LOGIN REGULATIONS

Effective: from 01.06.2024

• Purpose of the Rules

1. Introduction

The purpose of this Privacy and Data Protection Policy (hereinafter referred to as the Policy) is to enable the Data Controller to https://www.veganbusinesscircle.hu/ (and https://novenyikonferencia.hu/ (hereinafter referred to as the “Data Subjects”) in the course of the Data Controller’s web-based processing activities and to promote data security in the course of web-based and other processing activities.

The data protection provisions relating to the processing of data concerning the Data Controller’s web-based data processing and the Privacy Policy are available on the https://www.veganbusinesscircle.hu/ (and https://novenyikonferencia.hu/ ) under the Data Management section of the website.

1. General provisions

The Data Controller shall ensure the exercise of the rights of the Data Subjects as set out in this Policy, by respecting the rights of the Data Subjects in its processing activities listed herein.

1. The Data Controller reserves the right to change the Policy.

In particular, this Policy may be amended if there is a need for new data processing, a change in legislation, a change in official practice, a new security risk or if justified by feedback from data subjects.

The amendments and changes made by the Data Controller https://www.veganbusinesscircle.hu/ (and https://novenyikonferencia.hu/ ) in the Data Management section of the website of the Data Controller.

• Scope of the Rules

Legislation governing the processing of data on the web, including:

• Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter referred to as “the Infotv.”)
• Act XLVIII of 2008 on the Fundamental Conditions and Certain Restrictions of Economic Advertising Activities (hereinafter referred to as “Grtv.”);
• Act CVIII of 2001 on certain issues of information society services (hereinafter: Eker tv.)
• Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”);
• Act CVIII of 2001 on certain aspects of electronic commerce services and information society services;
• Article 169 of Act C of 2000 on Accounting (retention of supporting documents).

The Rules Scope of application covers the following forms of web-based processing:

• contact, enquiry
• create a user profile
• use of the service
• at an event or conference – photo, video (close-up) + publication
• photo and video recording (remote) at an event or conference + publication
• lodging a complaint or other legal claim
• cookie management
• subscribe to newsletter
• management of accounting documents
• lead

The scope of the Policy covers all processing operations carried out by the Data Controller, including both electronic and paper-based processing.

The Rules temporal scope From 01.06.2024 until revoked.

The Rules personal scope covers:

• to the Data Controller
• the Data Controller’s customers,
• employees of the Data Controller,
• natural or legal persons or entities without legal personality who have contractual relations with the Data Controller,
• Data Subjects in relation to whom this Policy makes provision
• Data Subjects whose rights or legitimate interests are affected by the processing of personal data under this Policy,
• visitors to the website of the Data Controller,
• and to all those who have submitted questions or enquiries through the website in connection with the services of the Data Controller.

• The Data Controller

1. The data controller is:

the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller’s designation may also be determined by Union or Member State law.

DATA CONTROLLER’S DATA
Name: Seat: Contact details: Company registration number: Tax number: Bank account number: Registration authority	Plant Revolution Nonprofit Ltd. 1138 Budapest, Párkány u. 12. 7.em.43. info@veganbusinesscircle.hu Cg.01-09-403212 32024551-2-41 16200223-10167205-00000000 Court of Justice of the Capital City Court

1. The data processor

“processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

DATA PROCESSORS’ DETAILS
Name: Availability: Activity:	Websupport Hungary Kft. 1132 Budapest, Victor Hugo u.18-22. Hosting service
Name: Availability: Activity:	Mailchimp, The Rocket Science Group LLC 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA
Name: Availability: Activity:	SalesAutopilot Ltd 1016 Budapest, Zsolt utca 6/A. 5. floor. 1. Sending newsletters, CRM system
Name: Availability: Activity:	Barion Payment Zrt. 1117 Budapest, Infopark sétány 1. building I. 5. floor. 5. Payment system
Name: Availability: Activity:	Google Analytics Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Analysis of user habits
Name: Availability: Activity:	Google Tag Manager Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Managing website members through a user interface, integrating program code into our websites
Name: Availability: Activity:	Google Ads Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland Ad placement, remarketing, conversion tracking
Name: Availability: Activity:	Szamlazz.hu KBOSS.hu Kft. 1031 Budapest, Záhony utca 7/D. Invoicing software
Name: Availability: Activity:
Name: Availability: Activity:

4.Purpose and legal basis of data processing

The Controller processes the following personal data on the following legal bases:

personal data: any information relating to an identified or identifiable natural person (“data subject”).

