(Download/print the document HERE)
Privacy Policy
1. Controller
1.1. We inform you that the present website is operated by
Hatala László József ev. (sole proprietor)
Registration number: 52120453
Tax number: 68698056-1-23
Headquarters: Török u. 54., 6500 Baja, Hungary
Postal address: Török u. 54., 6500 Baja, Hungary
E-mail address: hatalal@sugoevent.hu
(Controller hereafter).
1.2. Present website:
the website available on the
https://termekfejlesztesidij.hu/
web address, the web pages and subpages available on it.
1.3. Joint data processing
Regarding the personal data related to the applications that can be uploaded on the website, the above Controller performs joint data management with the business organization that issues the call for applications announced on the website:
HUNGEXPO Budapest Kongresszusi és Kiállítási Központ Zártkörűen Működő Részvénytársaság
Short name: HUNGEXPO Zrt.
Registration number: 01-10-041503
Tax number: 10478701-2-42
Headquarters: Albertirsai út 10., 1101 Budapest, Hungary
Postal address: P.O. Box 44., 1441 Budapest, Hungary
Telefon: +36 1 263 6000
E-mail: info@hungexpo.hu
Website: https://hungexpo.hu/
(hereinafter: Controller 2).
Regarding the data processing carried out on this website, the contact tasks with the affected Users and the management of user requests are handled by László József sole proprietor.
2. Legal requirements concerning processing, scope of present policy
2.1. Controllers primarily process the data of Data Subjects based on the provisions of:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (GDPR hereafter)
(AZ EURÓPAI PARLAMENT ÉS A TANÁCS (EU) 2016/679 RENDELETE (2016. április 27.) a természetes személyeknek a személyes adatok kezelése tekintetében történő védelméről és az ilyen adatok szabad áramlásáról, valamint a 95/46/EK irányelv hatályon kívül helyezéséről (általános adatvédelmi rendelet),
- Regulation CVIII of 2001 on Electronic commercial services and services related to some aspects of information society
(az elektronikus kereskedelmi szolgáltatások, valamint az információs társadalommal összefüggő szolgáltatások egyes kérdéseiről szóló 2001. évi CVIII. törvény (Ekertv.)).
2.2. The scope of this information applies to the use of the interface of the https://termekfejlesztesidij.hu/ website (hereinafter: website) and to the data processing related to the applications uploaded through it.
2.3. Based on present policy, Users are: Based on present policy, Users are: natural persons browsing the website who are affected by the data processing, and regarding joint data processing Users who have uploaded applications on the website.
3. Processing related to operation of information technology service
3.1. Controller uses ‘cookies’ to run the website.
3.2. Controller represent a specific reference for visitors of the website: ‘Information about the use of cookies’
4. Processing related to receiving and answering messages
4.1. Data subjects involved in the processing: Users who are sending messages to the Controller by e-mail using the e-mail address(es) indicated on the website.
4.2. Legal basis of data processing: Legal basis of data processing: User’s consent according to Article 6, Paragraph (1), Point a) of the GDPR. The User gives his/her consent by sending the e-mail.
User is entitled to withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing before its withdrawal. If the User withdraws their consent before replying to the message, the Controller will not continue the exchange of messages and will not answer the previously asked questions, as it must delete the data processed on the basis of the consent.
4.3. Scope of processed data:
The following data of User who sent a message:
- name,
- e-mail address,
- subject of the message,
- content of the message.
4.4. Purpose of data processing: to ensure exchange of messages between Controller and User.
4.5. Duration of data processing: Duration of data processing: lasts until the message is answered or the User’s request is fulfilled. The Controller deletes the data processed for these purposes after responding to the message/fulfilling the request. If the exchange of information takes place with several messages on related topics, the Controller will delete the data after the completion of the exchange of information or after the fulfilment of the request.
4.6. Method of data storage: electronically, in a separate data file in the information technology system of Controller.
4.7. Consequences of failure to provide data: providing personal data is necessary to respond to the message, without providing the above data, the Controller cannot respond to the message.
