Data processing policy

Transcription

1 Data processing policy MBM Adventures Kft. Data protection policy I. The data controller and his/her availabilities MBM Adventures Kft (registered seat: 1068 Budapest, Király utca 80, website: company registry number: ) hereinafter referred to as MBM Adventures Kft processes the client s - the clients of MBM Adventures Kft - personal data. Regulation (EU) 2016/679 includes the definition of the terms and concepts mandatory for present data processing policy. The referred regulation can be read on The definition of some terms and concepts used in the data processing policy in relation to data processing as defined in the regulation: data controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; data processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; data processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; GDPR: Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation); supervisory authority: Hungarian National Authority for Data Protection and Freedom of Information personal data: any information relating to an identified or identifiable natural person ( data subject ); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; special categories of personal data: processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data and biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation; client: Those people, who would like to gain information on the products and services

2 personally, via the website, on phone or any other ways as well as those who conclude a travel contract with MBM Adventures Kft (passengers). Principles of data processing MBM Adventures Kft shall take all the actions in order to: process the clients personal data lawfully, in a fair and transparent manner, collect and process the personal data for the purpose its activity and in favour of performing the travel contracts concluded with the passengers; provide an up-to-date and accurate register, ensure the safe storage and processing of the personal data excluding the unauthorised access, processing, the accidental loss or damage. II. The MBM Adventures Kft collects the following personal data from the clients MBM Adventures Kft collects the clients following personal data in relation to the inquiries about its services, subscription for the newsletter, the travel contract and the unique request for quotation: 1.) inquiry: (c) areas of interest (eg. period, destination, classification of the accommodation); Data which is necessary for making the client s inquiry more accurate and giving appropriate custom-made response based on the information supplied by the client. 2.) Subscription for the newsletter (c) areas of interest (if applicable); Data which is necessary for making the subject of a newsletter / other edm tools more accurate based on the information supplied by the client. In the cases of section 1.) and 2.) the legal background for the data processing is the consent provided by the person inquiring or subscribing for the newsletter. The data processing lasts until the period defined by the person inquiring or subscribing for the newsletter, or until the withdrawal of his/her consent. 3.) conclusion of the travel contract Data which is strictly necessary for the identification of the client (passenger). Data which is strictly necessary for the further access of the client (passenger). (c) subject of the contract (eg. period, destination, classification of the accommodation, number of children and their date of birth, dietary requirements, relevant health details);

3 Determination of the subject of the contract The legal background for the data processing is the performance of the contract and the possibility for the settlement of the arising legal disputes. The timeframe of data processing is the limitation period defined by the Hungarian Civil Code, which starts on the first day of the performance of the travel contract. 4.) unique requests for quotation (c) areas of interest (eg. period, destination, classification of the accommodation); Data which is necessary for making the client s inquiry more accurate and giving appropriate custom-made response based on the information supplied by the client. The legal background for data processing is the requester s consent. The data processing lasts until the period defined by the requester, or until the withdrawal of his/her consent. Contract in relation to a service (c) subject of the contract (eg. period, destination, classification of the accommodation, number of children and their date of birth, dietary requirements, relevant health details); Determination of the subject of the contract The legal background for the data processing is the performance of the contract and the possibility for the settlement of the arising legal disputes. The timeframe of data processing is the limitation period defined by the Hungarian Civil Code, which starts on the first day of the performance of the travel contract. Transfer of personal data within the territory of the European Economic Community (EEC) MBM Adventures Kft has the right to transfer the client s personal data to the third parties within the EEC: (a) within the company group of MBM Adventures Kft. (b) the organisations performing services for MBM Adventures Kft or its clients (eg. insurance companies, IT service providers, companies organising marketing campaigns); (c) contributors participating in the performance of the travel contract (providers of accommodation, companies organising sports events, flight companies, etc.); (d) supervisory authorities and other regulating authorities and bodies.

