The purpose of this Statement on data protection and data management is to regulate the collection and handling of personal data by Nordic Walking Debrecen Sports Club (further as: NWDSE) (registered office: 4032 Debrecen, Ormos Lajos st. 3. At. 22.; electronic mail address: nwdse2020@gmail.com, tax number: 19280949-1- 09 in the course of its activities.

NWDSE as data controller handles data and pays special attention to the protection of personal data in compliance with mandatory legal provisions, and principles of secure and fair data processing.

The data controller informs natural persons about the principles, process and guarantees of data management. The data controller recognizes the right of natural persons to control their own personal data.

The data controller informs the applicants for the International Nordic Walking Meeting and Competition, Debrecen, on the specific data it manages and the methods thereof.

Together with this Statement and the General Data Protection Information, the data controller fulfills the information obligation prescribed by the GDPR Regulation.

If you need more information about this privacy Statement, please read the general information or contact NWDSE at any contact provided above.

The terms used in this Statement are based on the GDPR Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data).

In the course of handling personal data, the data controller shall act in accordance with the following principles of data management: purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, accountability, necessity, proportionality, lawfulness, fairness and transparency.

The purpose of the data controller is to minimize the processing of personal data in order to reduce data management risks. The data controller handles the personal data processed in a transparent and verifiable manner in order to detect and avoid data protection incidents immediately.

The data controller backs up electronically stored data on a daily basis. The data controller stores the backups on its own server. Backup storage time: 5 years.

Legal basis for data management for backups: the data controller has a legitimate interest in complying with the requirements of the Regulation and in ensuring the continuous and uninterrupted availability of data generated in the course of its activities. The data controller handles a significant amount of data, and the secure storage and recovery of data in the event of damage is of significant public interest.

NWDSE publishes the results of the competition, the consent to the publication is a condition of the application for the competition, and it is based on the statement made at that time.

The data controller collects and manages data, which is carried out in accordance with the Data Protection Act. This Statement contains the scope of events and persons arising in connection with the collection and management of data, as well as the application of the rules.

NWDSE collects and processes the personal data provided by the client through the electronic entry forms on the website https://www.nordicwalkingdebrecen.hu/sportegyesulet, and used for the necessary communication during the period prescribed by law.

NWDSE collects the data of the applicants on a Google form from 25/01/2022. to 20/05/2022. and on 21/05/2022 from 7:00 am to 8:45 am at the on-site application to the competition, at the venue in the form of a paper application.

When applying for the competition, applicants must provide the following personal data to the organizers of the competition:

1. Name
2. Gender
3. Date of birth
4. Address
5. Billing address
6. Club membership

Organizer will use the requested data only in connection with the organization of the competition.

DATA CONTROLLER INFORMATION

Name: Nordic Walking Debrecen Sports Club

Address: 4032 Debrecen Ormos Lajos street 3. At. 22.

Tax number: 19280949-1-09

Website: https://www.nordicwalkingdebrecen.hu/sportegyesulet

Contact: Anikó Nagy, data protection officer

Phone: +36 20 382 0664

Email: nwdse2020@gmail.com

• The data will not be released to third parties by the organizer.
• Third party: a natural or legal person or an entity without legal personality which is not the same as the data subject, the controller or the processor.
• Consent: the voluntary and explicit expression of the data subject’s wishes, based on appropriate information and giving his or her unambiguous consent to the processing of personal data concerning him or her, in full or in part

The data subject may expressly request the deletion of his or her data in writing in the event of the withdrawal of his / her application, or at any time after the competition.

• Protest: a statement by the data subject objecting to the processing of his or her personal data and requesting the termination of data processing or the deletion of the processed data.

RIGHTS OF DATA SUBJECTS

You can contact the data controller’s representative directly with your requests, questions, complaints or remarks about the conduct of the data controller.

You may exercise your data management rights by submitting a written request to the data controller. The data controller will respond to inquiries by e-mail or post without delay, but no later than within 30 days from the receipt. During the processing of requests, the data controller shall make a decision with regard to the legal basis of the data processing.

NWDSE hereby informs all data subjects that if the request for the release of the data entails a disproportionate additional cost for the data controller (e.g. due to the chosen format), the data controller is entitled to charge the data subject for the costs related to the release of the data. The data controller shall inform the data subject in advance of any costs incurred.

 NWDSE hereby informs all data subjects that on behalf of persons under the age of 18, their legal representative is entitled to act.

