PRIVACY POLICY CHANGES DUE TO GENERAL DATA PROTECTION REGULATION
Hacktivity Ltd. as a data controller respects the privacy of all persons who are treated and committed to protect their personal data during their activities. On the basis of Article 13 of the European Union General Data Protection Regulation (Decree 679/2016, ‘the GDPR’), it provides the following information:
Company data of data manager:
Registered company name: Hacktivity Kft.
Legal form: Limited Liability Company
Headquarters: 2143 Kistarcsa, Eperjesi u. 40/2
Postal address: 2096 Üröm, József nádor u. 6.
Tax number: 14744655-2-13
Company Registration Number: 01-09-920588
Phone: +3670 507 5833
E-mail: info@hacktivity.com
Website: https://hacktivity.com
Data management goals
Hacktivity Ltd. performs data management for the following purposes in accordance with the law:
- Communicating with newsletter subscribers who are interested in the conference, marketing activities for potential visitors
- Informing the visitors / ticket buyers about the conference, maintaining contact
- Handling data for private individuals and student ticket buyers for invoicing purposes
- Handling company data for corporate ticket buyers for invoicing purposes
- Manage contact information for partners and supporters
- Manage company information of partners and sponsors for invoicing purposes
- Handling information on employees and applicants
- Facilitating internal administration
Managed data
- Individuals and student ticket buyers: name, e-mail address, address, optionally mobile phone number
- Company ticket buyers: name, e-mail address, company name, company address, tax number
- For employees: name, e-mail address, address, telephone number, tax number
Legal grounds for using personal data
The use of managed personal data is based on the following legal basis:
- Issue of invoices complying with accounting legislation: legal basis GDPR Article 6 (1) (c);
- Maintaining contact: legal basis GDPR Article 6 (1) (f). For the data of employees and employees of partners & sponsors, the legal basis for data handling is interest weighing. The data controller has a legitimate interest: business continuity;
- Handling of employee data: legal basis GDPR Article 6 (1) b), c);
- Handling of contract partner data: legal basis GDPR Article 6 (1) (b);
- Marketing activity: legal basis GDPR Article 6 (1) (a);
Duration of data management
The retention period for the data (e.g. contact details, contracts, performance certificates, invoices) is 15 years after termination of the contractual relationship.
Rights Affected
In connection with his / her personal data, the person concerned has the rights specified in the law.
- Right of access – knowledge of data, the fact that data processing is being carried out – (Article 15 of the GDPR);
- Adjustment if data is obsolete or incorrect (GDPR Article 16);
- Deletion – only in case of consent-based data management (Article GDPR Article 17);
- Restrictions on the processing of data (Article 18 of the GDPR);
- Prohibition of the use of personal data for direct marketing purposes (Article 21 of the GDPR);
- Transferring or banning personal data of a third party or service provider (GDPR Article 20);
- Request a copy of any personal data handled by the data controller, or;
- Protest against the use of personal information.
Remedies for information
Please note that you can protest against Hacktivity Ltd. handling your personal data. This protest will be examined by Hacktivity Ltd. within the shortest possible time but not later than 30 days after the filing of your protest. Hacktivity Ltd. will make a decision on the matter of the validity of your protest and will inform the protestor in writing. If the protest is justified, Hacktivity will discontinue data management and block the data. If you do not agree with the protest decision or Hacktivity Kft. does not make a statement within the deadline, you may contact the court within 30 days from the date of the decision or from the last day of the deadline.
Hacktivity Ltd. declares that the data it manages is only used by its own authority, it is needed for its daily operations and it is not being transmitted to a third party.
In Hungary, the Data Protection Supervisory Authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság
1125 Budapest, Szilágyi Erzsébet fasor 22 / C.
Modification of Privacy Policy
Hacktivity Ltd. maintains the right to modify this document due to the change of the legal environment or the data management activity.
