cost payer’s name, cost payer’s billing address, optional meal preferences, room demand, credit card type, No., expiry date, provided that Client uses it as a payment method.
Grounds of processing of personal data
Performance of labour and other types of contracts with data subject, as well as legitimate interest for the provision of our services and the effective business operation of our partners.
Potential consequences of failing to provide data
Failure to organize or participate to the conference.
Data Processor, Data transfer
To perform its participation, organizational and related services, Controller uses in particular the following Data Processors:
- ExpedIT Informatikai, Tanácsadó Kft (Múzeum str. 1-3. Budapest, Hungary)
- Qualysoft Informatikai Zrt. (Rétköz str. 5., Budapest, Hungary)
- RentIT Kft (2030 Érd, Festő str. 93.)
Controller may use additional data processors to fulfil the services depending on the purpose of the conference and the service requested.
CLIENT EVENTS
Purpose, term of processing of personal data
The purpose of the processing of Data Subjects’ personal data is to organize client’s event, to promote our company, events, new services in order to introduce actual information, services, discounts, new features, to take and disclose photos and video footages on our online platforms. The term of processing of personal data shall last until the achievement of the target or the revocation of Data Subject’s consent (request for erasure).
Scope of personal data processed
Data Subjects’ name, e-mail address for the purpose to invite to the event. The photos and video footages on the persons arriving at the event for the above data processing purposes.
Grounds of processing of personal data
Data Subject’s voluntary consent, stipulating that (s)he attends the event following learning the content of the Privacy Policy.
The grounds of processing of personal data for contact keeping purposes is legitimate interest.
Potential consequences of failing to provide data
Data Subject’ is not notified on the offers of Controllers and their partners.
Data Processor
Controller may use additional data processors depending on the type of the event organized.
NEWSLETTERS
Purpose, term of processing of personal data
The purpose of processing Data Subjects’ personal data is to send newsletters. The purpose of newsletters is to inform the User on the actual information, products, discounts, new features in the form of an electronic message containing Service Provider’s advertisement. The term of processing lasts until the existence of the newsletter service or to revocation (request for erasure) by Data Subject.
Scope of personal data processed
Data Subjects’ name, s-mail address.
Ground of processing of personal data
Data Subjects’ voluntary consent.
Potential consequences of failing to provide data
Data Subject is not informed on the offers of Controllers and their partners.
Data Processor
Sendinblue SAS – Politique de confidentialité, 7 rue de Madrid, 75008 Paris, France, privacy@sendinblue.com
Data Security
Controller shall take the necessary technical and organizational measures, and implement appropriate due process policies to guarantee the security of personal data at a level appropriate to the risk level during the complete progress of processing of personal data.
Controller shall choose and operate the IT devices used to process personal data so that the personal data processed:
- shall be accessible solely to the authorized parties (availability)
- its credibility and certification shall be ensured (credibility of data processing)
- its integrity shall be certified (data integrity)
- shall be protected against unauthorized access (data confidentiality).
Controller
- shall protect the personal data using appropriate measures against accidental or illegal destruction, loss, alteration, damage, unauthorized disclosure or unauthorized access to them,
- shall restrict the access to personal data by providing the authorization levels,
- shall protect the IT systems using firewalls and provide anti-virus software,
- in the course of electronic data processing, it shall ensure that only those persons may access to the data within controlled circumstances as required for the purpose, who need this anyway to fulfil their duties,
- in order to protect the electronically processed datasets, it shall ensure using appropriate technical solutions that the personal data stored (unless made available by the laws) shall not be directly interconnected and rendered to the Data Subject.
Taking the actual development of technology into consideration, Controller shall ensure the protection of the security of data processing using such technical and organizational measures, which provide a protection level appropriate for the risks related to the processing.
Controller shall record potential data breaches, stating the facts related to the data breach, their effects and the measures to cure them. Controller shall report the potential data breach without undue delay, and as possible, latest within 72 hours following learning the data breach, to the Hungarian National Authority for Data Protection and Freedom of Information, unless the data breach is not expected to involve risk regarding the rights and freedoms of natural persons.
DATA SUBJECTS’ RIGHTS AND CONDITIONS OF EXERCISING THEM
Natural person Data Subjects’ rights
Data Subject may request the rectification, restriction, erasure of his/her personal data anytime, moreover, may ask for complete exact notification on the data processing. Data Subject may also request to hand-over his/her personal data in accordance with the relevant laws, in a widely used machine-legible articulated form and/or transfer his/her personal data to another Controller. Controller shall fulfil such requests within 1 month. The detailed content of data subjects’ rights and the detailed conditions of the exercise thereof are expressed below.
Right to preliminary information
Natural person data subject shall be entitled to receive clear notification on the facts and information related to data processing anytime, his/her such right shall be provided in particular prior to starting the processing of personal data.
Right to access
Natural person Data Subject shall be also entitled to receive brief, clear answer in regards his/her personal data are actually processed, and if yes, then to gain access to the personal data and related information provided in the European Union’s Regulation.
Data Subject’s right to receive feedback on whether Controller processes his/her personal data shall cover the personal data related to him/her, and shall cover neither anonymous data, nor personal data not related to him/her, and shall clearly include the pseudonymised data related to the client.
Controller shall grant access to and provide a copy of the personal data on applicant Data Subject’s request.
