Header Image

PRIVACY POLICY

 

Regarding the use of services available on domain names bpbw.hu, and budapestbeerweek.com.

IN SHORT

Personal data shall be collected and treated in accordance with the law.
DM letter will be sent only if specific consent. The system can send a message without food.
The data is stored as safely as possible.
personal information to third parties only contribution was over.
For anyone to advise you about the stored data, and can delete the data at any time request to contact us.

1. INTRODUCTION

BPBW Events Kft. (Registered seat: 1106 Budapest, Maglódi Road 47, tax number ……………, Cg …………… .., represented by Peter Pazinczár Managing Director, e-mail: info@bpbw.hu) (hereinafter referred to as Provider, data manager) throws itself under the next prospectus.

Hungarian law CXII of 2011 on Informational Self-Determination and Freedom of Information Law. § 20 (1) states that the data subject (in this case bpbw.hu Internet application (hereinafter referred to as Service) user, hereinafter referred to as User concerned) must be communicated prior to the start of the data processing to the data processing based on consent, or mandatory.

The data subject must be informed clearly and in detail prior to the commencement of processing of all relevant facts related to the management of data, especially data management purpose and legal basis of the eligible data management and processing of data of individuals, data management duration .

They must inform the data subject of Info TV. Based on § 6 (1) shall also provide that personal data may be even if you obtain the consent of the concerned impossible or would cause disproportionate costs and the handling of personal data

  • necessary to fulfill the legal obligation to which the controller is subject, or
  • needed to validate the data controller or a third person having a legitimate interest in, and the application of that interest is disproportionate restriction of the right to protection of personal data.

The information should include the rights and remedies relating to data management involved.

If the personal information involved would be impossible or disproportionate costs (such as in this case, a web service or use in mobile applications), the following information may be made public by the market information:

  1. the fact of the collection,
  2. range of stakeholders,
  3. The purpose of data collection,
  4. The duration of data management,
  5. be entitled to the personal data controllers possible,
  6. Description of the rights and remedies of the parties concerned in relation to data management, as well as
  7. if the data management data protection registration is location, registration number of data management.

Who controls the data management information following websites or mobile application data management: www.bpbw.hu (BPBW application) and the above is based on the content of specification. The prospectus is available from the following site: bpbw.hu/privacy

The amendments will come into force information disclosure to the above address.

2. DEFINITIONS CONCEPTS

  1. question / User : identified or under any other personal data specified – identifiable natural person – either directly or indirectly;
  1. Personal data : associated with the data subject of data – especially the names involved, identification and characteristics of one or more of physical, physiological, mental, economic, cultural or social identity of knowledge – and can be deducted from the data, conclusions concerning him;
  1. controller : the natural or legal person or organization without legal personality who or which alone or jointly with others, determines the purpose of the processing of the data, makes decisions on data processing (including used items) and implement or enforce a contracted data processor;
  1. Data Management : Regardless of the method used in any operation or set of operations performed on data totality, in particular the collection, recording, organization, storage, alteration, use, availability, transmission, disclosure, alignment or combination, blocking, erasure or destruction, and preventing, photo, or sound or video recording, preparing and recording the identity of the physical attributes (such as fingerprints and palm prints, DNA samples and iris image.) further use;
  1. Data processing : technical tasks related to data processing operations, methods or means, and the site of application, provided that the technical tasks performed on the data used to perform operations independently;
  1. data processing means any natural or legal person or organization without legal personality, who is based on contracts with the controller – is processing data – including a contract under the provisions of the legislation as well;
  1. Data transmission : to make specific third party to access the data;
  1. privacy incident : unlawful treatment or processing of personal data, in particular against unauthorized access, alteration, disclosure, erasure or destruction, as well as the accidental destruction and damage.

3 RELATING TO THE OPERATION OF THE SERVICE DATA MANAGEMENT

  1. CXII of 2011 on Informational Self-Determination and Freedom of Information Law. Based on § 20 (1) must be defined within the data management services related to the operation / operation as follows:
  1. the fact of the collection,
  2. range of stakeholders,
  3. The purpose of data collection,
  4. The duration of data management,
  5. be entitled to the personal data controllers possible,
  6. Description of rights associated with data management stakeholders.
  1. The facts collected, the scope and purpose of the data processing of data handled:
Personal data The purpose of processing
Surname first name Identification
Phone number, e-mail Relations
Password serves to secure entry to the user’s account
Date of entry / registration Implementation of technical operations
The entry / registration current IP address Implementation of technical operations

It is not required for either the username or your e-mail that contains personal information.

