Tájékoztatjuk, hogy a honlap felhasználói élmény fokozásának érdekében sütiket alkalmazunk.
A honlapunk használatával ön a tájékoztatásunkat tudomásul veszi.

Privacy and Data Management Policy

Preface

On the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council, Act V of 2013 (Civil Code), Act CXII of 2011 on the Right to Informational Self-Determination and on Freedom of Information, Act I of 2012 on the Labour Code, Act CXVII of 1995 on Personal Income Tax, Act CL of 2017 on the Rules of Taxation, and Act CLV of 1997 on Consumer Protection, Smart Event Team Kft. (hereinafter: the Company) adopts this Data Protection and Data Management Policy (hereinafter: the Policy).

This Policy provides information—prior to the commencement of data processing—on facts related to the handling of personal data, the purpose, legal basis, and duration of data processing in connection with the business activities of Smart Event Team Kft. This Policy also covers the rights of the data subjects related to data processing and the available remedies.

I. Definitions, Terms

1. Data Subject

Any identified or identifiable natural person on the basis of personal data.

2. Personal Data

Any information relating to the Data Subject—particularly the Data Subject’s name, identification mark, and one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity—and any conclusions that can be drawn about the Data Subject from such data.

3. Special Categories of Personal Data

  • 3.1. racial origin,
  • 3.2. nationality,
  • 3.3. political opinion or party affiliation,
  • 3.4. religious or other philosophical beliefs,
  • 3.5. sexual orientation,
  • 3.6. health status,
  • 3.7. addictions or harmful habits,
  • 3.8. criminal record.

The Data Controller does not request or process special categories of personal data. Any such data that is brought to the attention of or received by the Data Controller will be deleted from the system without delay.

4. Owner of Personal Data

Any natural person who contacts the Data Controller and requests information by providing their personal data.

5. Data Controller

A natural or legal person, or an entity without legal personality, that alone or jointly with others determines the purposes of data processing, makes and executes decisions regarding data processing (including the means used), or has them executed by a data processor.

6. Data Processor

A natural or legal person, or an entity without legal personality, which processes data based on a contract—including a contract concluded under legislative provision. A data processor may not make substantive decisions regarding data processing. If a decision by the data processor regarding the execution of a technical task affects any essential aspect of the data processing, the entity shall be regarded as a data controller in that respect.

  • 6.1. Data Processor under this Policy:
    Name: Smart Event Team Kft.
    Representative: Andrea Rácz, managing director
    Company registration number: 13-09-235389
    Tax number: 32612693-2-13
    EU tax number: HU32612693
    Registered seat: 2119 Pécel, Huszár u 12/a
    E-mail address: event.racz.andrea@gmail.com
    Activity: Maintaining records of partners using the service.
  • 6.2. Accountant (Data Processor)
    Name: Fagotrend Bt.
    Representative: Zsuzsanna Kövi, managing director
    Company registration number: 13-06-074873
    Tax number: 20921970-1-13
    Activity: Maintaining accounting records in accordance with tax and accounting legislation, using data defined by law.
    • 6.2.1. Hosting Provider (Data Processor)
      Name: Rackhost Zrt.
      Representative: Gergely Gábor Csapó, managing director
      Company registration number: 06-10-000489
      Tax number: 25333572-2-06
      Activity: Secure storage of electronically recorded data of the Company’s partners and employees in accordance with the provisions of the Freedom of Information Act (Infotv.).

7. Data Privacy Incident

Unlawful processing or handling of personal data, including in particular unauthorised access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction or damage.

II. Details of Data Processing for Specific Activities

1. Data Processed for Employees

  • Name
  • Mother’s maiden name
  • Place and date of birth
  • Address
  • Documents proving education and qualifications
  • Driver’s license number and valid categories
  • Personal identification document number
  • Tax identification number
  • Social Security Number (TAJ)
  • Bank account number
  • 1.1. Data processing is based on provisions of the Labour Code (Act I of 2012), the Personal Income Tax Act (Act CXVII of 1995), the Act on the Rules of Taxation (Act CL of 2017), and on personal consent.
  • 1.2. The purpose of data processing is compliance with statutory record-keeping, reporting, and tax payment obligations.