5. Processing related to registration
5.1. Data subjects involved in the processing: Users registering at website.
5.2. Legal basis of data processing: based on GDPR Article 6, Paragraph (1), Point a), User’s consent.
User is entitled to withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing before its withdrawal.
5.3. Scope of processed data:
to registrate, User’s:
- surname,
- first name,
- e-mail address,
- phone number,
- password,
- name of the applicant organization,
- address of the applicant organization,
to register the consent given online:
- IP-address of the device used for subscribing,
- time of registration.
Passwords are stored with encryption codes by Controller’s system as a result of which Controller cannot learn User’s password.
5.4. Purpose of data processing: registration related to participation in a call for application announced on the website. The purpose of the processing of the personal data and contact details voluntarily provided by the User registering on the website is to enable the use of the services of the website for the User concerned and to provide the technical conditions necessary for the submission and evaluation of the application electronically.
5.5. Duration of data processing: as for registered Users, duration of processing lasts until User’s request for data deletion or until User withdraws his/her consent. Processing may finish as well in case Controller deletes User’s registration. The User may request Controller to delete his/her registration at any time, which incoming requests are handled and accomplished immediately by Controller, but within no more than 10 working days after the request arrives.
5.6. Method of data storage: electronically, in a separate data file in the information technology system of Controller.
5.7. Consequences of failure to provide data: the User cannot participate in the contest without providing the above data.
5.8. Consequences of withdrawal of consent: if the User withdraws his/her consent in the time before the evaluation of his/her application, he/she will not be able to participate in the call for application successfully.
6. Processing of data of natural persons acting on behalf of a business organization
6.1. Data subjects involved in the processing: natural person Users (or: "Representatives") acting on behalf of a business organization that establishes a relationship with the Controller on the website, registers or uploads an application.
6.2. Legal basis of data processing: According to Article 6, Paragraph (1), Point f) of the GDPR, data management is the legitimate interest of the organization (‘Business Organization’ afterwards) which is represented by User.
It is the legitimate interest of the Business Organization that establishes a relationship with the Controller to be able to ask questions and receive answers in connection with the call for application, and to be able to participate in the call for application as an applicant and in order to do so to be able to register and upload application documentation for this purpose. All these can be done through its natural person Representative.
The Controller shall process the data of the Representative exclusively within the framework of the administration, registration and evaluation of the application related to the organization it represents to the extent and for the period necessary for this purpose, and as for the scope of data it is restricted solely to the data necessary.
The exchange of information necessary for contact, registration and submission of the application cannot be carried out without the processing of the data of the Representative person, data processing is essential for the enforcement of the legitimate interest of the Business Organization.
A separate documentation is made about considering interests. Representor can ask information about how to reach it from Controller.
6.3. Scope of processed data:
Representative’s:
- name,
- e-mail address,
Furthermore, in case of registration or uploading an application:
- phone number,
- password,
- name of applicant organization,
- address of the applicant organization,
- additional data provided in the text parts of the application,
- content of the uploaded document.
Passwords are stored with encryption codes by Controller’s system as a result of which Controller cannot learn User’s password.
6.4. Source of data: normally the User. In case the data of the Representative indicated during the contacting, registration or submission of the application is not provided by him/herself, but by someone else from the Partner Business Organization, then the source of the data is the Partner Business Organization. In such case as well the Controller takes over the Data of the Representative of the Partner Business Organization in the legitimate interest of the Partner Business Organization. It is the Partner Organization’s duty to notify Representor about data processing: handing over Representor’s data to Controller.
6.5. Purpose of data processing: to establish contact, to register on the website and to enable the evaluation of the application.
6.6. Duration of data processing: regarding message exchange, until it is replied to, and/or until the Business Organization's request is fulfilled. The Controller deletes the data processed for this purpose after answering the message/fulfilling the request. If the exchange of information takes place with several messages on related topics, the Controller will delete the data after the completion of the exchange of information or after the fulfilment of the request.
In the case of registration, the duration of data processing lasts until the deletion at the request of the registered User or the withdrawal of their consent. Processing may finish as well in case Controller deletes User’s registration. The User may request Controller to delete his/her registration at any time, which incoming requests are handled and accomplished immediately by Controller, but within no more than 10 working days after the request arrives.