Budapest, May 24, 2018
1. Scope of the Policy
The present Policy applies to data management directly related to the website accessible at www.hacktivity.com. The Policy does not apply to issues controlled by the Terms of Use that are not specifically related to the management of personal data. The effect of the Policy is not limited in time; the Data Controller shall notify the Users about any changes to the Policy. The notification shall precede the modification in due time to enable Users to decide whether to accept the modification or delete their account. If not specified otherwise, the Policy does not apply to data management related to promotions, prize games and other campaigns by third parties advertising on the website. If not specified otherwise, the Policy does not apply to the data management of other externally linked websites within the website.
2. The Data Controller and the User
Data Controller: the Data Controller is the Service Provider (Hacktivity Kft.) defined by the Terms of Use, the Data Controller’s contact information: info(at)hacktivity(dot)com.
User: the person using the services of the website, duly registered on the website.
3. The Purpose and Legal Basis of Data Management
The purpose of data management is community building, finding friends and identification of Users at www.hacktivity.com as follows:
- the e-mail address provided upon registration is used for communication;
- the Username and password is used for the identification of the User upon logging in;
- other data disclosed on the data sheet is used for community building, finding and contacting friends and participating in the chat.
The legal basis of data management in all cases is the consent of the person concerned. In specific cases, primarily with regard to the mandatory data on the data sheet, data management is required for the use of the services of the website.
4. Registration
Registration, as prescribed by the Terms of Use, is required for the use of the service. The following data are required from the User during the registration process:
Username and password: the username will be displayed in the chat, it enables the identification of Users.
E-mail address: the registered e-mail address will not be public and will not be displayed anywhere on the website. It will be used exclusively as a recipient address for the e-mail containing the data required for account activation and for the notifications generated by the use of the service and newsletters (if the User requests so).
Other personal data: it is not mandatory to provide any other data possibly requested by the registration sheet. The Service Provider will not display these data on the website; they will only be used for the purposes defined by the Terms of Use and Section 8 of the present Policy.
5. Creating and Modifying the User Data Sheet and Profile
After logging in Users can fill out their data sheet if they wish and create their personal profile. Users can modify or delete the data provided at any given time.
The Service Provider maintains the right to change the content of the data sheets, delete or add data queries, especially if the demands and habits of Users necessitate or justify it. The Data Controller will notify the Users about the changes by e-mail and on the login landing page at least one week before the changes are implemented. The Service Provider shall not change the data provided.
Furthermore, specific services may require additional data collection. The Service Provider shall provide due information about the details of these data collections which are based on voluntary consent.
6. Technical Data Management
Upon viewing the website, at the beginning of the visit, the IP address of User’s computer will be recorded, in some instances along with the type of the browser and the operating system (depending on the settings of the User’s computer). These data recorded in log files are only collected for statistical purposes and shall only be disclosed to a third party is expressly required by law.
7. Disclosure of the Managed Data
The managed data shall only be accessible to third parties upon the specific consent of the person concerned or based on a provision of law. The Data Controller maintains the right to employ a data processor for certain technical tasks.
The Data Controller shall use the data provided by the User primarily for the service described in detail in the Terms of Use, or in instances defined in the present Policy.
In the instances defined by the Terms of Use, the Data Controller as Service Provider is entitled to the use of the data especially in case of the User’s illegal conduct.
9. Data Management When Interconnecting with Another Service
In case the Data Controller as Service Provider interconnects the www.hacktivity.com website with other websites operated by them as defined in the Terms of Use, data management shall only be shared with the specific consent of the persons concerned. In lack of such consent, the data management with regard to the data of the User shall not be shared, even if the User is registered with the same data in both databases.
10. Rights and Privacy
Users are entitled to correct their data as defined in Section 5 and to request the Data Controller to correct any incorrect data they cannot be modified. Users are entitled to delete pieces of their data or their entire data sheet. Users can request information about the management of their data.
The Data Controller is not responsible for any damage arising from the insufficient data protection measures of the User, such as easily decipherable usernames and passwords, or the disclosure of these to third parties.
