The purpose of this Notice is to provide adequate information about the activities of the Hungarian Sustainable Investment and Financing Association in relation to the processing of personal data of natural persons and the use of cookies. The current Notice is available at all times on the Association's website. Please read the Notice carefully and if you have any questions, please feel free to contact us using one of the contact details provided below.
The Notice is primarily governed by the relevant provisions of the following domestic and EU legislation:
1. Data Controller
Name: Hungarian Sustainable Investment and Financing Association
Registered office: 1131 Budapest, Babér utca 13-15 B205
Organization registration number: Under registration
Representative: Bálint Szaniszló, President
Email address: info@husif.hu
Website: www.husif.hu
2. Data Processing
a. Processing of contractual contact persons' data
The Association collects the personal data of natural persons acting as contact persons for its contractual partners (in particular their names, email addresses, telephone numbers and, where applicable, job titles) in the legitimate interest of the contractual partner and processes such data for the purpose of maintaining contact in order to perform the contract. If there is a change in the contact person's data or identity, the contractual partner is obliged to notify the Association immediately. Given that the contact person's personal data forms part of the text of the contract, the Association shall retain it in this form for the general limitation period from the performance/expiry/termination of the contract, i.e. for 5 (five) years, and in order to substantiate the accounting documentation, in accordance with Section 169(2) of the Accounting Act, for 8 (eight) years.
b. Invoicing
Invoices issued by the Association in connection with its activities must be kept in a readable form for at least eight (8) years in accordance with accounting regulations, and must be retrievable based on references in the accounting records. In this regard, the Association processes only the personal data required by law – name, (residential) address – for the purpose of ensuring compliance with legal requirements. Withdrawal of consent to the processing of personal data does not affect the lawfulness of the data processing.
c. Membership register
The Association processes the data of its members and persons holding positions in the Association as required by law and necessary for the smooth operation and maintenance of contacts (name, employer's registered office, position held, address, mother's maiden name, place and date of birth, birth name, e-mail address, telephone number). The Data Controller shall retain personal data until the end of the general limitation period from the termination of the legal relationship, i.e. for 5 (five) years, but shall only process data for communication purposes during the existence of the legal relationship.
d. Employees
The Association is entitled to process the personal data of its employees, experts employed under a contract of mandate, and natural persons or organizations providing services to it under a contract, based on labor law, civil law, and data protection rules. The Data Controller shall retain personal data until the end of the general limitation period from the termination of the legal relationship, i.e. for 5 (five) years.
e. Audio, video and photographic recordings
Audio, video and photographic recordings may be made of participants at events organized by or on behalf of the Association, which recordings may be published on the Association's website and other media platforms operated by the Association (e.g. LinkedIn), subject to the prior and express consent of the data subject. If the participant concerned does not wish the recording to be published or wishes to have it removed or destroyed at a later date, the Data Controller shall take action immediately, but no later than within 3 (three) working days, upon receipt of a written request to that effect from the data subject. The consent of the person concerned is not required for the recording and use of recordings made in the case of mass recordings and recordings of public figures.
f. External links
The Website may contain links to websites operated by third parties, which have their own data protection policies and mechanisms. Please read the data protection policy of the website carefully before providing your personal data. The Association is not responsible for the content of external websites or their data and information protection practices.
3. Data Processing and Data Transfer
The data processor shall perform data processing in accordance with the instructions of the Association, shall not make any substantive decisions concerning data processing, shall process personal data that come to its knowledge exclusively in accordance with the provisions of the Association, shall not perform data processing for its own purposes, and shall store, preserve and keep confidential personal data in accordance with the provisions of the data controller. The data processor may not engage any further data processors without the prior written authorization of the Association, either on a case-by-case basis or in general. We use companies based in EEA countries to process and store your data. We will provide further information about the data processors at your request.
We hereby inform you that the court, the prosecutor, the investigating authority, the administrative authority, the National Data Protection and Freedom of Information Authority, or other bodies authorized by law may contact the Association for the purpose of providing information, communicating data, transferring data, or making documents available. The Association will only disclose personal data to the authorities – provided that the authority has specified the exact purpose and scope of the data – to the extent that is strictly necessary to achieve the purpose of the request.
The Association does not transfer personal data to third countries or international organizations.
4. Data Security
We hereby inform you that the Association does not engage in automated decision-making or profiling as part of its data processing activities.
The Association ensures the security of data in proportion to the risk, and takes the technical and organizational measures and establishes the procedural rules necessary for the enforcement of the GDPR, the Infotv. and other data and confidentiality rules. The Association protects data with measures commensurate with the risk, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, and inaccessibility resulting from changes in the technology used. The Association protects the data with IT solutions in line with the risk. It keeps an eye on data protection incidents. If a data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the data controller will let the person know about the data protection incident without any unnecessary delay.
The Association shall ensure that unauthorized persons cannot access, disclose, transfer, modify, or delete the data processed. The processed data may only be accessed by the Association, its employees, and the data processor(s) it uses, and the Association shall not disclose such data to third parties who are not authorized to access it. The Association shall do everything in its power to prevent the accidental damage or destruction of data. The Association shall impose the above obligation on its agents involved in data processing activities.
Under no circumstances shall the Association collect special data, i.e. data relating to racial origin, membership of a national or ethnic minority, political opinion or party affiliation, religious or other philosophical beliefs, membership of interest groups, health, addictions, sex life, or criminal record.
