City Golf & Business Club Sport Association, as Data Controller, hereby informs its customers and website visitors (hereinafter referred to as Data Subjects) that it respects the personal rights of Data Subjects, therefore it acts in accordance with the principles of GDPR during data processing. The full version of its policy in force at any time can be found at the Data Controller. The Data Controller reserves the right to change the policy due to its alignment with the legal background and other internal regulations to be amended in the meantime

Name and contact details of the data controller:

Name of the Data Controller: City Golf & Business Club Sport Association

Address: 9200 Mosonmagyaróvár, Háromtölgy u. 2.

Contact information: secratary@golfacademy.hu

Honlap: www.golfacademy.hu

 

Legal background and legal basis of data processing:

  1. Act CXII of 2011 on Informational Self-Determination and Freedom of Information
  2. Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Rules for data management and data processing:

o Personal data may be processed if it is related to the performance of a contract, must be fulfilled by a legal obligation, has a legitimate interest, is based on consent (vital interest (safety, life protection)

o The Data Controller shall process the data of the data subjects:

  1. in connection with the organisation of the life of the association

Purpose of data processing: based on registration: access to the website, association information data processing

  1. By contacting us via e-mail (website), the user acknowledges that he/she has read and accepted the Data Controller’s privacy policy, has made his/her declaration of consent, and his/her registration qualifies as consent to data processing.
  2. Data subjects: visitor to the website who sends a message or e-mail using the Contact etc. menu item.

Processed data: name, phone number, e-mail address, as well as other (unrequested) data provided by the user in the message.

  • Purpose of data processing: Ensuring the visitor’s contact with the Data Controller, requesting information, providing information
  • Legal basis for data processing: the consent of the data subject, which is given by familiarizing himself with the Privacy Policy, voluntarily providing the data of the data subject, by ticking the acceptance checkbox after getting acquainted with the Privacy Policy, and by sending the message, or in case of sending an e-mail, by sending the e-mail. Before sending the message, the Privacy Policy is available via a link.
  • Data storage period: The data provided will be deleted within 30 days of contact. Until the consent of the club member concerned is withdrawn (until his request for cancellation).
  • Recipients: who can consult this data in case of troubleshooting:

For the operation of internet services: the Data Controller uses the electronic mail service and hosting service at MAXER HOSTING Information Technology Ltd. Headquarters: 9024 Győr, Répce u. 24. Phone number: +3612579913 E-mail: info@maxer.hu Data Protection Officer: Annamária Fejes.

  • The controller does not transfer personal data to third parties and abroad.

Your rights during data processing

Within the period of data processing, you have the right to: the right of information, access, rectification,

the right to erasure, objection, restriction and the right to data portability provided by the Data Controller and Data Processor. In connection with data processing, you can inquire about the exercise of the given rights at the contact details of the Data Controller.

Provision of access: – what data we process, for what purpose, for how long do we process it; – who can receive them; – in the case of data processing outside the EU or internationally, the guarantees of data processing; – if you have not provided us with your data, from whom we received it; – the existence of automated decision-making, profiling, information about the logic involved, the significance of the processing and its consequences for you; -your rights and remedies in relation to data processing

Rectification: You have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning you or the completion of incomplete personal data.

 

Erasure: You may request the erasure of your personal data if: – the personal data are no longer necessary in relation to the purposes for which they were collected or processed -withdraw your consent to the processing and there is no other legal basis for the processing – you object to the processing and there are no overriding legitimate grounds for the processing – the personal data have been processed unlawfully – the data must be deleted to comply with a legal obligation – offered directly to children services.

We will not be able to comply with your request for erasure if the data is necessary for the establishment, exercise or defence of legal claims, or if doing so would restrict your right to freedom of expression and information, or if a legal obligation to which we are subject imposes an obligation contrary to the request for erasure.

 

Restriction: We may only store such personal data or process it with your consent (except for the establishment, exercise or defence of legal claims, protection of the rights of other persons or important public interest). If the data is not accurate, the processing is unlawful, you require it for the establishment, exercise or defence of legal claims, you object to the processing (until our legitimate interest is established).

We will inform all those to whom we have disclosed your personal data of any rectification, erasure or restriction of processing, unless this is impossible or involves disproportionate effort. A list of such recipients may be provided to you upon request.

Data portability: you have the right to receive the personal data you have provided to us, to transmit this data to another controller, if the processing is based on your consent or the performance of a contract and is carried out by automated means. Portability shall not infringe the rights and freedoms of others or the right to be erased (forgotten).

 

Objection: You may object to any data processing based on the legitimate interest (or public interest) of the Data Controller. If personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, including profiling, and we will no longer be able to process the data after your objection.

Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Unless it is necessary for the conclusion or performance of a contract between you and the Data Controller, if you expressly consent or the law allows a decision to be made in order to protect your rights and interests, however, you have the right to request human intervention from the Data Controller, to express your point of view and to lodge an objection to the decision.

The Data Subject shall have the right to be informed of a personal data breach concerning him or her.

 

Enforcement:

Your enforcement is governed by the General Data Protection Regulation (GDPR), Information Act and the Civil Code (Civil Code). In case of violation of your rights, you can turn to court or lodge a complaint with the supervisory authority (NAIH). You can lodge a complaint with the supervisory authority of the Member State where you have your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data infringes the legal framework. The supervisory authority in Hungary is the National Authority for Data Protection and Freedom of Information, with registered office at 1024 Budapest, Szilágyi Erzsébet fasor 22/C., website: www.naih.hu, phone number: +36 (1) 391-1400. You have the right to a judicial remedy against a legally binding decision of a supervisory authority concerning you, or if it does not deal with a complaint or does not inform you of the progress or outcome of the complaint within three months. Proceedings against a supervisory authority should be brought before the courts of the Member State where the supervisory authority is established.

If you have suffered damage as a result of a breach of the General Data Protection Regulation, you are entitled to compensation from the Data Controller (or processor) for the damage suffered. Legal proceedings shall be brought before the courts of the Member State where the controller (or processor) has an establishment. Such proceedings may also be brought before the courts of the Member State of your habitual residence.

 

We also inform you that in case of violation of the legal provisions on data processing or if the Data Controller has not complied with any of its requests, you may turn to court against the Data Controller Information Act Chapter VI.

The chapter headings in this Privacy Policy are for information purposes only, they are not sufficient in themselves to understand data processing.

Users are informed that electronic messages transmitted over the Internet, regardless of protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that lead to fraudulent activity, contract dispute, or disclosure or modification of information. In order to protect against such threats, the provider shall take all reasonable precautions. Systems are monitored in order to record any security deviations and provide evidence in case of any security incident. System monitoring also makes it possible to verify the effectiveness of the safeguards applied.