In case of uploading an application, the Controller shall process the processed data for 30 days after the presentation of the award. Data processing may also be terminated by the deletion of the User's registration or the fulfilment of the User's request to delete his/her registration.
6.7. Method of data storage: electronically, in a separate data file in the information technology system of Controller.
6.8. Consequences of failure to provide data: for registration, to upload the application and to maintain contact it is necessary on behalf of the Representative to provide the data necessary, it is a prerequisite for the evaluation of the application and for effective communication. If the Representative wishes to upload an application or initiates an exchange of information with the Controller, he/she is obliged to provide the above data in accordance with his/her request. In case of failure to provide data, the Controller will not be able to assess the application or answer the questions of the Representative.
7. Automated decision-making and profiling
7.1. Automated decision-making: no automated decision-making takes place during the data processing indicated in this notice. Even if automated operations occur during data processing, decisions related to data management are never made automatically.
7.2. Profiling: profiling according to the GDPR does not take place during the data processing indicated in this notice.
8. Recipients (other processors)
8.1. Scope of those affected by data transfers: Users uploading applications on the website.
8.2. Recipient of the data transfer
At the time of submitting the application, the Controller shall make the User's data available to the members of the Jury in order to enable the evaluation of the applications. As the applications of each applicant are judged by groups of different members of the jury during the judging process, it is not possible to designate the members of the jury to be appointed for each applicant in advance. Therefore, the User may request information about the recipient of the data transfer concerning his/her application through the contact details provided on the website, on which the Controller will inform all users about the data transfer concerning him/her by indicating the recipient of the data transfer in an identifiable manner.
8.3. Legal basis for data transfer: according to Article 6 (1) point f) of the GDPR, the legitimate interest of the applicant Business Organization.
It is the legitimate interest of the applicant Business Organization that independent jury members evaluate the applications in order to ensure an unbiased assessment. In order to enable the evaluation of the application, it is necessary to forward the application documents and information to the independent jury members.
8.4. Scope of transferred data: the data transfer concerns the data specified in Section 6.
8.5. Purpose of data transfer: to enable the online evaluation of applications.
9. Recipients (processors)
In order to support its data processing activities, the Controller uses certain external service providers (data processors). These service providers process personal data only in the name and based on the instructions of the Controller, in accordance with the relevant data protection laws and legal practice requirements.
Controller draws on the following businesses to process data.
9.1. Storage space service provider
9.1.1. Data subjects involved in the processing: Users visiting website, regardless of using services.
9.1.2. Controller uses
Netfabrik Korlátolt Felelősségű Társaság
Short name: Netfabrik Kft.
Headquarters: Victor Hugo u. 11. A02003/A-B. ajtó, 1132 Budapest, Hungary
Postal address: Victor Hugo u. 11. A02003/A-B. ajtó, 1132 Budapest, Hungary
Registration number: 01-09-936530
Tax number: 22629454-2-41
Telefon: +36 20 265 4047
E-mail: iroda@netfabrik.hu
Website: https://netfabrik.hu/
as website storage place provider (Data Processor hereafter).
9.1.3. Defining the scope of data involved in data processing: this potentially relates to all information mentioned in present policy, the specific data circle is defined by functions used by User according to the above chapters of specific data managements.
9.1.4. Purpose of using data processor: To ensure functioning of website in an information technological way by using electronical host and software that is necessary for it.
9.1.5. Method of data processing: it is done electronically; processing data exclusively means to provide storage space and functionality of the software that is necessary for the operation of website in an information technological way.
9.2. Website developer
9.2.1. Data subjects involved in the processing: Users visiting website, regardless of using services.
9.2.2. Data controller uses as data processor
Horváth Árpád ev.
Registration number: 39555691
Tax number: 66821607-1-26
Headquarters: Erzsébet királyné útja 50., 6782 Mórahalom, Hungary
Telefon: +36 30 347 3944
E-mail: horvatharpad89@gmail.com
sole proprietor, as the developer and maintainer of the website (hereinafter: Processor).
