Hacktivity Ltd. as a data controller respects the privacy of all persons who are treated and committed to protect their personal data during their activities. On the basis of Article 13 of the European Union General Data Protection Regulation (Decree 679/2016, ‘the GDPR’), it provides the following information:
Company data of data manager:
Registered company name: Hacktivity Kft.
Legal form: Limited Liability Company
Headquarters: 2143 Kistarcsa, Eperjesi u. 40/2
Postal address: 1034 Budapest, Bécsi út 62.
Tax number: 14744655-2-13
Company Registration Number: 01-09-920588
Phone: +3670 507 5833
Data management goals
Hacktivity Ltd. performs data management for the following purposes in accordance with the law:
Communicating with newsletter subscribers who are interested in the conference, marketing activities for potential visitors
Informing the visitors / ticket buyers about the conference, maintaining contact
Handling data for private individuals and student ticket buyers for invoicing purposes
Handling company data for corporate ticket buyers for invoicing purposes
Manage contact information for partners and supporters
Manage company information of partners and sponsors for invoicing purposes
Handling information on employees and applicants
Facilitating internal administration
Individuals and student ticket buyers: name, e-mail address, address, optionally mobile phone number
Company ticket buyers: name, e-mail address, company name, company address, tax number
For employees: name, e-mail address, address, telephone number, tax number
Legal grounds for using personal data
The use of managed personal data is based on the following legal basis:
Issue of invoices complying with accounting legislation: legal basis GDPR Article 6 (1) (c);
Maintaining contact: legal basis GDPR Article 6 (1) (f). For the data of employees and employees of partners & sponsors, the legal basis for data handling is interest weighing. The data controller has a legitimate interest: business continuity;
Handling of employee data: legal basis GDPR Article 6 (1) b), c);
Handling of contract partner data: legal basis GDPR Article 6 (1) (b);
Marketing activity: legal basis GDPR Article 6 (1) (a);
Duration of data management
The retention period for the data (e.g. contact details, contracts, performance certificates, invoices) is 15 years after termination of the contractual relationship.
In connection with his / her personal data, the person concerned has the rights specified in the law.
Right of access – knowledge of data, the fact that data processing is being carried out – (Article 15 of the GDPR);
Adjustment if data is obsolete or incorrect (GDPR Article 16);
Deletion – only in case of consent-based data management (Article GDPR Article 17);
Restrictions on the processing of data (Article 18 of the GDPR);
Prohibition of the use of personal data for direct marketing purposes (Article 21 of the GDPR);
Transferring or banning personal data of a third party or service provider (GDPR Article 20);
Request a copy of any personal data handled by the data controller, or;
Protest against the use of personal information.
Remedies for information
Please note that you can protest against Hacktivity Ltd. handling your personal data. This protest will be examined by Hacktivity Ltd. within the shortest possible time but not later than 30 days after the filing of your protest. Hacktivity Ltd. will make a decision on the matter of the validity of your protest and will inform the protestor in writing. If the protest is justified, Hacktivity will discontinue data management and block the data. If you do not agree with the protest decision or Hacktivity Kft. does not make a statement within the deadline, you may contact the court within 30 days from the date of the decision or from the last day of the deadline.
Hacktivity Ltd. declares that the data it manages is only used by its own authority, it is needed for its daily operations and it is not being transmitted to a third party.
In Hungary, the Data Protection Supervisory Authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság
1125 Budapest, Szilágyi Erzsébet fasor 22 / C.
Hacktivity Ltd. maintains the right to modify this document due to the change of the legal environment or the data management activity.
Budapest, May 24, 2018
1. Scope of the Policy
2. The Data Controller and the User
User: the person using the services of the website, duly registered on the website.
3. The Purpose and Legal Basis of Data Management
The purpose of data management is community building, finding friends and identification of Users at www.hacktivity.com as follows:
the e-mail address provided upon registration is used for communication;
the Username and password is used for the identification of the User upon logging in;
other data disclosed on the data sheet is used for community building, finding and contacting friends and participating in the chat.
The legal basis of data management in all cases is the consent of the person concerned. In specific cases, primarily with regard to the mandatory data on the data sheet, data management is required for the use of the services of the website.
