PRIVACY POLICY

 CONCERNING THE PARTICIPATION IN “VISITING CHINA” ONLINE WEBINARS

 

I.               Applicable legislation

a) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; „GDPR”)

b) Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Hungary).

 

II. Data controller and data processor

a) Data controller:

Ministry of Foreign Affairs and Trade

China-CEEC’s Tourism Coordination Centre

seated at H1027 Budapest, Bem rakpart 47.

represented by: Mr. Tamás Menczer, Minister of State

Contact person:

Majorné Soós Mariann

consultant

Tel: +36 1 458 3656

E-mail: [email protected]

 

b) Data processor:

DOUPLA Kft.

seated at H1015 Budapest, Toldy Ferenc utca 1/C. 1/3.

postal address: 1372 Budapest, Pf. 404.

E-mail: [email protected]

Represented by: Mr. Attila Lőrincz, CEO

 

III. Data subjects

 

Natural persons, who wish to participate in the webinar series and for this end register by filling out the electronic registration form.  Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.

 

IV. Legal grounds for and purpose of data processing

 

a.) Personal data of the participants shall be processed based on the preliminary and informed consent given by the data subject for the specific purpose being to enable data subject’s participation in online seminars (Art. 6. GDPR Section (1) point a)).

b.) The processed data will be exclusively used to contact the webinar participants via e-mail, in connection with the upcoming webinar events (eg.: invitations, reminders and other notifications), and follow-up of the event in which the data subject participated (eg.: evaluation forms, follow-up evaluations/quizzes).

c.) Based on a separate consent given by the subject data (eMarketing consent), the e-mail address may be used to promote future seminar or webinar events (eg.: invitations, reminders and other notifications that might interest the participant). This consent is however not necessary or obligatory in connection with the original webinar registration.

d.) The following personal data shall be processed:

·      full name of the participant (mandatory field)

·      e-mail address (mandatory field)

e.) The consent of the data subject may be revoked at any time by sending an e-mail to the following address: [email protected]. Following this request, the data processor will remove and permanently delete the participants personal data from its database, and the participant will no longer receive webinar invitation or marketing letters from the data processor. 

f.) The personal data shall be forwarded to the data processor exclusively for the purpose of the technical management of the invitations, notifications, or follow-up emails to be sent to the data subjects. The data processor may engage teachable.com as sub-processor. Teachable’s privacy policy may be found under https://teachable.com/privacy-policy.

g.) Please note, that one e-mail address may only be used to register one single participant. The data subject will be liable for the accuracy of the personal data provided.

 

V. Duration of the data process

 

The personal data registered by the data subject will be processed as long as and until the webinar series and related evaluation process is closed, but at the latest until December 31, 2022. Based on the eventual separate eMarketing consent of the data subject, notifications and invitations for new events may be sent to data subject during 5 (five) years following the first registration or until the revocation of the consent.

 

VI. Registration process for the webinar series

 

a.) Participation in the webinar is subject to preliminary registration, which can be performed via clicking the registration link found in the invitation, filling out the registration form and providing the requested personal data as indicated in point IV. c. above and a personal password.

b.) Successful registration will be confirmed via e-mail.

c.) Access and login information to the online webinars will be sent to the registered e-mail address.

d.) Access to the Webinar is given to the User for the duration provided for by their personal invitation.

 

VII. Rights of the data subject

 

Based on the right of access, the data subject has the right to receive feedback from the Controller about whether the processing of his or her personal data is under way, and if such processing is under way, he or she has the right to obtain information about the purpose of processing, the categories of personal data in question, the persons or entities to whom such personal data have been or will be communicated, the period of the storage of personal data, and the method regarding the collection of personal data. As part of the right of access, the Controller will place a copy of the personal data constituting the subject-matter of processing at the disposal of the data subject.

 

The data subject is further entitled to request at any time the rectification of any data recorded inaccurately or incorrectly.

 

The data subject is entitled to request the Controller to erase his or her personal data without undue delay, while the Controller has the obligation to erase any personal data relating to the data subject without undue delay if such personal data are no longer required for the purposes for which they were collected; if the data subject revokes his or her consent to the processing of his or her data and there are no further grounds for the processing of such data; if the data subject objects to the processing of his or her personal data and there is no overriding legitimate interest; the personal data were processed unlawfully; if the personal data must be erased for the fulfilment of a legal obligation prescribed in EU or Member State law applicable to the Controller, or the personal data were collected in connection with the provision of information society services.

 

Based on the right to restrict the processing of data, the data subject is entitled to request the Controller to restrict the processing of data. If the data subject disputes the accuracy of his or her personal data, the restriction applies to a period which allows the Controller to verify the accuracy of such personal data. If the processing of data is unlawful and the data subject objects to the erasure of data, and requests instead the restriction of the use thereof; or if the Controller no longer needs the personal data for the purposes of processing, but the data subject requests them for the filing, enforcement and protection of legal claims; further if the data subject objected to the processing of data; restriction applies to a period that is necessary for determining whether the Controller’s legitimate interests override the data subject’s legitimate interests.

In relation to any data processed on the basis of his or her consent, the data subject can exercise the right to data portability, can – in the context thereof – request the issue of his or her data in a structured, commonly used and machine-readable format or, as far as this is technically possible, the delivery thereof to a third party designated by the data subject.

 

Based on the right to object, the data subject is entitled to object, for any reason related to his or her own situation, to processing based on Article 6(1) e) of the GDPR. In this case, the Controller cannot process the personal data any further, unless the Controller proves that processing is necessary for compelling legitimate reasons which override the data subject’s interests, rights and freedoms, or which are related to the filing, enforcement or protection of legal claims.

Right to an effective remedy

 

In the event of an infringement related to the processing of the data subject’s personal data and with a view to the enforcement of his or her rights, the data subject has the right to lodge a complaint with the Controller. The data subject has the right to lodge a complaint against the Controller or the processing of his or her data with the National Authority for Data Protection and Freedom of Information, or to bring proceedings before a court of law. Contact information of Authority: National Authority for Data Protection and Freedom of Information (registered seat: H1055 Budapest, Falk Miksa u. 9-11., mail address: H1530 Budapest, Pf.: 5.). In proceedings brought before a court of law, the tribunal with jurisdiction according to the Controller’s registered seat (Metropolitan Tribunal, 1363 Budapest, Pf. 16 - 1055 Budapest, Markó utca 27.) will proceed. At the data subject’s discretion, the proceedings can also be brought before the tribunal with jurisdiction according to his or her place of residence (place of temporary residence)

 

Done in Budapest, 10 Sept, 2021

Ministry of Foreign Affairs and Trade

data processor