9.2.3. Defining the scope of data involved in data processing: this relates to all information mentioned in present policy.
9.2.4. Purpose of using data processor: To ensure functioning of website in an information technological way.
9.2.5. Method of data processing: electronically. The processing of data means only the technical operations necessary for the operation of the software of the website in the IT sense.
9.3. Data procession in connection with the software and host of electronical mails.
9.3.1. Data subjects involved in the processing: those who are marked in present notice, those with whom Data manager keeps contact via electrical mails.
9.3.2. Controller uses
Microsoft Ireland Operations Limited
Short name: Microsoft Ireland Ltd.
Registration number: 256796
Tax number: IE8256796U
Headquarters: 70 Sir Rogerson’s Quay, Dublin 2, D02R296, Ireland
Postal address: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
Telefon: +353 1 295 3826
Kapcsolat: https://www.microsoft.com/hu-hu/concern/privacy
Website: https://www.microsoft.com/hu-hu/
As Data Processor which is the developer and maintainer of the service provider of host and developer of software used for electrical mails,
and
DotRoll Számítástechnikai Korlátolt Felelősségű Társaság
Short name: DotRoll Kft.
Registration number: 01-09-882068
Tax number: 13962982-2-42
Headquarters: Fogarasi út 3-5., 1148 Budapest, Hungary
Postal address: Fogarasi út 3-5., 1148 Budapest, Hungary
Telefon: +36 1 432 3232
E-mail: support@dotroll.com
Website: https://dotroll.com/hu/
As Data Processor which is the developer and maintainer of the service provider of host and developer of software used for electrical mails (hereinafter together: Processors).
9.3.3. Defining the scope of data involved in data processing: first of all, the name and e-mail address of those concerned, secondly further data of those concerned that has been sent in electrical mails.
9.3.4. Purpose of using data processor: to ensure functioning electrical mails.
9.3.5. Method of data processing: electronically. The processing of data means only ensuring the functionality of the storage space and software necessary for the operation of electronic mail in the IT sense.
9.4. The Controller does not use any other Processors than the Processors indicated in this notice, and does not transfer personal data to further Recipients. If it becomes necessary in court or in other official proceedings, the Controller provides the necessary personal data at the request of the acting person or entity.
10. Data protection, data safety
10.1. Controller assures the safety of data and through technical and organizational actions, as well as internal rules of procedure ensures that laws and other data and secret protection rules are kept. Controller protects data especially against illegal access, change, forwarding, making public, deletion or effacement of data, moreover, it protects against accidental effacement and damage, as well as inaccessibility of data as a result of change in applied technology.
10.2. Processing takes place to reach articulated and legal goals described in present policy to a necessary and proportional degree, based on relevant laws and recommendations, keeping appropriate safety measures.
10.3. In order to achieve these, Controller uses “https” protocol to reach the website, through which web communication can be encrypted and individually identifiable. Controller stores information in encrypted data stocks on separate lists insulated from each other based on processing goals to which certain Controller employees – performing tasks indicated in present policy – have access to, who have to protect data and it is their responsibility to handle this policy and relevant laws in an appropriate manner.
10.4. The Controller concludes a data processing contract with the data processors it uses with mandatory content to comply with the relevant legislation and to guarantee an adequate level of data security.
10.5. Passwords are stored with encryption by Controller’s system as a result of which Controller cannot learn User’s password.
11. User’s rights concerning data processing
11.1. Right to information
11.1.1. By reading this data processing information, the User can find out about data management at any time. Verbal information can also be provided at the User's request, provided that the User's identity has been verified in another way. The User may request information during and after being involved in data management. The information covers all essential details of data processing, as well as the method of exercising the User's rights. Upon the User's request, the Controller will also inform the User of the measures taken based on the User's requests - or of the reason for their failure, indicating the forums available for presenting the complaint.
11.1.2. Providing information is free of charge. If User’s request is obviously unfounded, or – especially for its repeated nature – exaggerated, Controller
a) might charge a reasonable price, or
b) might deny taking actions based on request,
considering data requested, or administrative costs of measures to be taken to fulfil request.