Username and password: the username will be displayed in the chat, it enables the identification of Users.
E-mail address: the registered e-mail address will not be public and will not be displayed anywhere on the website. It will be used exclusively as a recipient address for the e-mail containing the data required for account activation and for the notifications generated by the use of the service and newsletters (if the User requests so).
5. Creating and Modifying the User Data Sheet and Profile
After logging in Users can fill out their data sheet if they wish and create their personal profile. Users can modify or delete the data provided at any given time.
The Service Provider maintains the right to change the content of the data sheets, delete or add data queries, especially if the demands and habits of Users necessitate or justify it. The Data Controller will notify the Users about the changes by e-mail and on the login landing page at least one week before the changes are implemented. The Service Provider shall not change the data provided.
Furthermore, specific services may require additional data collection. The Service Provider shall provide due information about the details of these data collections which are based on voluntary consent.
6. Technical Data Management
Upon viewing the website, at the beginning of the visit, the IP address of User’s computer will be recorded, in some instances along with the type of the browser and the operating system (depending on the settings of the User’s computer). These data recorded in log files are only collected for statistical purposes and shall only be disclosed to a third party is expressly required by law.
7. Disclosure of the Managed Data
The managed data shall only be accessible to third parties upon the specific consent of the person concerned or based on a provision of law. The Data Controller maintains the right to employ a data processor for certain technical tasks.
9. Data Management When Interconnecting with Another Service
10. Rights and Privacy
Users are entitled to correct their data as defined in Section 5 and to request the Data Controller to correct any incorrect data they cannot be modified. Users are entitled to delete pieces of their data or their entire data sheet. Users can request information about the management of their data.
The Data Controller is not responsible for any damage arising from the insufficient data protection measures of the User, such as easily decipherable usernames and passwords, or the disclosure of these to third parties.
11. Data Security
The Data Controller shall take all due and necessary measures to safeguard data and provide the appropriate level of their protection especially with regard to unauthorized access, modification, disclosure, publication, deletion or destruction, and to unintentional destruction and damage.
12. The Extent of Data Management
In case a User data sheet is deleted, the system of the Service Provider deletes the data within three working days. Users can delete their data any time.
13. Enforcement of Rights
Users can address their complaints and objections directly to the Data Controller who will do everything in his power to bring the possible infringements to an end and provide a remedy. In accordance with Act LXIII of 1992 on the Protection of personal data and the disclosure of data of public interest and the Civil Code, Users can enforce their rights at court or turn to the Data Protection Commissioner of the Republic of Hungary.
2. Parties Concerned
Service Provider: Hacktivity Kft., contact information: [email protected]
User: the person using the services of the website, duly registered on the website. The User is referred to as “member” during the communication on the website. Only natural persons are entitled to be Users.
3. Purpose of the Website, Description of the Service
The www.hacktivity.com website is the official site of the Hacktivity Conference; its primary goal is to disclose news and pieces information related to the Conference and to offer related community services.
5. Conditions of Use, Registration
Certain services offered by the website (e.g. forum, online polls, etc.) are only available to registered Users. Only natural persons are entitled to register and thus become members of the community. The data requested on the registration sheet are mandatory.
After registration, the Service Provider sends an activation link to the registered e-mail address. The registration is completed by clicking on this link.
6. Password Use, Security
The security level of the password of each User is only known to the given User. In order to avoid abuses, it is recommended to choose a “strong” password of higher security level and keep it confidential. The strength of the password is higher:
If the password is not characteristic of the User (e.g. first name, last name);
If the password is longer than six characters;
If the password contains small and large-case letters, numerical characters and other symbols.
The Service Provider shall not be responsible for misuse caused by an improper password choice or third-party access to the password granted by the User.
In case of a forgotten password, the User should enter their e-mail address on the login page and use the “password reminder”. The Service Provider will send them a new password to the e-mail address provided during registration.
