Privacy notice

Dear Visitor!

The purpose of this Privacy Notice is that the Erőforrás Alapítvány (hereafter referred to as “Erőforrás“) as a data controller under the domain name www.unitedway.hu (hereinafter referred to as “the Website“) inform every person, who using the Website (hereinafter referred to as “User“), about data processing.

We request you to read this Information very carefully. Should you have any questions or comments concerning this data management information or the management of personal data or concerning the interpretation of the legal regulations and the rules, please contact our Data Protection Officer.

We advise you that in the course of handling, recording, processing and incidentally transferring your personal data we shall proceed in accordance with the provisions of Act CXII. of 2011. on the Right of Informational Self-Determination and Freedom of Information (hereinafter: Infotv.) and of other legal regulations concerning data protection, particularly the General Data Protection Regulation of the European Union coming into force as of 25 May 2018. (hereinafter: GDPR).

1. ORGANIZATIONAL INFORMATION

Data Controller Erőforrás Alapítvány
Address (seat) 1061 Budapest, Andrássy út. 11
Registration no. 01-01-0007364
Tax no. 18093951-1-42
Contact details Website: www.unitedway.hu
Phone: +36 1 627 7732
Data Privacy Officer (DPO) and contact details Cseh Patrik
dpo@unitedway.hu
+36 70 881 0664

2. WHAT DATA IS COLLECTED

Erőforrás collects and processes the following personal data of Users and Clients in connection with the use of the Website and Erőforrás activities (the provision of personal data is only required if the User wishes to give a donation and support Erőforrás, join Erőforrás, attends an event or volunteer with Erőforrás). Information about Cookies can be found here.

SCOPE OF THE PROCESSED PERSONAL DATA (REGISTRATION / BUYING)

When buying ticket or register online, personal information provided voluntarily by the data subject.

Collected personal data Purpose of data processing Lawful basis for processing Retention period
First Name, Last Name Client identification, contact, invoice issuance Performing the contract and Legal obligation (Szt. – 2000. C.tv. 166.§ (6), 169. §) For the retention period required by the Accounting Act, at least 8 years
E-mail address Issuing an electronic invoice, confirmation of purchase
Address Invoice issuance
Company name, headquarters, tax number (optional) Issue an invoice for a company name
Telephone number Contact According to 5. § (1) (a) of the Info tv., and Article 6 (1) (a) of the GDPR
data subject’s consent
Until withdrawing the consent 1
Comment Comments and information

SCOPE OF THE PROCESSED PERSONAL DATA (NEWSLETTER)

When signing up for a newsletter, personal information provided voluntarily by the data subject.

Collected personal data Purpose of data processing Lawful basis for processing Retention period
name, e-mail address To provide further, related, email information and news updates. According to 5. § (1) (a) of the Info tv., and Article 6 (1) (a) of the GDPR
data subject’s consent
Until withdrawing the consent 1

SCOPE OF THE PROCESSED PERSONAL DATA (DONATE)

Donation, auction, purchase, personal information provided voluntarily by the data subject.

Collected personal data Purpose of data processing Lawful basis for processing Retention period
First Name, Last Name donor identification Performing the contract and Legal obligation (Szt. – 2000. C.tv. 166.§ (6), 169. §) For the retention period required by the Accounting Act, at least 8 years
Type and extent of the donation invoice issuance
Address
Company name, headquarters, tax number (optional) Issue an invoice for a company name
E-mail address, Telephone number Contact According to 5. § (1) (a) of the Info tv., and Article 6 (1) (a) of the GDPR
data subject’s consent
Until withdrawing the consent 1

SCOPE OF THE PROCESSED PERSONAL DATA (ABOUT VOLUNTEERS)

When registering for a volunteer, personal information provided voluntarily by the data subject

Collected personal data Purpose of data processing Lawful basis for processing Retention period
First Name, Last Name Voluntary Identification According to 5. § (1) (a) of the Info tv., and Article 6 (1) (a) of the GDPR
data subject’s consent
Until withdrawing the consent 1
E-mail, phone number, address Contact
Place and date of birth Registering for a volunteer program, assessing the suitability and capabilities of a candidate
Education information
Information about the employment relationship form of employment, current job, current workplace
Volunteer activity information
Information on foreign language knowledge
Duration of volunteering
Information about the motivation of the volunteer

SCOPE OF THE PROCESSED PERSONAL DATA (PHOTOGRAPHY)

Participation in the event, picture and voice recordings of the participants.