5. Rights of data subjects and means of enforcing rights
The Association may exercise the rights listed in the following points by submitting a request. The Association's contact details are provided in point 1 of the Information Notice. The Association shall assess requests for the enforcement of rights within the shortest possible time after their submission, but no later than 25 (twenty-five) days, and shall notify the data subject of its decision in writing or, if the data subject submitted the request electronically, by electronic means.
a. Information on the processing of personal data
At the request of the data subject, the Association shall provide information on the data processed by it or by a data processor commissioned by it or in accordance with its instructions, the source of the data, the purpose of the data processing, the legal basis, the duration, the name and address of the data processor and its activities related to data processing, the circumstances and effects of the data protection incident and the measures taken to remedy it, and, in the case of the transfer of the data subject's personal data, the legal basis and recipient of the data transfer.
b. Access to personal data
The data subject has the right to obtain from the Association confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
The Association shall provide the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Association may charge a reasonable fee based on administrative costs. If the data subject submitted the request electronically, the information shall be provided in a widely used electronic format, unless the data subject requests otherwise.
The right to request a copy shall not adversely affect the rights and freedoms of others.
c. Right to rectification
The data subject shall have the right to obtain from the Association, without undue delay, the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
d. Right to erasure (right to be forgotten)
The data subject shall have the right to obtain from the Association the erasure of personal data concerning him or her without undue delay and the Association shall have the obligation to erase personal data concerning the data subject without undue delay where one of the following grounds applies:
The deletion of data cannot be initiated if data processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the Association is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Association; for reasons of public interest in the area of public health, or for archiving, scientific and historical research purposes or statistical purposes; or for the establishment, exercise or defense of legal claims.
e. Right to restriction of processing
The data subject shall have the right to obtain from the Association restriction of processing where one of the following applies:
If the processing is restricted on the basis of the above, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
The Association shall inform the data subject whose data processing has been restricted at their request in advance of the lifting of the restriction on data processing.
The Association shall inform all recipients to whom personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves disproportionate effort. At the request of the data subject, the Association shall inform the data subject of these recipients.
f. Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used and machine-readable format, and to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
When exercising the right to data portability as described above, the data subject shall have the right to request the direct transfer of personal data between data controllers, if technically feasible. The exercise of this right shall not affect the right to erasure. The aforementioned right shall not apply if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. The right referred to in this paragraph shall not adversely affect the rights and freedoms of others.
g. Right of withdrawal
The data subject shall have the right to withdraw his or her consent to the processing of his or her personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
h. Enforcement of the rights of the data subject, legal remedies, judicial enforcement:
The data subject may lodge a complaint with the Association at any time in connection with the processing of their personal data:
Email address: info@husif.hu
If the data subject disagrees with the Association's decision regarding the objection, or if the data controller fails to respond within the deadline, the data subject may appeal to the court within 30 days of the notification of the decision or the last day of the deadline. The court shall deal with the case as a matter of priority. The data subject may, at his or her discretion, bring the action before the court of his or her place of residence or place of stay.
The data subject may lodge a complaint with the supervisory authority (National Authority for Data Protection and Freedom of Information; 1055 Budapest, Falk Miksa utca 9-11. – mailing address 1363 Budapest, Pf.: 9..; ugyfelszolgalat@naih.hu; +36 1 391 1400) and may initiate an investigation by reporting that a violation of rights has occurred or is imminent in relation to the processing of their personal data.
The data subject may also initiate an investigation by the Authority to examine the lawfulness of the Association's measures if the Association restricts the exercise of the data subject's rights or rejects a request to exercise those rights, and the data subject may request the Authority to conduct a data protection procedure if, in his or her opinion, the Data Controller or the data processor acting on its behalf or on its instructions violates the provisions of the law or the binding legal acts of the European Union relating to the processing of personal data.
The data subject may appeal to the courts against the Association or, in connection with data processing operations falling within the scope of the data processor's activities, against the data processor if, in his or her opinion, the Association or the data processor commissioned by it or acting on its instructions, is processing their personal data in violation of the provisions laid down in legislation or in a binding legal act of the European Union relating to the processing of personal data.
The data controller or data processor shall be responsible for proving that the data processing complies with the provisions of the law or binding legal acts of the European Union on the processing of personal data.
The data subject may, at his or her discretion, bring the action before the court having jurisdiction over his or her place of residence or place of stay. A person who does not otherwise have legal capacity to sue may also be a party to the action. The Authority may intervene in the action in order to ensure that the data subject prevails.
6. Cookie management
A cookie is a piece of information (a variable-length alphanumeric information packet sent by a web server) that is stored on your computer by the websites you visit. The use of cookies makes it possible to retrieve certain data about visitors and to track their Internet usage. Cookies themselves are not capable of identifying users; they are only capable of recognizing the visitor's computer.
The Website operated by the Association also uses cookies, similar to other websites, in which no personal data is collected and stored, only anonymized internal identifiers and technical information.
The legal basis for the cookies that ensure the basic functioning of the Website is legitimate interest, the purpose of which is to ensure the proper functioning of the Website.
The cookies used by the Association cannot identify you personally. Please note that cookies do not record personal data, as the Website does not allow users to log in, subscribe to newsletters, or fill out contact or other forms.
The Website does not use targeting or advertising cookies.
You can disable cookies through your browser settings, but there is no guarantee that you will be able to access all the features of the Website without such cookies.
You can find information about cookie settings for the most popular browsers at the following links:
Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu
Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn
Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq
Safari: https://support.apple.com/hu-hu/HT201265
However, please note that certain website features or services may not function properly without cookies.
7. Other provisions
We will provide detailed information about data processing not listed in this Notice at the time of data collection. The Association reserves the right to modify the content of the Notice at any time at its discretion. Modifications to the Notice shall take effect upon publication on the Website, and we therefore recommend that you check the content of the modifications at regular intervals.