The controller is known all your personal data in the provision of services are handled confidentially, it will not give to any third party without the consent of the person concerned.

  1. Range of stakeholders : contracting the data controller (the recipient) and all stakeholders registered on the website.
  1. Duration of data management, data erasure deadline : the cancellation request is concerned. Except in the case of accounting documents as the basis of § 169 of Act C of 2000 on accounting (2) you have to keep the data for 8 years.

accounting document directly and indirectly supporting the bookkeeping accounts (including general ledger accounts, analytical and detail records), must be kept readable form, based on the accounting records retrievable by reference to at least 8 years.

  1. The controllers can be entitled to personal data: Personal data of the controller and manage staff, respecting the above principles.
  1. Description of rights associated with data management Stakeholders: The following information can modify the controller asks availabilities. Last name, first name, email address, password, phone number. The deletion of personal data, or modification can initiate involved in the following ways:

– via post 1106 Budapest, Maglódi  út 47.
– via e-mail to the e-mail address info@bpbw.hu,
– via the +36 20 9116822 phone number.

  1. Processors used in the data management data:

7.1. Hosting provider

Name: Sigmanet Kft.
Address: 1132 Budapest, Victor Hugo utca 18-22.
E-mail: info@sigmanet.hu
Phone: +3620 388-7038

7.2. Invoicing

Name: Peter Pazinczár
Company: BPBW Events Ltd.
Headquarters: 1106 Budapest, Maglódi út. 47.
E-mail: info@bpbw.hu
Phone: +36 20 9116822
Web: bpbw.hu

  1. Who is the only data management Info TV. Customer relationship management data according to § 65 paragraph (3) a), so the Authority does not keep a record of this Privacy Notice.
  1. The legal basis of data management: the user’s consent, the Infotv. § 5 (1) and 2001 CVIII on certain aspects of electronic commerce services and services related to information society services. Law (hereinafter. Elker TV) 13 / A. § (3).
    The service provider can manage to supply services to personal data, which are indispensable for providing the service. The service in the case of other conditions identical they be elected in any case be required to operate assets used in the provision of services related to the information society in a way that the processing of personal data can only take place if it’s necessarily provide and fulfill the other objectives set out in this Act, the Service necessary, but in this case only to the extent and for the time required.

4. MANAGE COOKIES (COOKIES)

  1. CXII of 2011 on Informational Self-Determination and Freedom of Information Law. Based on § 20 (1) shall be determined within the webshop web cookie data management the following:

– the fact of the collection,
– range of stakeholders,
– The purpose of data collection,
– The duration of data management,
– be entitled to the personal data controllers possible,
– Description of rights associated with data management stakeholders.

  1. A typical web request cookie called “security cookies”, which does not require prior consent from data subjects.
  1. The fact of the data management, the range of data processed: Individual identification number, dates, times,
  1. range of stakeholders: the website visitors of all concerned.
  1. The objective of data management: identification of users, tracking visitors.
  1. Duration of data management, the deadline for deleting data: data management for the duration of the session cookie lasts until the end of the visit websites.
  1. be entitled to the personal data controllers can not manage the use of cookies personal data by the controller.
  1. Description of rights associated with data management Stakeholders: The stakeholders have the option to delete cookies in Tools / Options menu of the browsers are usually under the Privacy Settings menu.
  1. Data management is the legal basis: the contact from consent is not required if the sole purpose of using cookies specifically requested by the transmission of a communication or that the subscriber or user via an electronic communications network, to provide an information society service provider necessarily need.

5. USE GOOGLE ADWORDS CONVERSION TRACKING

  1. The online advertising program called “Google AdWords” using the controller, and use Google’s conversion tracking feature within its limits. Google conversion tracking analytics service from Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”).
  1. When a user reaches a site by Google ads, you needed a conversion tracking cookie is placed on your computer. These cookies have a limited validity, and do not contain any personal information, so the user can not identify them.
  1. When the user’s browsing some pages of the website and the cookie has not yet expired, Google and the controller can see that the user clicked on the ad.
  1. Each Google AdWords customer gets another cookie, so they can not be tracked through the AdWords clients’ websites.
  1. The information – which are using the conversion tracking cookies obtained – are intended to produce conversion statistics for AdWords conversion tracking selector customers. This enables customers to take notice of their ad pages transmitted with the number of users who click and conversion tracking tag. But they do not have access to information with which any user can be identified.
  1. If you do not want to attend to conversion tracking, you can reject it by disabling the possibility of installing cookies on your browser. Then you will not be included in your conversion tracking statistics.
  1. For more information and Google’s Privacy Statement available at the following site: www.google.de/policies/privacy/