11. Data Security
The Data Controller shall take all due and necessary measures to safeguard data and provide the appropriate level of their protection especially with regard to unauthorized access, modification, disclosure, publication, deletion or destruction, and to unintentional destruction and damage.
12. The Extent of Data Management
In case a User data sheet is deleted, the system of the Service Provider deletes the data within three working days. Users can delete their data any time.
13. Enforcement of Rights
Users can address their complaints and objections directly to the Data Controller who will do everything in his power to bring the possible infringements to an end and provide a remedy. In accordance with Act LXIII of 1992 on the Protection of personal data and the disclosure of data of public interest and the Civil Code, Users can enforce their rights at court or turn to the Data Protection Commissioner of the Republic of Hungary.
Terms of Use
1. Scope of the Terms of Use
The present “Terms of Use” define the rules governing the use of the website accessible at www.hacktivity.com. Such regulations do not apply to other externally linked websites within www.hacktivity.com irrespective of their nature, of the services they offer or their operator.
2. Parties Concerned
Service Provider: Hacktivity Kft., contact information: info@hacktivity.com.
User: the person using the services of the website, duly registered on the website. The User is referred to as “member” during the communication on the website. Only natural persons are entitled to be Users.
3. Purpose of the Website, Description of the Service
The www.hacktivity.com website is the official site of the Hacktivity Conference; its primary goal is to disclose news and pieces information related to the Conference and to offer related community services.
4. Changes to the Terms of Use
The Service Provider maintains the right to unilaterally modify the Terms of Use. The Service Provider informs the Users about the changes by e-mail or on the login landing page before the changes come into effect.
5. Conditions of Use, Registration
Certain services offered by the website (e.g. forum, online polls, etc.) are only available to registered Users. Only natural persons are entitled to register and thus become members of the community. The data requested on the registration sheet are mandatory.
After registration, the Service Provider sends an activation link to the registered e-mail address. The registration is completed by clicking on this link.
6. Password Use, Security
The security level of the password of each User is only known to the given User. In order to avoid abuses, it is recommended to choose a “strong” password of higher security level and keep it confidential. The strength of the password is higher:
- If the password is not characteristic of the User (e.g. first name, last name);
- If the password is longer than six characters;
- If the password contains small and large-case letters, numerical characters and other symbols.
The Service Provider shall not be responsible for misuse caused by an improper password choice or third-party access to the password granted by the User.
In case of a forgotten password, the User should enter their e-mail address on the login page and use the “password reminder”. The Service Provider will send them a new password to the e-mail address provided during registration.
7. Fictitious Accounts
Should the Service Provider notice or be notified that data provided by the User do not identify the real User or data provided are false, it is entitled to temporarily suspend the access of the User until verifying the authenticity of the identification data and to request data from the User by e-mail in order to verify the authenticity of the data. The User shall contact the Service Provider within 48 hours of the dispatch of the e-mail, either by e-mail or phone in order to verify the authenticity of data and to put the related certificates at the disposal of the Service Provider within a further 72 hours.
8. Deletion of the Registration
The User is entitled to delete their account any time. No account shall be deleted if prohibited by the present Terms of Use or a regulation in force.
9. Services
Following registration, Users are entitled to the use of the service offered by the website. The Service Provider maintains the right to modify the services under Section 4.
Creating a profile: Users can freely create their own profile and choose to disclose their data. The data management of this process follows the Privacy Policy.
10. Restrictions on Service Usage, Responsibility
Users may use the website at their own responsibility. The Service Provider is not responsible for damages and inconveniences suffered by the User during the use of the website owing to the lack of due care. Users disclose their data or make it accessible to third parties with their own responsibility.
Users shall show fair conduct in the use of the website and respect the rights and interests of others. The following prohibitions apply to all types of communication (for example posts, photos, and hyperlinks). Users shall respect the restrictions hereunder so as to avoid violating the Terms of Use either voluntarily or involuntarily.
The website is entirely apolitical thus all User-content about politics or referring thereto will be removed without prior notice; if a User is found to induce tension he/she will be eliminated from the system.