7. Fictitious Accounts
Should the Service Provider notice or be notified that data provided by the User do not identify the real User or data provided are false, it is entitled to temporarily suspend the access of the User until verifying the authenticity of the identification data and to request data from the User by e-mail in order to verify the authenticity of the data. The User shall contact the Service Provider within 48 hours of the dispatch of the e-mail, either by e-mail or phone in order to verify the authenticity of data and to put the related certificates at the disposal of the Service Provider within a further 72 hours.
8. Deletion of the Registration
Following registration, Users are entitled to the use of the service offered by the website. The Service Provider maintains the right to modify the services under Section 4.
10. Restrictions on Service Usage, Responsibility
Users may use the website at their own responsibility. The Service Provider is not responsible for damages and inconveniences suffered by the User during the use of the website owing to the lack of due care. Users disclose their data or make it accessible to third parties with their own responsibility.
The website is entirely apolitical thus all User-content about politics or referring thereto will be removed without prior notice; if a User is found to induce tension he/she will be eliminated from the system.
Users shall comply with the effective laws and shall refrain from any activity that is illegal or offending to other Users. More particularly, Users shall:
Respect the privacy, personal rights and legitimate interests of others;
Refrain from the unlawful collection of information about others and the illegal exploitation of such information;
Refrain from committing a crime or infringement of law;
Respect intellectual property rights, in particular regulations concerning literary, scientific and artistic works, inventions, industrial design patterns, utility models, trademarks and geographical product markings under copyright laws;
Refrain from obscene, rude and other expressions that may shock others;
Refrain from all submissions that may offend, humiliate or instigate hatred against any national, ethnic, racial or religious group or any other clearly identifiable group or members of such a group.
Refrain from all expressions that may offend, humiliate or instigate hatred against any other person—irrespective of their User status—on account of belonging to any national, ethnic, racial or religious group or any other clearly identifiable group.
All Users shall refrain from activities that interfere with the intended use of the website. In particular, Users shall:
Refrain from sending unsolicited e-mails (“spam”), and chain letters (“hoax”);
Refrain from all kinds of communication that might interfere with or disrupt the intended use of the website by others;
Refrain from irrelevant, repetitive or otherwise disturbing submissions in open communication.
All Users shall refrain from any kind of activity that infringes the interests of the Service Providers. In particular, the Users shall:
Refrain from interfering with or disrupting the operation of the website;
Refrain from activity aimed at getting hold of and harvesting the trade secrets or any other confidential information of the Service Provider;
Refrain from communication that carries false information regarding the service;
Refrain from activities that endanger the IT security of the website;
Refrain from activities aimed at advertising products and services of their own or of others.
Furthermore, the Service Provider is entitled to set forth additional restrictions of which Users shall be informed.
11. Infringement Procedures
In case the activity of a User infringes the rights or legitimate interests of someone, the aggrieved party(especially persons with infringed personal rights, victims of a crime or offense or the owners of intellectual property rights) can ask the Service Provider to remove the objectionable content and initiate the necessary proceedings against the User. The requesting party shall duly certify their eligibility. If the eligibility is certified the aggrieved party can request the Service Provider to block the infringing content for future proceedings. In this case, the aggrieved party must certify the beginning of the legal proceeding within 60 days. The Service Provider will forward the blocked content and relevant data stored by them to the competent bodies in accordance with the regulations concerning the given procedure and body.
12. Responsibility of the Service Provider, Exclusion of Warranty
The Service Provider shall take all the necessary precautions to safeguard User data. The Service Provider is not responsible for the disclosure of User data by the User concerned.
The Service Provider shall inform the User about the suspension or deletion of their registration irrespective of the reason and strives at cooperation with Users and the peaceful settlement of debates.
As the service in question is free the Service Provider does not warrant uninterrupted service and is not responsible for the suspension or discontinuation of the service. The Service Provider strives at solving the possible interruptions and errors of operation arising during the operation of the website. The Service Provider, however, shall not be responsible for these. The Service Provider shall not bear responsibility for the conduct of Users.
14. Enforcement of Rights
Users can address their complaints and objections directly to the Data Controller who will do everything in his power to bring an end to and remedy the possible infringements. In other cases Users can enforce their rights in accordance with the effective legal regulations. Upon request the Service Provider shall inform Users how to do so.