4 International data transfer to third countries (out of the territory of EEC) MBM Adventures Kft has the right to transfer the client s personal data to the third parties out of the territory of the EEC, if it is necessary in favour of the performance of the travel contract concluded with the passenger, and the passenger has given his/her written consent to the data transfer. Prior to the conclusion of the travel contract and in the case of personal data transferred out of the territory of the EEC, MBM Adventures Kft shall inform the passenger about the protection of that data as defined in Regulation (EU) 2016/679. Request for information The passenger may request for information about the personal data processed by MBM Adventures Kft through the following channels: address: telephone: correspondence address: III. The client s (passenger) rights The client s access rights The client has the right to access his/her personal data. The client may request MBM Adventures Kft in writing whether the office processes the personal data or not. MBM Adventures Kft cannot deny the information. The right to information only applies to the client s own personal data. The right to information does not apply for: the anonymous details; personal data not in relation to him/her. Upon the client s request, MBM Adventures Kft provides access and copy of the personal data. If the client requests for further/repeated copies about his/her personal data, MBM Adventures Kft charges HUF 5000 or an information fee, which shall be paid by the client prior to the delivery/transfer of the information on the basis of the invoice issued by MBM Adventures Kft. Right to rectification The client may request the rectification of his/her personal data at any time. The right to rectification only applies to the client s own personal data. The right to rectification does applies for: the anonymous details; personal data not in relation to him/her. Upon the client s written request, MBM Adventures Kft shall correct, complete or amend the client s personal data and informs him/her in writing. MBM Adventures Kft is not required to inform the client about the rectification if it would impose a disproportionate burden on it or information of the client is impossible. Right to erasure The client may request the erasure of his/her personal data. MBM Adventures Kft is obliged to erase the client s personal data without undue delay if

5 those are processed by MBM Adventures Kft and the client requests the erasure of his/her personal data, or processing of the personal data is not necessary for the purposes defined by MBM Adventures Kft, the client withdraws the consent in relation to data processing, there is no legal background for the further processing or the client s personal data, the client objects to the processing of his/her personal data by MBM Adventures Kft and the legitimate reason for the processing of such personal data does not take precedence over the client s objection, in compliance with the laws in force the erasure is compulsory. MBM Adventures Kft shall inform the recipients of such personal data about the erasure. MBM Adventures Kft is not required to inform the client and the recipients about the rectification, if it would impose a disproportionate burden on it or information of the client is impossible. Right to the restriction of processing The client may request the restriction of processing his/her personal data. The right to the restriction of processing shall apply only for the client s personal data. MBM Adventures Kft may restrict the processing of the client s personal data as long as it checks the correctness and accuracy of the client s personal data if the client disputes the accuracy of the data. MBM Adventures Kft shall restrict the processing of the client s personal data if the client requests to restrict the processing of such data, whose processing is unlawful and the client objects to the erasure of such data. Upon the client s request, MBM Adventures Kft restricts the processing of the personal data, if MBM Adventures Kft does not need the data affected by the restriction any more and the client requests his/her data for the submission, enforcement or protection of a legal claim. MBM Adventures Kft restricts the processing of the client s personal data, if the client objects to the processing of such personal data which is necessary for the legitimate interest of Esőerdő Utazási Iroda, or the client waits for the confirmation of the fact that the processing of his/her personal data by Esőerdő Utazási Iroda overrides the client s objection due to reasons defined by the law. MBM Adventures Kft shall inform the recipients of such personal data about the restriction of processing. MBM Adventures Kft is not required to inform the client and the recipients about the restriction, if it would impose a disproportionate burden on it or information of the client is impossible. In the case of the restriction of processing the personal data, Esőerdő Utazási Iroda may store such personal data, may process such personal data upon the client s consent, may process the personal data in favour of submitting, enforcing or protecting their legal claims or protecting any people s personal rights.

6 MBM Adventures Kft is not permitted to use the client s personal data for its direct marketing communication. Right to data portability The client has the right to receive his/her personal data provided to MBM Adventures Kft in writing in a printed or any other readable format. The client has the right to transfer or forward/ have it been forwarded his/her personal data to any other data controllers. The right to data portability only applies to the client s own personal data. Right to submit complaints If the client feels that his/her right in relation to the processing of his/her personal rights have been infringed, he/she shall contact the contact person of MBM Adventures Kft. Contact: Balázs Galisz and telephone: balazs.galisz@mbmadventures.com and The client may submit his/her complaints in relation to the processing of his/her personal data directly to the Hungarian National Authority for Data Protection and Freedom of Information (1125 Budapest Szilágyi Erzsébet fasor 22/C; telephone: ; fax: ; ugyfelszolgalat@naih.hu; website: or may initiate proceedings at the competent court in his place of residence.