Right of information and access to personal data

Prior to the commencement of data processing, you are entitled to receive prior information about the facts and events related to data processing, which the data controller provides with the content of this Statement – and other informative documents. You also have the right to receive feedback from the data controller as to whether the processing of your personal data is in progress and, if such processing is in progress, you have the right to access to the personal data and related information specified in the Regulation. More detailed information can be found in Articles 13-14 of the Regulation.

Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. If you notice inaccurate data, please enter the correct information about yourself in your application. You will be informed about the rectification. More detailed information is provided in Article 16 of the Regulation.

Right to erasure (“right to be forgotten”)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay if one of the conditions set out in Article 17 of the Regulation is met:

o Data processing is no longer required for the purpose for which it was collected.

o the data subject has withdrawn consent and the data controller has no other legal ground for data processing.

o the data subject objects to the data processing and and there are no overriding legitimate grounds for the processing, over the data subject’s exercise of rights.

o the personal data have been unlawfully processed

o the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

More detailed information is provided in Article 17 of the Regulation.

Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

• the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
• the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

More detailed information is provided in Article 18 of the Regulation.

Right to object

You have the right to object at any time to the processing of your personal data for a legitimate interest (Article 6 (1) (f) of the Regulation) or for direct marketing purposes.

In the event of objection, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

More detailed information is provided in Article 21 of the Regulation.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint against data processing with the data controller and his / her representative, and secondly with the supervisory authority of the Member State in which you are domiciled, employed or in the Member State where the alleged infringement takes place.

Contact details of the supervisory authority:

o Name: Hungarian National Authority for Data Protection and Freedom of Information

o postal address: 1374 Budapest, Pf. 603.

o address: 1055 Budapest, Falk Miksa utca 9-11.

o Telephone: +36 (1) 391-1400

o Fax: +36 (1) 391-1410

o E-mail: ugyfelszolgalat@naih.hu

• URL: http://naih.hu

Right to a judicial remedy

You have the right to a judicial remedy against a binding decision of the supervisory authority that applies to you, or if the supervisory authority has not dealt with your complaint or you have not been informed of the complaint procedure within 3 months. The data subject may exercise his right of appeal before the competent court.

More detailed information is provided in Article 78 of the Regulation.

The data subject is also entitled to an effective judicial remedy against the data controller or the data processor if, in their opinion, their personal data has not been processed in accordance with the rules of the Regulation. The data subjects may exercise their right of appeal before the competent court. More detailed information is provided in Article 79 of the Regulation.

Right to information for children and persons under guardianship

The right to information also applies to children and persons under guardianship. By informing the legal representative or guardian, the data controller fulfils this obligation. The legal representative or guardian shall provide information to the child or the person under guardianship in a manner appropriate to his or her mental capability. If the child’s age and maturity allow, the data controller shall also provide the child with brief, verbal information regarding the processing of his or her data at the express request of the child or the legal representative.

DATA PROCESSORS

The data controller performs the data management mainly with the help of its own employees. In case of outsourced tasks or other cooperation, the data controller transmits data to the partners. The data controller ensures that the legal conditions during data transfer (are fulfilled during the data transfer, and that the data transfer does not infringe your rights. You will find more information about data processors in the General Privacy Statement.

Rules for data management and data processing:

• Personal data can be processed if
  • the data subject consents to, or
  • it is ordered by law or – on the basis of the authorization of law, within the scope specified therein – by a decree of a local government.
• The service provider provided the data provided during the registration of the relevant customer as necessary and sufficient identification data for the identification of the service user in accordance with the CVIII of 2001. According to the Act, it manages for the purpose of establishing a contract for the provision of an information society-related service, defining its content, amending it, monitoring its performance, invoicing the resulting consideration and enforcing the related claims.
• The data controller does not handle special data.
• The law may, in the public interest, order the disclosure of personal data by explicitly indicating the scope of the data. In all other cases, the consent of the data subject is required for disclosure, or in the case of special data, written consent. In case of doubt, it shall be presumed that the data subject has not given his consent. The consent of the data subject shall be deemed to be given in respect of the data which he discloses in the course of his or her public performance or which he discloses for the purposes of disclosure. In proceedings initiated at the request of the data subject, his consent to the processing of his necessary data shall be presumed. This fact must be brought to the attention of the person concerned.
• In case of the current Statement, the Nordic Walking Debrecen Sports Club is the data processor.
• The rights and obligations of the data processor in relation to the processing of personal data shall be determined by the data controller. The data controller is responsible for the lawfulness of the instructions for data processing operations. Within the scope of activities of the data processor and within the limits set by the data controller, he is responsible for the processing, alteration, deletion, transmission and disclosure of personal data. The data processor may not work together with any other data processor in the performance of your data processing activities. The data processor may not make a substantive decision concerning data management, may process personal data obtained only in accordance with the provisions of the data controller, may not process data for its own purposes, and is obliged to store and retain personal data in accordance with the data controller’s provisions.
• Based on the above, the data controller manages the following data of the data subjects: name, e-mail address, address, telephone number, billing data, order data.
• The service provider shall process personal data relating to the use of the information society service which are essential for the purpose of determining the value of the information society and invoicing, in particular the date, time and place of the use of the service for the purpose of invoicing the information society service contract. In addition to the above, the service provider processes the personal data that are technically necessary for the provision of the service. The service provider also handles the data related to the use of the service for the purpose of increasing the efficiency of its service, delivering electronic advertisements or other targeted content to the user, and for market research, and has expressly consented to this by registering the user.
• Before using the information society service and during the use of the service, the user shall ensure that the data processing for this purpose may be prohibited by the user in order to increase the efficiency of his service, to deliver electronic advertising or other targeted content to the user, and to conduct market research.
• By registering the user, he consents to the transfer of his data to other service providers cooperating with the service provider (hereinafter: third party) for the purpose for which the service provider itself is entitled to process the data. If the service provider’s right to process data for any purpose is terminated, it shall notify the third party thereof.
• In case of termination of the right to data management, the service provider deletes the data of the service user. The service provider shall ensure that the user can find out which data management purposes the service provider manages for which data management purposes at any time before and during the use of the information society service.
• The obligation of the relevant customer to provide data is voluntary, however, in the absence of the necessary and sufficient data, the service provider cannot fulfill the orders of the affected customer. Thus, for the purpose of performing our service and subject to the terms and conditions of this policy, please provide the necessary and sufficient information as “mandatory”. The mandatory term in this case does not refer to the mandatory nature of the data collection, but to the fact that there are records that cannot be completed without completion, so omission or incorrect completion of certain fields may lead to rejection of the registration.
• By registering, the user of the service acknowledges that he has voluntarily given his clear and prior consent for the service provider to send him an electronic advertisement. You can withdraw this statement of consent at any time without restriction or justification and free of charge. In this case, the service provider will immediately delete the name of the declarant from the specified register required by law and will no longer send him an electronic advertisement. When sending an electronic advertisement, the advertiser shall inform the recipient of the electronic mail address and other contact details where he may request to be prohibited from sending electronic advertisements using an information society service.
• By registering, the user, as the customer, acknowledges that he has read and accepted the data management rules of the service provider and has made the statements specified therein, and that his registration constitutes consent to the data management.
• The data controller undertakes to notify the visitors of its website in advance of any changes to its principles and practices regarding the processing of personal data, so that they always have an accurate and continuous knowledge of the data processing principles and practices valid throughout the data controller’s portal. This Policy on the handling and protection of personal data always reflects the principles actually applied and the actual practice.
• If we wish to use personal data in a way that differs from the principles and purposes stated in the collection of personal data, we will notify those concerned in advance by e-mail, who will be offered the opportunity to decide whether or not to consent. e to treat their personal data differently under the new conditions.
• Anonymous information, that is collected without the possibility of personal identification and cannot be linked to a natural person, is not considered personal data, nor is demographic data that is collected without linking it to the personal data of identifiable persons, and thus cannot be claimed in contact with a natural person.
• We do not supplement or link personal or other data provided by data subjects with data or information from other sources. If in the future such linking of data from different sources should take place, this will only be done after appropriate information has been obtained, with the prior consent of the data subject.
• The authorities shall request the transfer of personal data from the service provider in the manner prescribed by law, and the operator shall provide the requested and available provision in compliance with its legal obligation.
• Personal data may only be accessed by persons holding relevant positions.
• The data controller hereby declares that he does not collect or process the personal data of children under the age of 14. If there is a need to process the personal data of a child under the age of 14, it is only possible to record such data with the consent of a parent or other legal representative in a duly established form. In the absence of such authorization, the personal data of the children will not be recorded (even if the service cannot be used without this).
• Video recording of racers who finish the race: The race regulation require the video recording of finishing racers. The Sport Cub may publish part or all of those recordings in the social media interface and website, and use it to promote and advertise this year and future races. The data controller informs the racer and fans about the recording of the finish.

FINAL PROVISIONS

The contents of this statement are valid from today until revoked. In case of any further questions, the staff of the Sport Club is available at all contacts.

26.01.2022, Debrecen,

Judit Kőrősi

President of Nordic Walking Debrecen Sport Club