2. Data Processed for Partners

  • Name
  • Mother’s maiden name
  • Place and date of birth
  • Address
  • Tax identification number
  • Personal identification document number
  • Travel document number
  • Bank account number
  • 2.1. Data processing is based on provisions of the Personal Income Tax Act (Act CXVII of 1995), the Act on the Rules of Taxation (Act CL of 2017), and on personal consent.
  • 2.2. The purpose of data processing is compliance with statutory record-keeping, reporting, and tax payment obligations, as well as successful performance of activities necessary for travel organisation.

3. Duration of Data Processing

  • 3.1. For employees, data processing takes place until the date specified by the relevant legislation in force.
  • 3.2. For business partners, data processing continues until five (5) years after the expiry or performance of the contract.

III. Access to Data

1. Personal data may be accessed by the Data Controller and Data Processors in the course of performing their duties.

2. The attorney representing the Data Controller may also access personal data if legal proceedings are initiated based on a submission by the data provider.

3. In exceptional cases, the Data Controller may transfer personal data to other state authorities.

  • 3.1. To the Archives, in accordance with legislation and internal rules on document storage,
  • 3.2. To a court, if legal proceedings require personal data,
  • 3.3. To the police, if requested.

IV. Data Security Measures

1. The Data Controller stores personal data primarily on servers of the Data Processors specified in Section I. 6.2, equipped with standard protection systems, partly on its own IT devices, and in the case of paper records, at its registered office in a secure, locked location.

2. The Data Controller takes reasonable measures to protect personal data against, among other things, unauthorised access or unauthorised alteration.

V. Rights Related to Data Processing

1. Right to Information

The Data Subject may request information in writing via the contact details in I. 6.1 on:

  • 1.1. what personal data is processed,
  • 1.2. on what legal basis,
  • 1.3. for what purpose,
  • 1.4. from what source,
  • 1.5. for how long,
  • 1.6. to whom, when, under what legal basis, and which personal data have been provided or made accessible.

The Data Controller shall fulfil the request within 30 days by letter sent to the address provided in the request.

2. Right to Rectification

The Data Subject may request the Data Controller to amend any personal data (e.g., in the event of a change of email or postal address). This can be done via the contacts specified in I. 6.1. The request will be fulfilled within 30 days, with written notification.

3. Right to Erasure

The Data Subject may request the deletion of personal data, except where legislation or internal rules require further storage. If no such obligation exists, the request will be fulfilled within 30 days, with written notification.

4. Right to Object

  • 4.1. The Data Subject may object in writing to the use of their personal data for direct marketing, opinion polls, or scientific research. This can be done via the contacts specified in I. 6.1.
  • 4.2. Objection is also possible if the processing is solely for compliance with the Data Controller’s legal obligations or to enforce its legitimate interests, except where based on statutory authorisation.

5. Right to Restriction

The Data Subject may request in writing that their personal data be restricted. This can be done via the contacts specified in I. 6.1. The restriction remains in place for as long as the specified reason requires the storage of the data.

6. Procedure if Rights Cannot Be Exercised

  • 6.1. The Data Controller aims to ensure that the Data Subject can exercise their rights under the law and that all matters are resolved satisfactorily.
  • 6.2. If a complaint or objection cannot be resolved, or if the Data Subject believes that a violation has occurred or is imminent, they may file a complaint with the National Authority for Data Protection and Freedom of Information.
    National Authority for Data Protection and Freedom of Information
    Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
    Mailing address: 1530 Budapest, Pf. 5.
    Phone: +36 1 391 1400 Fax: +36 1 391 1410
    E-mail: ugyfelszolgalat@naih.hu
    Web: http://naih.hu

7. Legal Remedies related to Data Processing

In the event of unlawful data processing, the Data Subject may initiate civil proceedings against the Data Controller. The case falls within the competence of the county court (törvényszék). At the choice of the Data Subject, the case may also be brought before the county court of their residence (a list of courts is available at: http://birosag.hu/torvenyszekek).

VI. Final Provisions

This Policy enters into force on the date of signature and supersedes all prior policies on the same subject.

Pécel, 11 August, 2025

Andrea Rácz
managing director