Name and contact details of data controllers
1.1. In regard to the data processing in question
Name of data controller: Szépművészeti Múzeum (Museum of Fine Arts)
Seat: 1146 Budapest, Dózsa György út 41.
Email address: firstname.lastname@example.org
Name of data controller: Kultúra 2008 Művészeti Szolgáltató Nonprofit Kft. (Culture 2008 Art Service Nonprofit Ltd)
Seat:1146 Budapest, Dózsa György út 41.
Email address: email@example.com
Name of data controller: Szépművészeti Nonprofit Kft. (Fine Arts Nonprofit Ltd)
Seat: 1068 Budapest, Szondi utca 77.
Email address: firstname.lastname@example.org
manage your personal data in their capacity as data controllers (hereinafter: Controllers). You, a natural person identified or identifiable during data processing, will be the subject of data processing.
1.2. Controllers determine the purposes and instruments of the processing of personal data. Processing means the following operations: any operation or set of operations which are performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, segmentation, analytical processing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, as well as alignment or combination, restriction, erasure or destruction.
2. The purpose and duration of data processing
2.1. The purpose of data processing:
a) sending newsletters
b) communication based on personal preferences
c) organising prize competitions
d) voluntary work
e) Friends of the Museum membership
f) participation in events organised by the museum
2.2. The duration of data processing for each of the above purposes of data processing:
a) sending newsletters: until the revocation of the consent granted here
b) communication based on personal preferences: until revoked
c) participation in prize competitions: until the prize competition is closed
d) voluntary work: for the duration specified in the contract
e) Friends of the Museum membership: for the duration of the membership, and within a reasonable time after the termination of the Friends of the Museum membership, until the necessary notifications regarding the terminated membership are sent.
f) participation in events organised by the museum: for the duration of the event
3. The scope of data involved in the data management; the legal basis for data processing
3.1. During the data processing in question Controllers manage the following personal data:
a) sending newsletters: name, email address
b) communication based on personal preferences: name, email address, year of birth, postal code of home address, sex.
c) participation in prize competitions: name, email address, home address, year of birth
d) voluntary work: name, email address, home address, phone number, date of birth, number of ID card
e) Friends of the Museum membership:
Personal data required for the production and sending of the plastic membership card, prior to sending a notification on the expiry of the card by post, and for sending greetings at the end of the year: name, email address, home address, selected category, period of validity, amount and time of membership payment.
Personal data required for weekly programme notifications and monthly newsletters: name, email address; in the case of events including travel service, the following data can be shared with the official tour operator (as a Third Party) with special permission: type, validity and place of issuance of the travel document, type of service offered, time and place of birth, postal address.
Personal data required for signing up for events: name, email address, phone number, type of service required, time and place of birth, postal address.
f) participation in events organised by the museum: name, email address, home address, date of birth, name of minor, name and social security number of guardian (depending on the type of the museum event, one or more of the listed data is/are required).
3.2. The legal basis of the data processing is your concrete, voluntary, informed – based on the conditions stated in this information – and explicit consent. [based on the relevant provisions of Act CXII of 2011 on the right of informational self-determination and the freedom of information, and Regulation (EU) 1016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, or GDPR)].
4. The rights you as the subject of the data processing are granted
4.1. You, as the subject of data processing are granted the following rights in regard to the processing of your personal data:
4.1.1. You have the right to request Controllers to grant you access to your personal data they manage;
[Right of access makes it possible for you to receive feedback from Controllers if there is any ongoing processing operation involving your personal data, and if so, you are entitled to access your personal data and request information from Controllers about the given data processing operation.]
4.1.2. You have the right to request the correction or deletion of your personal data, as well as the limitation of such data;
[The right of correction and deletion (the “right to be forgotten”) makes it possible for you to request Controllers to correct inaccurate or incomplete data or to delete your personal data. If you request the limitation of your personal data, Controllers can limit data processing based on your request. If you contest the accuracy of your personal data, the duration of said limitation applies to the period of time required by the Controllers to verify the accuracy of said data. You have the right to request the limitation of the use of your personal data if the data processing is unlawful but you oppose the deletion of such data. You can also make such a request if Controllers no longer needs your personal data for the purpose of data processing but you want the limitation of data procession for the presentation of legal claims, their enforcement or protection.]
4.1.3. You are granted the right of data portability;
[Within the scope of the right of data portability you are entitled to receive your personal data placed at the disposal of Controllers in a structured, widely used and machine-readable format; moreover, you are entitled to forward these data to other controllers without it being prevented by Controllers. If technically possible, you can also request that Controllers directly forward your personal data to other controllers.]
4.1.4. You are granted the right to partly or fully withdraw your consent to the processing of your personal data at any time. [Please note that such withdrawal does not affect the lawfulness of data processing operations conducted based on your consent prior to withdrawal.]
4.2. You as the subject of data processing can exercise your rights specified above in point 4.1 based on existing Hungarian legislation [especially Act CXII of 2011 on the right of informational self-determination and the freedom of information] and the EU’s data protection regulations [especially Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation] in writing: either by post to Controllers’ seats specified in point 1 of this document, or electronically, via email sent to the e-mail address also specified in point 1.
5. The right to file a complaint; settling claims in court; compensation for unlawful data processing
5.1. If you believe your rights were violated during the processing of your personal data, you have the following options:
• You can directly contact Controllers by post or via email; Controllers’ contact details are specified in point 1.
• You can file a complaint with the competent supervisory authority: Nemzeti Adatvédelmi és Információszabadság Hatóság [NAIH] (Hungarian National Authority for Data Protection and the Freedom of Information). NAIH’s contact details: Seat: H-1055 Budapest, Falk Miksa u. 9-11. Phone number: +36-1-391-1400 E-mail address: email@example.com
• You can go to court if your data were unlawfully processed or if the requirements of data protection were violated. Pursuant to regulations, you can be entitled to compensation or restitution. You can find information about the scope of authority of the courts and their contact details at www.birosagok.hu
6. Information provision about task processing
6.1. During the handling of your personal data a data processor is used. The data processor is a legal entity (in this case a business organisation) handling personal data in the name of the Controller. Data processing is a technical operation performed in connection with the data controlling activity.
6.2. The Controller uses the following data processor:
Name: Városliget Ingatlanfejlesztő Zártkörűen Működő Részvénytársaság (Városliget Property Development Company Limited by Shares)
Seat: 1146 Budapest, Dózsa György út 41.
7. Publishing declarations made in connection with data processing and the obligation of data provision
7.1. You can send your requests, statements, observations and questions in regard to data processing and the contents of the present information document by post to Controllers’ seats specified in point 1 or to Controllers’ e-mail addresses, also specified in point 1.
7.2. You are under no obligation to grant your consent to the processing of your personal data. If you do not wish to give your consent for the processing of such data, it will result in the following: you will not be able to participate in Controllers’ prize competitions and you will not receive any newsletters from Controllers.
16 April 2021