6. USE OF GOOGLE ANALYTICS

  1. This website uses Google Analytics app, which Google Inc. ( “Google”) web analysis service. Google Analytics uses so-called “cookies”, text files that are saved on your computer and thus help analyze how users use web pages visited by the user.
  1. Information regarding created a website used by the user’s cookies are usually sent to a Google server in the USA and stored. The IP anonymization web page by activating the pre-Google shortens the user’s IP address in the European Union member states or parties to the Agreement on the European Economic Area other states.
  1. transmission and shorten the entire local IP address from Google server in the USA will take place only in exceptional cases. Of this website operator on behalf of Google will use this information to evaluate how the user’s use of the Website, and to prepare reports related to the website activity by the website operator and to perform further services associated with the Web site and internet usage.
  1. Within the framework of Google Analytics is transmitted by the user’s browser IP address does not conduct with other Google data. Cookies are stored on the user’s setting may prevent the browser, however please note that in this case you may not all features of this website will be fully used. It can also prevent Google to collect and process data through cookies, related to the user’s web usage (including IP addresses) by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=hu

7. NEWSLETTER, DM ACTIVITY

  1. XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising Activity. Under § 6 of the User may consent in advance and specifically to seek specified at registration availabilities (eg. e-mail address or phone number) advertising services offerings, other shipments.
  1. In addition, the customer keeping this information in mind the provisions can contribute to the necessary services to handle personal data for sending advertising offers.
  1. Service does not send unsolicited commercial messages, and user limitation and without justification, sending the opt-out for free offers. In this case, all services – needed to send advertising messages – your personal data is deleted from the register of not looking at the User additional advertising offers. Users can opt out by clicking the link in the message advertising.
  1. CXII of 2011 on Informational Self-Determination and Freedom of Information Law. Based on § 20 (1) shall be determined within the newsletter-sending data management the following:

– the fact of the collection,
– range of stakeholders,
– The purpose of data collection,
– The duration of data management,
– be entitled to the personal data controllers possible,
– Description of rights associated with data management stakeholders.

The fact of data management, the range of managed data: last name, first name, email address , date, time.

  1. Range of stakeholders : all affected subscribers of the newsletter.
  1. The objective of data management : Sending electronic messages containing advertisements (e-mail, push message) to the relevant provision of information on current information, services, promotions and other special roads, etc.
  1. Duration of data management, data erasure deadline : the withdrawal of permission notice, that your opt-out is data management.
  1. The controllers can be entitled to personal data : personal data, manage the data manager, respecting the above principles.
  1. The present data processing registration number: ……………………
  1. Description of rights associated with data management Stakeholders: The question at any time, free of charge unsubscribe.
  1. The legal basis of data management: voluntary consent, the Infotv. § 5 (1) and XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising Activity. Act § 6 (5):
    The advertiser, advertising operator or advertisement publisher – the scope defined contribution – keep a record of personal data of persons making a declaration contributing to them. The recorded in the register – for the recipient of advertising – according to the data only contributing declared only be passed with the prior consent of the person concerned to use its withdrawal, and third parties.

9. SOCIAL NETWORK

  1. CXII of 2011 on Informational Self-Determination and Freedom of Information Law. Based on § 20 (1) must be defined within the data management community sites as follows:
  1. the fact of the collection,
  2. range of stakeholders,
  3. The purpose of data collection,
  4. The duration of data management,
  5. be entitled to the personal data controllers possible,
  6. Description of rights associated with data management stakeholders.
  1. The fact of data collection, the range of managed data: Facebook / Google + / Twitter / Pinterest / Youtube / Instagram etc. Registered name of social networks and the user’s public profile picture.
  1. Range of stakeholders:
    All parties who signed up on Facebook / Google + / Twitter / Pinterest / Youtube / Instagram etc. social networking sites, and “liked them on Facebook,” the social side of the controller, the controller or a registration.
  2. The information is intended: on social networks, some of the elements, products, services, actions by the website itself or the website of sharing and “liking” promotion.
  1. Description Duration of data management, the period of data erasure, personal and stakeholder potential controllers entitled to inspect the data rights related to data management: Data source and its treatment, and the delivery method, and the legal basis of information of links to a social networking site. Data management is carried out on social networking sites, such as the data processing duration of the way, and the cancellation and modification of the data potential regulation of a specific community site relates.
  1. The legal basis of data management: voluntary consent personal information to manage your social network.