Right to rectification
Natural person Data Subject shall be entitled to that Controller, without undue delay, shall rectify the inaccurate personal data referring to him/her. Data Subject may request to amendment, modification of incorrect or incomplete personal data.
Data Subject is entitled to rectify his/her personal data. Such right shall not cover anonymous data, personal data not related to him/her, and shall include the pseudonymised data clearly related to the Data Subject.
Controller shall correct or amend Data Subject’s personal data upon his/her request, accordingly. Controller shall notify the recipients of the personal data (if any) on the rectification of Data Subject’s personal data. Controller, however, shall not notify recipients on the correction of the personal data, if the notification of recipients proves to be impossible or would require undue efforts.
Right to erasure / ‘right to be forgotten’
Natural person Data Subject shall have the right that Controller, without undue delay, shall erase the personal data related to him/her. This right of Data Subject is present in particular related to the personal data processed upon his/her consent, in certain other cases, including the processing of personal data on the basis of the performance of a legal obligation, his/her such right is expressly restricted.
Controller shall erase Data Subject’s personal rights without undue delay, provided that:
- Controller processes these personal data, and
- Data Subject requests the erasure of his/her personal data, and
- the personal data are not necessary for those purposes, for that Controller processes the personal data.
Controller shall erase Data Subject’s personal rights without undue delay, provided that:
- Controller processes these personal data, and
- Data Subject requests the erasure of his/her personal data, and
- Data Subject revokes his/her consent which grounds the processing of his/her personal data, and
- there are no other grounds to further process Data Subject’s personal data.
Controller shall erase Data Subject’s personal rights without undue delay, provided that:
- processing of personal data is necessary for exercising Controller’s or third part’s legitimate interests, and
- Data Subject objects against that Controller processes his/her personal data, and
- the legitimate interest grounding the processing of such personal data does not prevail against Data Subject’s objection.
Controller shall erase Data Subject’s personal rights without undue delay, provided that:
- Data Subject request erasure of his/her personal data, and
- processing of such personal data by Controller is not illegitimate, or
- the erasure is mandatory in terms of the laws in force, or
- Data Subject’s personal data are collected in regards services related to the informational society.
Controller shall notify the recipients of such personal data on the erasure of Data Subject’s personal data, if any, and when the notification of recipients is possible and does not require undue efforts.
Right to restrict processing of personal data
Data Subject is entitled to that Controller shall restrict the processing when certain specified criteria are met. This case primarily serves to fix a particular data processing status, which might be even a history of a dispute or the particular dispute itself.
Data Subject’s right to request the restricted processing of his/her personal data:
- shall not cover anonymous data;
- shall cover only personal data related to him/her;
- shall not cover personal data not related to him/her; and
- shall include the pseudonymised personal data clearly related to Data Subject.
Controller shall restrict the processing of Data Subject’s personal data:
- for the period when it checks the accuracy of such personal data, when Data Subject requests the restriction of the processing of his/her personal data, and Client objects the accuracy of such personal data.
- when Data Subject requests the restriction of processing of such personal data, whose processing is illegitimate, and Client objects the erasure of such personal data.
- when Data Subjects requests the restriction of processing of such personal data, and Controller no longer needs the data for data processing purposes, and Client requests his/her personal data to establish, enforce or protect a legal claim.
- when Data Subjects requests the restriction of processing of such personal data, which are necessary for Controller’s legitimate interests, and Client is awaiting for the confirmation of there is a legitimate purpose to process Client’s personal data by Controller, which does not prevail over Client’s objection.
Controller shall notify all recipients on all rectification, erasure, restriction of processing of personal data, whom the personal data were disclosed to, unless it proves to be impossible or require undue efforts.
If Controller restricts the processing of Data Subject’s personal data, then
- it may store such personal data,
- may process such personal data upon Data Subject’s consent,
- may process the personal data to establish, exercise or protect legal claims, or to protect the rights of any person.
Right to portability
Data Subject shall have the right to receive the personal data related to him/her, made available by it to a controller, in this case Controller, in an articulated, machine-legible, widely used format, and also, to transfer such personal data to another Controller.
Right to objection
Natural person Data Subject may object the processing of his/her personal data anytime, if:
- the processing of personal data is necessary for the execution of a duty performed within the framework of a public authority vested to Controller, and/or when
- the processing of personal data is required to enforce the legitimate interests of Controller or a third party.
Automated decision-making
Natural person Data Subject shall have the right not to be subject to the scope of such a decision based on solely automated decision-making, which would cause legal effect on him/her, or would affect him/her to a similarly significant extent. The natural person Data Subject may request manual, human intervention and decision-making in such cases.
- If Data Subject assumes that Controller breached a law in the course of the processing of his/her personal data, then (s)he may file a complaint to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).
- Official name: National Authority for Data Protection and Freedom of Information
- Registered office: 1055 Budapest, Falk Miksa str. 9-11.
- Mailing address: 1363 Budapest, Pf. 9.
- Phone No.: +36 (1) 391-1400 5. Telefax No.: +36 (1) 391-1410
- Central electronic mail address: ugyfelszolgalat@naih.hu
- Website: www.naih.hu.
If Controller infringed Data Subject’s rights in the course of the processing of personal data, then Data Subject (on his/her own discretion) may turn to the General Court according to his/her residence or temporary address. More information are available on the Court proceeding on the www,birosag.hu website.