Data protection provisions
Regarding recording and use of audio and visual footage
Scope of application:
These data protection provisions pertain to the registration and participation at the Brain Bar event (hereinafter: Event) of minors and their chaperons invited to the Event by Deloitte Advisory and Management Consulting Private Limited Company, Deloitte Ltd , Deloitte CRS Ltd and Deloitte Legal Erdős and Partners Law Firm (hereinafter jointly referred to as: Deloitte Hungary).
Deloitte Advisory and Management Consulting Private Limited Company (registered office: 1068 Budapest, Dózsa György út 84/C; co. reg. no.: 01-10-044100)
Deloitte Ltd. (Registered office: 1068 Budapest, Dózsa György út 84/C, Company registration no.: 01-09-071057)
Deloitte CRS Ltd. (registered office: 1068 Budapest, Dózsa György út 84/C; co. reg. no.: 01-09-975176)
Deloitte Legal Erdős and Partners Law Firm (registered office: 1068 Budapest, Dózsa György út 84/C)
The Deloitte organisations listed qualify as one common data controller, with Deloitte Advisory and Management Consulting Private Limited Company as their common Data controller representative.As a result of this common data controller agreement, Deloitte Advisory and Management Consulting Private Limited Company is entitled to act on behalf of all Controllers, and is responsible for the appropriate notification of the involved parties and for the processing of and responding to inquiries made by the affected people/the authority.
Legal grounds for data processing:
Consent of the person affected. In the case of minors, the legal grounds for data processing is the consent of the legal representative. Consent is considered given by registration.
Purpose of data processing:
Electronic indication and registration of the intent to participate at the Event held on 30-31 May 2019, ensuring entry to and participation at the Event.
Scope of people affected:
Minors and their chaperons invited to the Event who have registered to participate at the Event.
Period of data processing:
The Data Controllers shall delete the data provided at registration within 15 (fifteen) days after the last day of the Event.
Categories of personal data processed:
- Date of birth
- E-mail address
- Phone number
- Relationship with minor
The minor accompanied by the chaperon:
- Date of birth
- Name of registering parent
- Phone number of registering parent
- E-mail address of registering parent
- T-shirt size
If the chaperon is not the registering parent:
Please note that everyone is only entitled to dispose of their own data and the data of others if authorized by legal provisions. If at registration, the parent does not register as chaperon but appoints a third person, then the consent of this third person is required for data processing by Data Controllers. If the data of a person other than the registering person are provided for the chaperon’s data, these data are handled as confidential until confirmation of the consent to data processing is received by e-mail from the e-mail address provided at registration. If such confirmation does not take place within three (3) working days from the day after the email is sent to the chaperon by the Data Controllers, the affected chaperon is immediately deleted from the Data Controllers’ register and the parent of the affected minor is informed about this via the provided contact data, and is asked to appoint a new chaperon who consents to the data processing. If this does not happen, participation of the minor at the Event cannot be ensured.
Categories of people accessing personal data:
- Employees and contributors of the Data Controllers participating in the organisation of the Event
- Organisers of the Event in order to ensure participation at the Event (they only receive the names of participants).
Scope of rights:
The registered person (hereinafter: the affected person) is entitled to the following rights regarding data processing by the Data Controllers, which may be practiced by the affected person’s legal representative until the affected person reaches the age of majority.
a. Right to the withdrawal of consent/deletion: the affected person is entitled to withdraw their consent at any time. The Data Controllers delete the affected person’s processed data within 15 (fifteen) days after consent is withdrawn.
b. Right to information (access): the affected person may request information on the processing of their data any time. Upon the affected person’s written request the Data controllers shall inform him of the data controlled, the purpose and period of data control, the addressees, the data subject’s rights, the possibility of filing a complaint.
c. Right to rectification: the affected person has the right to request the rectification or supplement of his data. The affected person is required to attach the facts and evidence to support the request of rectification.
d. Right to restriction: the affected person is entitled to request the restriction of the Data Controller’s control of his data if the accuracy of such data is doubtful. (The restriction lasts until it becomes clear whether it is necessary to precise the data or not.)
e. Right to data mobility: the affected person is entitled to receive the machine readable copy of the relevant personal data provided to the Data controller based on an inquiry requesting this, and to request that the Data Controller transfer these data to another Data Controller indicated by the affected person.
f. Right to legal remedy: If their rights are infringed, those affected may turn to the competent court of their residence, and anyone may initiate an investigation at the Hungarian National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c, mailing address: 1530 Budapest, Pf. 5., e-mail: firstname.lastname@example.org, website: https://naih.hu/) with reference to the infringement of his rights or the immediate risk of such infringement. The court shall hear the request in a priority procedure.
In response to a request pertaining to the affected person’s rights, Deloitte Advisory and Management Consulting Private Limited Company sends information about compliance with the request to the data subject in writing within 25 (twenty-five) days following its receipt.
Employees shall send any statements, comments or requests concerning the control of their personal data via postal mail addressed to Deloitte Advisory and Management Consulting Ltd's registered office at 1068 Budapest, Dózsa György út 84/C or in an e-mail message sent to the dataprivacyHU@deloittece.com e-mail address. Should you have any questions or comments regarding data processing, indicate “video recording” as the subject of your inquiry.
Budapest, 7 May 2019.