Users shall comply with the effective laws and shall refrain from any activity that is illegal or offending to other Users. More particularly, Users shall:
- Respect the privacy, personal rights and legitimate interests of others;
- Refrain from the unlawful collection of information about others and the illegal exploitation of such information;
- Refrain from committing a crime or infringement of law;
- Respect intellectual property rights, in particular regulations concerning literary, scientific and artistic works, inventions, industrial design patterns, utility models, trademarks and geographical product markings under copyright laws;
- Refrain from obscene, rude and other expressions that may shock others;
- Refrain from all submissions that may offend, humiliate or instigate hatred against any national, ethnic, racial or religious group or any other clearly identifiable group or members of such a group.
- Refrain from all expressions that may offend, humiliate or instigate hatred against any other person—irrespective of their User status—on account of belonging to any national, ethnic, racial or religious group or any other clearly identifiable group.
All Users shall refrain from activities that interfere with the intended use of the website. In particular, Users shall:
- Refrain from sending unsolicited e-mails (“spam”), and chain letters (“hoax”);
- Refrain from all kinds of communication that might interfere with or disrupt the intended use of the website by others;
- Refrain from irrelevant, repetitive or otherwise disturbing submissions in open communication.
All Users shall refrain from any kind of activity that infringes the interests of the Service Providers. In particular, the Users shall:
- Refrain from interfering with or disrupting the operation of the website;
- Refrain from activity aimed at getting hold of and harvesting the trade secrets or any other confidential information of the Service Provider;
- Refrain from communication that carries false information regarding the service;
- Refrain from activities that endanger the IT security of the website;
- Refrain from activities aimed at advertising products and services of their own or of others.
Furthermore, the Service Provider is entitled to set forth additional restrictions of which Users shall be informed.
11. Infringement Procedures
If the User violates the present Terms of Use, the Service Provider is entitled to suspend or delete their registration. In case the infringement results in legal proceedings the Service Provider will forward the user data collected upon registration to the competent bodies in accordance with the regulations concerning the given procedure.
Before suspending or deleting a registration the Service Provider warns the User to stop the objectionable conduct or prove that their behavior does not violate the Terms of Use. The warning can be omitted if the delay would result in unavoidable damage or the apparent infringement of the law.
In case the activity of a User infringes the rights or legitimate interests of someone, the aggrieved party(especially persons with infringed personal rights, victims of a crime or offense or the owners of intellectual property rights) can ask the Service Provider to remove the objectionable content and initiate the necessary proceedings against the User. The requesting party shall duly certify their eligibility. If the eligibility is certified the aggrieved party can request the Service Provider to block the infringing content for future proceedings. In this case, the aggrieved party must certify the beginning of the legal proceeding within 60 days. The Service Provider will forward the blocked content and relevant data stored by them to the competent bodies in accordance with the regulations concerning the given procedure and body.
12. Responsibility of the Service Provider, Exclusion of Warranty
The Service Provider shall do all in its power to ensure uninterrupted and continuous service. It may practice the rights defined in the above section (Terms of Use, change of services, measures against Users, etc.) primarily for this purpose and in order to shape the service in line with User demands.
The Service Provider shall take all the necessary precautions to safeguard User data. The Service Provider is not responsible for the disclosure of User data by the User concerned.
The Service Provider shall inform the User about the suspension or deletion of their registration irrespective of the reason and strives at cooperation with Users and the peaceful settlement of debates.
As the service in question is free the Service Provider does not warrant uninterrupted service and is not responsible for the suspension or discontinuation of the service. The Service Provider strives at solving the possible interruptions and errors of operation arising during the operation of the website. The Service Provider, however, shall not be responsible for these. The Service Provider shall not bear responsibility for the conduct of Users.
14. Enforcement of Rights
Users can address their complaints and objections directly to the Data Controller who will do everything in his power to bring an end to and remedy the possible infringements. In other cases Users can enforce their rights in accordance with the effective legal regulations. Upon request the Service Provider shall inform Users how to do so.