11.1.3. As soon as possible from the submission of the request (without undue delay), but within one month at the latest, the Controller shall provide the access described above.
11.2. Right to access
11.2.1. The User has the right to access the data processed about him. In the event of such a request, the Controller shall inform the User of whether data processing is in progress with regard to the User's personal data, as well as of all relevant circumstances related to the specific data processing.
11.2.2. Pursuant to the right of access, the User may request a copy of his personal data managed by Controller, which the Controller will provide free of charge for the first time. For additional copies, Controller calculates a reasonable fee based on administrative costs.
11.2.3. The copy is provided by Controller in a widely used electronic format, unless the User requests otherwise.
11.2.4. As soon as possible from the submission of the request (without undue delay), but within one month at the latest, the Controller shall provide the access in accordance with the above.
11.3. Right to correction
11.3.1. The User has the right to request that the Controller correct inaccurate personal data relating to him/her without undue delay.
11.3.2. Considering the goal of processing, User has the right to ask for completing their missing personal data – for example through an additional declaration.
11.3.3. At the user's request, Controller shall correct without undue delay or, in justified cases, supplement inaccurate personal data relating to him/her.
11.4. Right to cancellation
11.4.1. The User has the right to request that Controller delete personal data concerning him/her without undue delay, and the Controller is obliged to delete personal data concerning the User without undue delay if one of the following reasons exists:
a) personal data is no longer needed for reasons they were recorded, or were handled differently;
b) User withdraws their consent to processing, and there are no other legal bases for it (of the data processing that is the subject of this information, it only exists in the case of data processing performed on the basis of legitimate interest, presented in the following chapters:
4. Processing related to receiving and answering messages;
5. Processing related to registration;
c) User objects to processing and there are no prior rightful reasons for processing (of the data processing that is the subject of this information, it only exists in the case of data processing performed on the basis of legitimate interest, presented in the following chapters:
3. Technical data processing related to ensuring the operation of information technology services based on legitimate interest;
6. Processing of data of natural persons acting on behalf of a business organization;
8. Recipients (other processors));
d) personal data was processed illegally;
e) personal data must be deleted to fulfil legal obligations claimed by European Union or member state laws.
11.4.2. The Controller is not obliged to delete the data necessary for the submission, validation and protection of legal claims, even in the event of a request from the User, nor those whose treatment is necessary to protect the vital interests of the User or other natural person, or to fulfil an obligation under EU or member state law applicable to the Controller. By default, however, after the retention period has expired, the Controller deletes the data without a request.
11.5. Right to limitation of processing
11.5.1. At the User's request, the Data Manager limits data processing if one of the following is met:
a) User disputes accuracy of personal data, in this case limitation exceeds for the period that enables Controller to check the accuracy of personal data;
b) processing is illegal, and User objects against deleting their data and asks for limitation of use;
c) Controller does not need personal data for processing, however, concerned party lays claim to them in order to propose, realize or protect legal demands; or
d) User objected to data management; in this case, the restriction applies to the period until it is determined whether the legitimate interests of the Controller take precedence over the legitimate interests of the User (of the data processing that is the subject of this information, it only exists in the case of data processing performed on the basis of legitimate interest, presented in the following chapters
3. Technical data processing related to ensuring the operation of information technology services based on legitimate interest;
6. Processing of data of natural persons acting on behalf of a business organization;
8. Recipients (other processors)).
11.5.2. If data management is subject to restrictions, such personal data, with the exception of storage, will only be processed by the Controller with the consent of the User, or to submit, enforce or defend legal claims, or to protect the rights of other natural or legal persons, or in the important public interest of the European Union or a member state.
11.5.3. The Controller informs the User, who contested the accuracy of the personal data, and the data processing was restricted based on this, of the lifting of the data processing restriction in advance.
11.6. Notification obligation related to the correction or deletion of personal data, or the limitation of data processing
Controller informs the User and all those recipients that are provided with information about the correction, limitation and deletion. Notification might be neglected if it seems to be impossible, or requires unreasonable efforts. Controller informs User on demand about these addressees.
