Privacy Notice (Email Handling)

---

Data Processing and Privacy Notice

(For sending/receiving emails and for use of an email contact form)

Dear Correspondent,

Thank you for your trust and for contacting us with your question. We will respond to your inquiry to the best of our knowledge.

Our company is committed to ensuring the protection of personal data. The purpose of this notice is to ensure that if you send us a message electronically, you are aware of how the data you provide are processed.

---

Data Controller Details

Tax number: 10313657213

Current company registration number: 13 09 086909

Full legal name: Congress Rendezvényszervező Korlátolt Felelősségű Társaság

Short name: Congress Rendezvényszervező Kft.

Municipality: Budakeszi

Registered office address: 2092 Budakeszi, Erdő utca 66.

---

Legal Bases for Data Processing

By sending your email, you give your explicit and voluntary consent to the processing of the data you provide, as detailed below.

Our web system carries out its data processing activities—by implementing appropriate internal rules and technical and organizational measures—in full compliance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter: “Regulation” or “GDPR”), as well as with Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: “Infotv.”).

---

Scope of Data Provided and Purposes of Data Processing

Data categories:

name, email address, telephone number, other information

Purpose of data processing:

to provide answers to your questions to the best of our knowledge.

We inform you that in the absence of the above data, you cannot send your message to us electronically.

During use of the service, data recorded in log files are stored exclusively for technical and statistical purposes. The anonymous visitor identifier (cookie) is a string of characters that, in itself, is not capable of identifying the customer, i.e., the visitor; it is only suitable for recognizing the visitor’s device. Users may configure their browser to prevent the placement of such unique identifiers on their device. In this case, users may still use most parts of the service, but in certain cases they may not be able to use some functions of the service to their fullest extent.

The data controller does not use personal data for purposes other than those specified. Personal data are transferred to third parties only with the user’s prior and informed consent. This does not apply to data transfers that are mandatory by law.

---

Deletion of Personal Data

In the event of deletion, the displayed data cannot be restored.

---

Data Disclosure

There is no data disclosure, except to registered customers regarding their stored data.

---

Data Security Measures

We ensure the protection of personal data at a high level of security on a server installed on 01.01.2018, protected by 24-hour security monitoring and constant supervision, with encrypted data transmission (https).

---

Amendment of the Data Processing Policy

The Service Provider reserves the right to unilaterally amend this data processing policy with prior notice to users. By continuing to use the service after the amendments enter into force, you accept the modified data processing policy.

---

Users’ Rights Regarding the Processing of Personal Data

Users may request information about the processing of their personal data. Upon request, the data controller shall provide information regarding the data processed, the purpose, legal basis and duration of processing, the name and address (registered office) of the data controller, its activities related to data processing, and the recipients and purpose of any data transfers.

---

Legal Remedies

Users may enforce their rights before a court in accordance with Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information and the Hungarian Civil Code. Users may also request assistance from the National Authority for Data Protection and Freedom of Information (NAIH). For further questions or comments, please contact the Service Provider using the contact details provided.

---

Categories of Personal Data Provided

Definition of personal data:

any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

---

Persons Authorized to Access Your Data

The data you provide may be accessed exclusively by the data controller.

---

Retention Period for CVs

We store the questions and personal data voluntarily sent to us for 1 year. You may withdraw your consent to data processing at any time; in such case, we will delete your data and your email.

---

Your Rights

Right of access:

You are entitled to receive confirmation from us as to whether or not personal data concerning you are being processed; where that is the case, you are entitled to access the personal data and the following information, e.g.: purposes of processing; categories of personal data concerned; recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; the envisaged period for which the personal data will be stored; and the criteria used to determine that period.

Upon your request submitted to us, we will make the personal data we process available to you.

Right to rectification:

Upon your request, we will rectify inaccurate personal data concerning you without undue delay. You are also entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

Right to erasure (“right to be forgotten”):

You are entitled to request the deletion of your data from us, and we will comply without undue delay.

Right to object:

You are entitled to object to processing if, in your view, we process your data unlawfully, or if your data must be erased in order to comply with a legal obligation under EU or Member State law.

Right to restriction of processing:

Upon your request, we will restrict processing. For example, if you contest the accuracy of personal data, restriction will apply for the period enabling us to verify the accuracy. If you consider our processing unlawful but do not wish the data to be erased, you may request restriction of their use.

Right to data portability:

Upon your request, we will provide your personal data to you and, upon request, transmit them to the data controller designated by you.

Right to lodge a complaint with a supervisory authority:

If your rights are infringed, you may turn to the courts and to the National Authority for Data Protection and Freedom of Information (NAIH), whose contact details are:

Name: National Authority for Data Protection and Freedom of Information

Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C

Mailing address: 1530 Budapest, Pf: 5.

Telephone: 06 1 391 1400

Email: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

---

We Also Inform You That

• We do not transfer your data to third countries or international organizations.

• We do not use your data for profiling or automated decision-making.

• We do not make your data public.

---

Contact

If you have any questions or complaints regarding our data processing or data protection, please contact us by emailing the address below. We will respond without delay, but no later than within 30 days:

congress@congress.hu

---

Key Definitions

Definition of data controller:

a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Definition of processing:

any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

If we cause damage through unlawful processing of your data or by breaching data security requirements, we are obliged to compensate for such damage. If we infringe your personality rights by unlawful processing or by breaching data security requirements, you may claim compensation for non-pecuniary damage. We shall be exempt from liability if the damage was caused by an unavoidable reason beyond the scope of data processing. We shall not compensate for damage to the extent that it resulted from the intentional or grossly negligent conduct of the injured party.

Congress Kft., as data controller, acknowledges the content of this legal notice as binding upon itself. This notice has been prepared in accordance with Regulation (EU) 2016/679 (GDPR), and our data processing fully complies with the requirements laid down in this policy, applicable national legislation, and legal acts of the European Union.

We do everything possible to respect your right to informational self-determination, we treat your personal data confidentially, and we have implemented security, technical and organizational measures that guarantee data security.

Budakeszi, 20.05.2018.

By using the email contact form, and/or if you used a separate email client software and sent us an email message, you declare: I have read the above notice, I acknowledge its contents, and I give my consent to the data processing described above.