**Effective from May 25, 2022, until further notice**
This Data Processing Information expresses the firm commitment of the Bézs Egyesület to privacy rights and data protection. The Bézs Egyesület (hereinafter referred to as the Data Controller) processes personal data it obtains with the utmost care, in accordance with this Data Processing Information, the provisions of the Fundamental Law of Hungary, Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as the Info Act), and the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter GDPR).
**1. DATA CONTROLLER’S DETAILS:**
– Name of the data controller: Bézs Egyesület
– Abbreviated name of the data controller: Bézs Egyesület
– Registered office: 1068 Budapest, Benczur u. 45
– Mailing address: 1068 Budapest, Benczur u. 45
– Email address: bezs@radiobezs.hu
– Company registration number: 01-02-0016972
– Tax identification number: 19103716-1-42
**2. CUSTOMER SERVICE OF THE DATA CONTROLLER:**
The main activity of the Data Controller is the operation of Rádio Bézs online radio, and it primarily communicates with its customers and interested parties electronically via email. The Data Controller is not continuously available by phone. The designated email address for contact is: bezs@radiobezs.hu. According to Article 37 of the GDPR, the Data Controller is not obliged to appoint a data protection officer, so inquiries related to data processing can be made at the central contact email address (bezs@radiobezs.hu).
**3. VALIDITY OF THE DATA PROCESSING INFORMATION:**
This Data Processing Information is valid for all activities and processes of the Data Controller, including the operation of the current website.
**4. PHYSICAL LOCATION OF DATA STORAGE:**
The Data Controller stores all personal data in high-security-level cloud systems of the processor in point 5. The Data Controller does not store personal data on its own computers, mobile phones, or mobile data carriers. The Data Controller makes every effort to monitor the data processing of the processors associated with it and requests information regarding it.
**5. DATA PROCESSOR:**
The Data Controller uses the services of the following Data Processor in the processing of personal data:
– Hosting service provider: Wildom Kft.
– Name of the service provider: Wildom Kft.
– Registered office: 1145 Budapest, Szugló utca 9-15. 2.em.
– Company registration number: 01-09-732070
– Tax identification number: 13375999-2-42
**6. DATA PROCESSING, DATA STORAGE, SECURITY BACKUP:**
6.1. The provision of personal data is voluntary.
6.2. The Data Controller processes and stores the provided personal data in accordance with legal requirements, and except for the designated Data Processor in point 5, it does not disclose it to any third party or economic entity under any circumstances. The Data Processor regularly creates and stores security backups of the data for technical necessity.
6.3. The authenticity of the data provided by the data subject is not verified by the Data Controller.
6.4. The Data Controller does not conduct profiling based on the behavior, interests, or other data provided by interested parties, customers, visitors to the websites it operates, subscribers, or quote requesters, and does not employ automatic offer generation, classification, or decision-making.
6.7. Individuals can use the services of the Data Controller without subscribing to marketing newsletters.
**7. RIGHTS OF THE DATA SUBJECT:**
The data subject may request information about the processing of their personal data, request the correction of their personal data, and, except for mandatory data processing, request the deletion, withdrawal, and exercise of the right to data portability and objection by contacting the Data Controller at the contact details provided in point 1.
7.1. Right to information
The Data Controller takes appropriate measures to provide the data subject with all information regarding the processing of personal data according to Articles 13 and 14 of the GDPR, and any information specified in Articles 15–22 and 34 of the GDPR, in a concise, transparent, understandable, and easily accessible form, formulated in a clear and understandable manner.
The Data Controller provides this information within 14 days of submitting the request (but no later than within 1 month). The Data Controller can only deny information in cases specified by law, indicating the legal basis, and by informing about the possibility of judicial remedy or turning to the Authority.
7.2. Right to access data
The data subject is entitled to receive feedback from the Data Controller on whether the processing of their personal data is ongoing, and if such processing is ongoing, they are entitled to access their personal data and, among other things, the following information:
– the purposes of the data processing;
– the categories of personal data concerned;
– the recipients or categories of recipients to whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organizations;
– the right to lodge a complaint with the supervisory authority;
The Data Controller provides information within one month of the data subject’s request, including the above.
7.3. Right to rectification
The data subject may request the correction of inaccurate personal data processed by the Data Controller or the completion of incomplete data. The modification or completion of data can be requested by sending an electronic letter to the central email address bezs@radiobezs.hu.
7.4. Right to erasure
The data subject is entitled to request the Data Controller to delete their personal data without undue delay, in case of any of the following reasons:
– the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
– the data subject withdraws consent on which the processing is based, and there is no other legal basis for the processing;
– the data subject objects to the processing, and there are no overriding legitimate grounds for the processing;
– the personal data have been unlawfully processed;
– the personal data must be erased for compliance with a legal obligation under Union or Member State law to which the Data Controller is subject;
The registration of the withdrawal of consent is carried out by the Data Controller within 14 days.
Erasure of data cannot occur for data that the Data Controller is obligated to keep by law for legal obligations even after the withdrawal of consent.
7.5. