Dear Visitor!
The purpose of this Privacy Notice is that the Erőforrás Alapítvány (hereafter referred to as “Erőforrás“) as a data controller under the domain name www.unitedway.hu (hereinafter referred to as “the Website“) inform every person, who using the Website (hereinafter referred to as “User“), about data processing.
We request you to read this Information very carefully. Should you have any questions or comments concerning this data management information or the management of personal data or concerning the interpretation of the legal regulations and the rules, please contact our Data Protection Officer.
We advise you that in the course of handling, recording, processing and incidentally transferring your personal data we shall proceed in accordance with the provisions of Act CXII. of 2011. on the Right of Informational Self-Determination and Freedom of Information (hereinafter: Infotv.) and of other legal regulations concerning data protection, particularly the General Data Protection Regulation of the European Union coming into force as of 25 May 2018. (hereinafter: GDPR).
1. ORGANIZATIONAL INFORMATION
| Data Controller | Erőforrás Alapítvány |
| Address (seat) | 1061 Budapest, Andrássy út. 11 |
| Registration no. | 01-01-0007364 |
| Tax no. | 18093951-1-42 |
| Contact details | Website: www.unitedway.hu Phone: +36 1 627 7732 |
| Data Privacy Officer (DPO) and contact details | Cseh Patrik dpo@unitedway.hu +36 70 881 0664 |
2. WHAT DATA IS COLLECTED
Erőforrás collects and processes the following personal data of Users and Clients in connection with the use of the Website and Erőforrás activities (the provision of personal data is only required if the User wishes to give a donation and support Erőforrás, join Erőforrás, attends an event or volunteer with Erőforrás). Information about Cookies can be found here.
SCOPE OF THE PROCESSED PERSONAL DATA (REGISTRATION / BUYING)
When buying ticket or register online, personal information provided voluntarily by the data subject.
| Collected personal data | Purpose of data processing | Lawful basis for processing | Retention period |
| First Name, Last Name | Client identification, contact, invoice issuance | Performing the contract and Legal obligation (Szt. – 2000. C.tv. 166.§ (6), 169. §) | For the retention period required by the Accounting Act, at least 8 years |
| E-mail address | Issuing an electronic invoice, confirmation of purchase | ||
| Address | Invoice issuance | ||
| Company name, headquarters, tax number (optional) | Issue an invoice for a company name | ||
| Telephone number | Contact | According to 5. § (1) (a) of the Info tv., and Article 6 (1) (a) of the GDPR data subject’s consent |
Until withdrawing the consent 1 |
| Comment | Comments and information |
SCOPE OF THE PROCESSED PERSONAL DATA (NEWSLETTER)
When signing up for a newsletter, personal information provided voluntarily by the data subject.
| Collected personal data | Purpose of data processing | Lawful basis for processing | Retention period |
| name, e-mail address | To provide further, related, email information and news updates. | According to 5. § (1) (a) of the Info tv., and Article 6 (1) (a) of the GDPR data subject’s consent |
Until withdrawing the consent 1 |
SCOPE OF THE PROCESSED PERSONAL DATA (DONATE)
Donation, auction, purchase, personal information provided voluntarily by the data subject.
| Collected personal data | Purpose of data processing | Lawful basis for processing | Retention period |
| First Name, Last Name | donor identification | Performing the contract and Legal obligation (Szt. – 2000. C.tv. 166.§ (6), 169. §) | For the retention period required by the Accounting Act, at least 8 years |
| Type and extent of the donation | invoice issuance | ||
| Address | |||
| Company name, headquarters, tax number (optional) | Issue an invoice for a company name | ||
| E-mail address, Telephone number | Contact | According to 5. § (1) (a) of the Info tv., and Article 6 (1) (a) of the GDPR data subject’s consent |
Until withdrawing the consent 1 |
SCOPE OF THE PROCESSED PERSONAL DATA (ABOUT VOLUNTEERS)
When registering for a volunteer, personal information provided voluntarily by the data subject
| Collected personal data | Purpose of data processing | Lawful basis for processing | Retention period |
| First Name, Last Name | Voluntary Identification | According to 5. § (1) (a) of the Info tv., and Article 6 (1) (a) of the GDPR data subject’s consent |
Until withdrawing the consent 1 |
| E-mail, phone number, address | Contact | ||
| Place and date of birth | Registering for a volunteer program, assessing the suitability and capabilities of a candidate | ||
| Education information | |||
| Information about the employment relationship form of employment, current job, current workplace | |||
| Volunteer activity information | |||
| Information on foreign language knowledge | |||
| Duration of volunteering | |||
| Information about the motivation of the volunteer |
SCOPE OF THE PROCESSED PERSONAL DATA (PHOTOGRAPHY)
Participation in the event, picture and voice recordings of the participants.
| Collected personal data | Purpose of data processing | Lawful basis for processing | Retention period |
| Image, voice (photo, video) | Production of promotional materials, presentation of the foundation’s work, promotion of events, documentation of the event | According to Article 6 (1) (f) of the GDPR legitimate interest |
5 years |
SCOPE OF THE PROCESSED PERSONAL DATA (BUSINESS CARD)
Personal information on business card that you give us.
| Collected personal data | Purpose of data processing | Lawful basis for processing | Retention period |
| Data on business card (Name, phone number, email address, address, position) | Relationships, networking | According to 5. § (1) (a) of the Info tv., and Article 6 (1) (a) of the GDPR data subject’s consent |
Until withdrawing the consent 1 |
1 You may cancel your subscription or withdraw your consent by e-mail or by clicking on the link in the newsletter or by sending a letter to postal address.
3. AUTOMATED DECISION MAKING AND PROFILING
We advise you that no automatized decision making, or profiling will be performed on the basis of the data you supply.
4. DATA SHARED WITH
The data processing and controlling is subject to our employees who work on the operation, maintenance and updating of the website and the organizers of the event, donations belong to financial and accounting staff and connect with volunteer program our staff who organize it.
5. DATA PROCESSORS
We also inform you that we are working together with subcontractors and partners to fully serve our services, so the following organizations can participate in the processing of your data.
| Data Processor | Purpose of data processing | Transferred personal data |
| Process Solutions Kft. 1134 Budapest, Váci út 33. |
Financial and accounting tasks | Data required for billing and transaction |
| OTP Mobil Kft. (Simple) 1093 Budapest, Közraktár u. 30-32 |
Online transaction | Transaction data |
| Keystone-Inc Kft. 1062 Budapest, Bajza u. 50. |
IT provider, Web development | Cookies |
6. INFORMATION SECURITY
Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorized purposes) of the personal data. Confidentiality means that only people who are authorized to use the data can access it. Integrity means that personal data should be accurate and suitable for the purpose for which it is processed. Availability means that authorized users should be able to access the data if they need it for authorized purposes.
Accordingly, Erőforrás will ensure that appropriate measures are taken against unlawful or unauthorized processing of personal data, and against the accidental loss of, or damage to, personal data. These principles will be enforced by putting in place appropriate hardware and software-based security measures (including physical entry and system access control, locks, alarms, firewalls, etc.). Erőforrás has in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Erőforrás shall keep confidential, and not disclose to any third party, the User’s personal data processed hereunder, unless required by law and/or expressly authorized to do by the User on a case-by-case basis.
7. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
You may request information at any time about your personal data we control and may request to correct, refine, delete or limit any of your data and to exercise any of the rights allowed by law.
Right to request information
The data subject may request information (via the contact details above, in a written form) about
- what personal data,
- on what legal reason,
- for what purpose,
- from what source,
- for how long is controlled,
- to who, when, on what legal basis the organization granted access of forwarded what personal information of the data subject.
Right to rectification
The data subject may request in a written form to modify any of his or her data (for example the email address might be changed at any time). The organization will fulfill the request in less than a month and will inform the data subject about the change via email.
Right to erasure
The data subject may request in a written form to erase any and/or all of his or her data.
The request must be refused if the organization must store the data to comply with the law. If there is no legal obligation to store the data, the organization will fulfill the request in less than a month and will inform the data subject about the change via email.
Right to restriction of processing
The data subject may request in a written form to restrict the processing of his or her data (by unambiguously indicating the limited nature of processing and by providing separate handling for such data). The limitation ends when the reasons indicated by the data subject makes the storage necessary.
Right to object
The data subject may object at any time in a written form to stop processing his or her data in case the organization would use or forward the personal data for surveying or research purposes.
Complaints and Remedies
You may request legal remedy regarding the processing of your personal data, you may file a complaint with the Data Protection Officer or at the supervisory authority, if you suspect that the processing of your personal data is in violation with the related legal regulation, and you may also file a petition to the court.
Supervisory authority (NAIH):
Nemzeti Adatvédelmi és Információszabadság Hatósága / Hungarian National Authority for Data Protection and Freedom of Information H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Tel: +36 1 391 1400
Fax: +36 1 391 1410
Email: ugyfelszolgalat@naih.hu
Please note that this document is intended to provide you with an understandable and transparent information concerning the management of personal data in our company.