10. DATA TRANSMISSION

Inform the person concerned that the Service does not perform data transmission.

11. CUSTOMER RELATIONS AND OTHER DATA MANAGEMENT

  1. If you have any questions while using the data management services, might be a problem with the data subject, given on the website of ways (phone, e-mail, social networking sites, etc.). You can contact the controller.
  1. A controller for incoming emails, messages, phone, Facebook, etc. specified data erase the name and email address, as well as with other volunteers provided personal data of up to 2 years after the date of transmission of data to interested.
  1. Data treatments not listed in this leaflet we provide information when recording the data.
  1. Exceptions official request or under the authority of law at the request of other bodies in the Service Provider is obliged to supply information, data communication, transmit or make available documents.
  1. The services of these cases, the applicant for – all you personal data and issue to the extent that is absolutely necessary to achieve the aim of the request – if marked the exact purpose and scope of the data.

12. SECURITY (SECTION 7)

  1. The data controller should plan and perform the data processing operations, to ensure the protection of the privacy of those involved.
  1. The data controller ensures the security of data (password protection with anti-virus), take the technical and organizational measures and establish the rules of procedure that are necessary to enforce the Info-TV., As well as other data and privacy protection rules enforced.
  1. Data is protected by appropriate measures especially in the controller

– unauthorized access
– the alteration,
– transmission,
– disclosure,
– deletion or destruction,
– the accidental destruction and damage,
– against becoming inaccessible arising from changes in the technology used.

  1. The controller provides appropriate technical solutions to data stored in the registers do not directly be interconnected and ordered the issue.
  1. for unauthorized access to personal data, changing data and prevent unauthorized disclosure, disclosure, or use of the data controller ensures:

– the appropriate information, establishing environmental engineering, operation,
– the supply of a component part al controlled the selection, supervision,
– the detailed operating, service and risk management procedures published.

  1. Based on the above service provider that the data it manages

– It is available to the claimant
– credibility and validation is provided,
– No changes must be justified.

  1. Data management and storage provider to protect against information systems, including

– cyber fraud,
– espionage,
– computer viruses,
– of spam,
– the hacks
– and against other attacks.

13. DATA SUBJECTS’ RIGHTS

  1. The data subject may request the Service Provider to provide information to the management of personal information, request correction of personal information and request personal data – erasure or blocking – with the exception of optional data management.
  1. subject’s request to the controller information is affected by the treated and processed by it or by the provisions responsible processing data from their source, the data management purpose, grounds, duration, the data processing names, addresses and associated data management activities of the data protection incident conditions , and the impact of measures taken to eliminate, and – in case of transmission of personal data is concerned – the legal basis and the recipient of the transfer.
  1. The data controller – if you have an internal data protection managers to the internal data protection by responsible – control measures on data protection incident and keep a record for the purpose of informing affected, which includes the extent of the personal data involved, the range and quantity of data protection incidents involved, the date of the privacy incident , circumstances, effects and measures taken to avert, data and other information specified in the prescribing legislation.
  1. If data transmission occurs, the data management leads to transmission records to verify the legality of the transfer of data and information in question, which contains the date of the personal data it manages the transmission of the data transfer legal basis and the recipient, to determine the scope of the personal data transferred and for which the data prescribing legislation other data.
  1. User request to Service information about the data they manage, their source and data management purpose, legal basis, duration, possible data processing names, addresses and related data management activities, and – in case of transmission of personal data is concerned – in the data transfer legal basis and the recipient of. During service of the submission of the application shortest time, but not later than in writing, in a comprehensible form to enter the information within 25 days. The information is free.
  1. Service provided personal data is accurate does not meet, and truthful personal data on the controller’s disposal to rectify personal data.
  1. Instead of deleting Provider lock the personal information if the user so requests, or if the basis of the information available, it can be assumed that the cancellation would harm the legitimate interests of the user. Locked personal data will only be manageable as long as there is the objective of data management, which excluded the personal data deleted.
  1. Service delete the personal data if you order handling illegal, the user of the managed data is incomplete or incorrect – and this can not lawfully be resolved – provided that the cancellation law does not preclude the purpose of processing has ceased or provided for storing the data law the deadline expired, it has been ordered by a court or the National Authority for Data Protection and Freedom of Information.
  1. The controller identifies the personal information it manages, if the dispute concerned the correctness or accuracy of the personal data but controversial incorrectness or inaccuracy can not be ascertained without doubt.
  1. The correction of the blocking, deletion of the signs and the need for stakeholders, as well as notify all those whose data were previously transferred for processing. The notice may be omitted if this view of the purpose of the data processing legitimate interest of the data subject does not infringe.
  1. If the data controller does not comply with the request for rectification, blocking or deleting concerned, tell the factual and legal reasons for rejecting the application for rectification, blocking or deleting an application in writing within 25 days of receipt of the request. In case of rejection of the rectification, erasure or blocking the application of the controller to inform the data subject of legal proceedings, in addition to the Authority the possibility of occurrence.