11.7. Right to portability of data
11.7.1. User has the right to get personal data about themselves in an articulate, widely used format, readable on devices, furthermore, has the right to forward these pieces of information to another Controller without the obstruction of Controller that has User’s data according to User’s consent, if:
a) processing is based on User’s consent or contract concluded with him/her; and
b) processing is automatized.
11.7.2. Among the data processing that are the subject of this information, the data processing presented in the following chapters meet the above conditions, so the right to data portability can be exercised with regard to them:
a) completed on the basis of consent:
4. Processing related to receiving and answering messages
5. Processing related to registration
11.7.3. Practising the right to portability of data, User has the right – if it is technically practicable – to ask Controllers to forward information between each other directly.
11.8. Right to objection
11.8.1. User may object to the processing of his/her personal data based on legitimate interest at any time for reasons related to his/her own situation.
11.8.2. In such cases, Controller can handle personal information any longer only if Controller proves that there are obligatory rightful reasons for processing, having priority over User’s interests, rights and freedoms, or reasons that are related to proposal, enforcement or defence of legal demands.
11.8.3. Among the data processing that are the subject of this information, the User can exercise his right to protest with respect to the data processing presented in the following chapters on data processing carried out with the legal basis of legitimate interest:
3. Technical data processing related to ensuring the operation of information technology services based on legitimate interest;
6. Processing of data of natural persons acting on behalf of a business organization;
8. Recipients (other processors).
12. Fulfilling of User’s requests
12.1. Controller offers notification and taking actions for free, as described in Point 11. If User’s request is obviously unfounded, or – especially for its repeated nature – exaggerated, Controller
a) might charge a reasonable price, or
b) might deny taking actions based on request,
considering data requested, or administrative costs of measures to be taken to fulfil request.
12.2. Controller informs User without any unreasonable delay, but maximum one month after receiving the request about actions that has been taken, including issuing copies of data. If necessary, considering the complexity of request and numbers of requests this deadline can be made longer with additional two months. Controller informs User about elongation of deadline together with indicating reasons of delay within one month after receiving the request. If concerned User sends their request electronically, Controller provides information electronically, except when concerned User asks for it in a different way.
12.3. If Controller does not take any steps as reaction to User’s request, without delay but within maximum of one month after receiving the request, Controller informs User about reasons why there have been no actions taken, and about the possibility of filing a complaint at Authority mentioned in Point 13 and can have the right to legal remedy described there as well.
12.4. User can hand in their request to Controller in any way that identifies them. Identifying Users who hand in a request is necessary because Controller can deal with only those requests that are entitled. If Controller has justified doubts about the identity of natural person handing in a request it can ask for other pieces of information to assure the identity of concerned User.
12.5. User can send their requests to Controller to the address Török u. 54., 6500 Baja, Hungary or to the e-mail address hatalal@sugoevent.hu Controller considers requests sent in e-mail genuine only if it was sent from an e-mail address registered at Controller’s database. However, using another e-mail address does not mean in observance of such requests. Time of receiving e-mails is the first day after the e-mail was sent.
13. Prosecution of rights
Concerned parties may practice their prosecution of rights in front of a jury and also can turn to the National Authority for Data Protection and Freedom of Information:
Nemzeti Adatvédelmi és Információszabadság Hatóság
(National Authority for Data Protection and Freedom of Information)
Address: Falk Miksa u. 9-11., 1055 Budapest, Hungary
Postal address: P.O. Box 9, 1363 Budapest, Hungary
Telephone: +36 1 391 1400
E-mail: ugyfelszolgalat@naih.hu
Website: https://www.naih.hu/
If the User is located in another Member State of the European Union, he or she may obtain information about the competent authority of his or her place of residence and its contact details here.
In case choosing a process involving a courthouse, the lawsuit – based on concerned User’s choice – can be initiated at the courthouse in concerned person’s residence or place of stay, as courthouses are competent in confiscation of such a lawsuit.
14 September 2025
Hatala László József ev.