Collected personal data Purpose of data processing Lawful basis for processing Retention period
Image, voice (photo, video) Production of promotional materials, presentation of the foundation’s work, promotion of events, documentation of the event According to Article 6 (1) (f) of the GDPR
legitimate interest
5 years

SCOPE OF THE PROCESSED PERSONAL DATA (BUSINESS CARD)

Personal information on business card that you give us.

Collected personal data Purpose of data processing Lawful basis for processing Retention period
Data on business card (Name, phone number, email address, address, position) Relationships, networking According to 5. § (1) (a) of the Info tv., and Article 6 (1) (a) of the GDPR
data subject’s consent
Until withdrawing the consent 1

1 You may cancel your subscription or withdraw your consent by e-mail or by clicking on the link in the newsletter or by sending a letter to postal address.

3. AUTOMATED DECISION MAKING AND PROFILING

We advise you that no automatized decision making, or profiling will be performed on the basis of the data you supply.

4. DATA SHARED WITH

The data processing and controlling is subject to our employees who work on the operation, maintenance and updating of the website and the organizers of the event, donations belong to financial and accounting staff and connect with volunteer program our staff who organize it.

5. DATA PROCESSORS

We also inform you that we are working together with subcontractors and partners to fully serve our services, so the following organizations can participate in the processing of your data.

Data Processor Purpose of data processing Transferred personal data
Process Solutions Kft.
1134 Budapest, Váci út 33.
Financial and accounting tasks Data required for billing and transaction
OTP Mobil Kft. (Simple)
1093 Budapest, Közraktár u. 30-32
Online transaction Transaction data
Keystone-Inc Kft.
1062 Budapest, Bajza u. 50.
IT provider, Web development Cookies

6. INFORMATION SECURITY

Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorized purposes) of the personal data. Confidentiality means that only people who are authorized to use the data can access it. Integrity means that personal data should be accurate and suitable for the purpose for which it is processed. Availability means that authorized users should be able to access the data if they need it for authorized purposes.

Accordingly, Erőforrás will ensure that appropriate measures are taken against unlawful or unauthorized processing of personal data, and against the accidental loss of, or damage to, personal data. These principles will be enforced by putting in place appropriate hardware and software-based security measures (including physical entry and system access control, locks, alarms, firewalls, etc.). Erőforrás has in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Erőforrás shall keep confidential, and not disclose to any third party, the User’s personal data processed hereunder, unless required by law and/or expressly authorized to do by the User on a case-by-case basis.

7. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

You may request information at any time about your personal data we control and may request to correct, refine, delete or limit any of your data and to exercise any of the rights allowed by law.

Right to request information

The data subject may request information (via the contact details above, in a written form) about

  • what personal data,
  • on what legal reason,
  • for what purpose,
  • from what source,
  • for how long is controlled,
  • to who, when, on what legal basis the organization granted access of forwarded what personal information of the data subject.

Right to rectification

The data subject may request in a written form to modify any of his or her data (for example the email address might be changed at any time). The organization will fulfill the request in less than a month and will inform the data subject about the change via email.

Right to erasure

The data subject may request in a written form to erase any and/or all of his or her data.

The request must be refused if the organization must store the data to comply with the law. If there is no legal obligation to store the data, the organization will fulfill the request in less than a month and will inform the data subject about the change via email.

Right to restriction of processing

The data subject may request in a written form to restrict the processing of his or her data (by unambiguously indicating the limited nature of processing and by providing separate handling for such data). The limitation ends when the reasons indicated by the data subject makes the storage necessary.

Right to object

The data subject may object at any time in a written form to stop processing his or her data in case the organization would use or forward the personal data for surveying or research purposes.

Complaints and Remedies

You may request legal remedy regarding the processing of your personal data, you may file a complaint with the Data Protection Officer or at the supervisory authority, if you suspect that the processing of your personal data is in violation with the related legal regulation, and you may also file a petition to the court.

Supervisory authority (NAIH):

Nemzeti Adatvédelmi és Információszabadság Hatósága / Hungarian National Authority for Data Protection and Freedom of Information H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Tel: +36 1 391 1400
Fax: +36 1 391 1410
Email: ugyfelszolgalat@naih.hu

Please note that this document is intended to provide you with an understandable and transparent information concerning the management of personal data in our company.