14. REMEDIES

  1. User object to the processing of personal data if
  2. management or disclosure of personal information solely to fulfill a legal obligation to which the Service Provider or the Service, the data importer or legitimate interests pursued by a third party is required, unless the data processing ordered by law;
  3. use or disclosure of personal data is for the purpose of direct marketing, public opinion polling or scientific research;
  4. in other cases specified by law.
  1. Service in the protest as soon as possible after the submission of the application, but will examine later than 15 days to decide on the merits of the issue, and its decision to the applicant in writing. If the Service determines protest of the relevant merits of data management – including additional data collection and data forwarding – removes and blocks the data of the objection and the action taken on the basis of inform all those to whom he transmitted personal data the objection earlier, and who are obliged to take action to enforce the right to object.
  1. If the User of the Service Provider does not agree with the decision taken by the counter – you can go to court – Within 30 days of its notification. The court is acting out of turn.
  1. the possible infringement complaint against the data controller may be made to the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information

1125 Budapest, Szilagyi Erzsebet fasor 22 / C.

Mailing address: 1530 Budapest, PO Box 5.

Phone: +36 -1-391-1400

Fax: + 36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

15. JUDICIAL ENFORCEMENT

  1. The fact that the data processing complies with the law have occupied, the data controller is obliged to prove. the legality of the transmission of the data importer is obliged to prove.
  1. The trial assessing the competence of the tribunal. The lawsuit – be brought before the tribunal of domicile or residence is concerned – that the election concerned.
  1. The lawsuit may also be parties who would otherwise not enjoy the status. The trial of the Authority to intervene in order to be successful concerned.
  1. If the court accepts the application, the controller is obliged to enter the information, the data rectification, blocking, deleting ruling made the automated processing of data destruction, in protest of the right in question to take into account, or the issue of data requested by the data importer.
  1. If the court rejects the application for receiving data, the data controller is obliged to delete the personal data concerned within three days of notification of the judgment. The data controller shall delete the data even if the data importer is not to court within the specified time limit.
  2. The court may order a judgment – the controller identification information is published – disclosure when required by the interests of the greater number of relevant data protection and rights protected.

16. COMPENSATION AND HARM FEE

  1. If the controller is in violation of privacy rights or breach concerned the unlawful handling of data security requirements of the data involved in the breach concerned may claim fees from the controller.
  1. In contrast to the stakeholders, the data controller is responsible for any damage caused by the data processor and the data controller is obliged to pay for that person in case of personal injury award for infringement caused by the data processor. The data controller is exempted from liability for the damage caused and the obligation to pay a fee grievance, if it proves that the damage or violation of the right of privacy in question was caused by forces beyond the scope of data management.
  1. You do not have to pay for the damage and harm should not be required to award the extent that the loss or damage was caused to the victim or violation of privacy rights in violation of willful or grossly negligent conduct in question.

17. CONCLUSION

We were following the laws taking into account in the preparation of the prospectus:

  • Act CXII. law – the law of self-determination and freedom of information (hereinafter referred to as Infotv.)
  • CVIII year. Law – certain aspects of electronic commerce services and of information society services (. especially the 13 / A, § a)
  • XLVII. Law – Prohibition of Unfair commercial practices against consumers;
  • Act XLVIII. Law – the basic conditions and certain limitations (particularly Section 6) the business advertising
  • XC year. Law on Freedom of Electronic Information
  • C. Electronic Communications Act (specifically for the 155. §-a)
  • 16/2011. s. Review best practices for online behavioral advertising EASA / IAB recommendation
  • The National Authority for Data Protection and Freedom of Information Privacy recommendation of notification requirements

Budapest, November 17th, 2017

BPBW Events Ltd.