Service Provider Information
Danubia Talents Art Association
Address: 1091 Budapest, Üllői út 121., 1st floor, No. 7
Tax number: 19140836-1-43
Registration number: 01-02-0017130
E-mail: info [at] danubiatalents.com (info[at]danubiatalents[dot]com)
1. Basic Definitions
1.1. Data set
The entirety of data managed in a given record.
1.2. Data processing
Any operation or set of operations performed on data, regardless of the applied method, such as collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, deletion and destruction, as well as preventing further use of the data.
1.3. Data processing (technical)
Execution of technical tasks related to data processing operations, regardless of the method or tools applied and the location of the application, provided that the technical task is performed on the data.
1.4. Data transfer
Making data available to a specific third party.
1.5. Disclosure
Making data available to anyone.
1.6. Data controller
The natural or legal person, or an entity without legal personality (in this case the Service Provider), who individually or jointly determines the purposes of data processing, makes and implements decisions regarding data processing (including the applied tool), or has such decisions implemented by the data processor.
1.7. Data marking
Assigning an identifying mark to the data for the purpose of distinguishing it.
1.8. Data processor
A natural or legal person, or an entity without legal personality, who processes data on the basis of a contract with the data controller – including contracts concluded under statutory provisions.
1.9. Data deletion
Rendering data unrecognizable in such a way that its recovery is no longer possible.
2. Data Protection and Data Security
2.1. Principles and purpose of data protection
As the data controller, the Service Provider is responsible for defining the scope of personal data related to individual users that it manages, the method of data processing, ensuring compliance with the principles set out in the Fundamental Law of Hungary and Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, ensuring data security requirements, and preventing unauthorized access, alteration, disclosure, or misuse of user data.
By registering or placing an order on the website, the User consents to the processing of their provided data in accordance with applicable laws and this Policy, as well as to receiving notifications and communications consistent with the website’s profile.
The primary purpose of processing the User’s personal data is to provide the services available on the website to the User. The Service Provider is entitled to take the necessary measures to verify the accuracy of services used by the User.
2.2. Processing of Users’ personal data
The Service Provider (data controller) processes only those personal data that are necessary and sufficient to perform its activities on this website, monitor performance, and identify the User.
For natural persons: name, birth name, residence, mother’s name, place and date of birth.
For legal entities or organizations: name, registered office, tax number, company registration number (or other registry number).
In addition to the legally required personal data, the Service Provider also processes:
- User identifier
- Registration date
- Stored search requests or preferences
- Any other data required to fulfill an order
2.3. Data processing and data transfer
Personal data of Users may be transferred, or made accessible with the User’s prior consent, to:
- The Service Provider’s collaborators to the extent necessary for performance;
- National security, defense, public safety authorities, prosecutors, investigative authorities, and courts for purposes of national security, defense, law enforcement, and prosecution of criminal offenses;
- Court bailiffs in accordance with Act LIII of 1994 on Judicial Enforcement;
- Public opinion and customer satisfaction survey companies;
- Other persons and licensees in accordance with specific legislation (e.g., Act CXIX of 1995 on the Use of Name and Address Information Serving Research and Direct Marketing Purposes).
Recipients of transferred data are subject to the same confidentiality obligations as the Service Provider.
The Service Provider must notify the User simultaneously with data transfer in cases specified under points (c)–(d).
Main purposes of processing personal data include:
- Fulfillment of application-related tasks
- Informing the User
- Notifying the User
- Conducting satisfaction surveys and opinion polls
- Responding to requests from national security, defense, public safety, judicial, and investigative bodies
2.4. Data retention period
All documents and/or data content recorded in the IT system related to the User that document an economic transaction and therefore qualify as accounting records will be stored by the Service Provider for the retention period required under applicable tax and accounting laws. These include in particular: contracts, amendments, invoices, payment receipts, and inspection or intervention records.
The Service Provider, as data controller, will delete personal data without delay if processing was not performed for the purposes defined in this Policy, or if the purpose of processing has ceased.
3. Provisions on Data Security
3.1. The Service Provider treats all information and data obtained in connection with the service and the operation of its network confidentially in accordance with applicable legal provisions. Data – except as specified in Section 2.3 – will not be transferred or made accessible to third parties.
The Service Provider takes all reasonable measures to protect personal data managed against unauthorized access, alteration, disclosure, deletion, damage, or destruction.
3.2. User rights regarding data security
Under data protection law, Users are entitled to:
- Request information about the processing of their data and access their processed personal data,
- Request correction of their personal data,
- Request deletion or blocking of their personal data (except where data retention is mandatory).
The data controller must provide written, comprehensible information on request within the shortest possible time, but no later than 30 days.
The Service Provider, at the User’s request, will provide access to the User’s own personal and billing data.
4. User Remedies
The User may request information about the data processed by the Service Provider, or by a data processor engaged by it, including their source, purpose, legal basis, duration, the name and address of the data processor, and details of its data processing activities. In case of data transfer, the User may also request information about the legal basis and recipient.
The Service Provider may only refuse to provide information in cases defined under Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information.
If information is refused, the Service Provider must notify the User in writing of the provision of law serving as the basis for refusal, and inform the User of the possibility of seeking judicial remedy or filing a complaint with the National Authority for Data Protection and Freedom of Information (NAIH).
The Service Provider is liable for damages caused to others through unlawful processing of the User’s personal data or violation of data security requirements, including damages caused by its data processor. The Service Provider shall be exempt from liability if it proves that the damage was caused by an unavoidable external factor outside the scope of data processing. No compensation is payable if the damage resulted from the intentional or grossly negligent conduct of the injured party.
5. Final Provisions
For any issues not regulated in this Policy, Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, as well as the GDPR, shall apply.
In the event of any discrepancy between this Policy and the applicable legislation, the interpretation under the legislation shall prevail.