AK JELLEGE	RELATED DATA	OBJECTIVE OF THE AC	AK YOGALAP	TIME OF TERMINATION	PERSONS CONCERNED/ADDRESSED
Contact via website	Name, e-mail address, message subject, message text	Handling customer enquiries, applications + registration	Consent under Article 6(1)(a) GDPR	Until consent is withdrawn or a reply to the enquiry is sent to the data subject	Persons authorised to act as contact persons
Registration, enquiry, ticket purchase	Name, e-mail address, phone number, password For login only: e-mail address password	Registration, interest in services	Consent under Article 6(1)(a) GDPR	Until consent is withdrawn or a reply to the enquiry is sent to the data subject	Persons authorised to contact customers
Contracting with exhibitors	surname, first name, address, e-mail, telephone number, company name, registered office, company registration number, tax number, e-mail address,	performance of the service	Performance of a contract under Article 6(1)(b) GDPR	Until 5 years after performance of the contract	Persons authorised to contact customers
Membership	surname, first name, address, e-mail, telephone number, company name, registered office, company registration number, tax number, e-mail address,	use of the service	Performance of a contract under Article 6(1)(b) GDPR	Until the end of membership	Persons authorised to contact customers
Complaint, asserting a legal claim	Name, e-mail address, address (optional), telephone number (optional)	Successful resolution of a complaint or legal claim	Legal obligation under Article 6(1)(c) GDPR	In the case of successful redress of a complaint, legal claim or assertion of a legal claim under the Fgytv.	Persons involved in the handling of a complaint
Baking	do not contain any data that can identify the user	Personalised content, improving user experience	Consent under Article 6(1)(a) GDPR	Until deletion in the browser	Website operator or third party
Baking	do not contain any data that can identify the user (essential cookies)	Essential for website to work	Legitimate interest of the controller under Article 6(1)(f) GDPR	Until deletion in the browser	Website operator or third party
Subscribe to the newsletter	Name, e-mail address	Sending promotional material in the form of a newsletter	Consent under Article 6(1)(a) GDPR	Pending withdrawal of consent or request for cancellation	Person responsible for handling advertising material
Accounting documents	Name+ address of the service user	Compliance with the obligation to keep invoices and supporting documents	Legal obligation under Article 6(1)(c) GDPR	8 years	Person responsible for handling evidence
Photo-video recording + publishing on the internet	Still image (photo), sound	Promotion of an event, marketing	Legitimate interest under Article 6(1)(f) GDPR	5 years from the date of the recording	Person in charge of marketing
Taking photos and videos (nearby)	Still image (photo), sound	Promotion of an event, marketing	Consent under Article 6(1)(a) GDPR	Until withdrawal of consent	Person in charge of marketing
Send lead material	Name, e-mail address	Promotion, marketing activities	Legitimate interest of the controller under Article 6(1)(f) GDPR	X	Person in charge of marketing

5. Principles of data management

Data Controller in its processing, bindingly adopts and protects the data processing principles set out in Article 5 of the General Data Protection Regulation, which are:

The processing of personal data must be lawful, fair and transparent for the data subject (“lawfulness, fairness and transparency”);

Personal data must be collected for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes (“purpose limitation”);

Processing must be adequate, relevant and limited to what is necessary for its purposes (“data minimisation”);

The personal data processed must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or rectified without undue delay (“accuracy”);

Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary for the purpose for which it is collected, subject to technical and organisational measures (“limited storage”);

Personal data must be processed in such a way that the security of the data is ensured by technical and organisational measures, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage (“integrity and confidentiality”).

In relation to partnerships used as processors, the Data Controller shall also consider the Data Processor to be subject to the data processing principles set out in this Article in respect of the data transferred for processing. The Controller shall in this way safeguard the personal data processed with responsibility and particular care. The Controller shall keep internal records of the processing of personal data.

6.Rights of the person concerned

The data subject has the following rights in relation to the above processing:

The data subject shall have the right to access and obtain access to the personal data collected and the right to verify this right at reasonable intervals in order to ascertain the lawfulness of the processing, in particular the rights listed in the following table, upon request by the data subject:

Data subjects’ rights in relation to personal data processing

Right to information and to be informed

Change access to personal data

Right to rectification

Erasure, right to be forgotten

Restrictions on data processing

Right to object to and lodge a complaint about the processing of personal data

Within 30 days of the request, the Controller shall provide the data subject with written information about the data processed, their source, the purpose, legal basis and duration of the processing, as well as the legal basis and the recipient of the transfer.

Where justified by the complexity of the request or other objective circumstances, the above time limit may be extended once, up to a maximum of 60 days, and the Data Controller shall notify the applicant in writing.

In the event that the Data Controller fails to comply with the above deadline, the data subject may, within 30 days of the notification of the decision or the last day of the deadline, have recourse to the courts.

The data subject has the following rights in respect of the rights to which he or she is entitled:

• request information on,

• may request the rectification, modification or integration of their personal data processed by us,

• may object to the processing and request the erasure and blocking of their data (except for mandatory processing),

• have a right of appeal to a court,

• may lodge a complaint or initiate proceedings with the supervisory authority https://naih.hu/panaszuegyintezes-rendje.html

Contact details of the supervisory authority:

National Authority for Data Protection and Freedom of Information, http://naih.hu, telephone +36 (1) 391-1400, postal address: ugyfelszolgalat@naih.hu).

The rights of data subjects are set out in a separate information notice, which the Data Controller makes available to data subjects.

7.Data security measures

The Data Controller will ensure that data security measures are taken in accordance with the General Data Protection Regulation (GDPR) on the website and when processing personal data. In this context, it shall take the necessary technical and organisational measures to ensure adequate protection of personal data stored electronically.

In this context, it adopts and maintains up-to-date and regularly reviews all technical and organisational measures and procedural rules to ensure the security of the personal data it processes, and takes all reasonable steps to prevent the destruction, unauthorised use or alteration of personal data and to ensure that the personal data processed cannot be accessed, disclosed, transmitted, modified or deleted by unauthorised persons.

The Data Controller shall provide data subjects with the necessary information to ensure that they are in possession of the necessary data protection knowledge and shall ensure that its agents and employees act in compliance with data security requirements in their actions.

The Data Controller shall keep abreast of scientific and technical developments in order to apply the available technical, technological and organisational solutions and solutions that meet the level of protection justified by the processing.

In order to prevent and manage data breaches, the Data Controller will take measures to raise awareness and monitor compliance.

In the operation of the IT systems, the Data Controller shall ensure, by means of the necessary access control, internal organisation and technical solutions, that the personal data of the data subjects cannot be obtained by unauthorised persons, and that unauthorised persons cannot delete, extract from the system or modify the data.

The Data Controller has an Incident Management Policy and maintains an Incident Register of possible data protection incidents and, if necessary, informs the data subject of the incidents that occur.

Budapest, 2024.06.01.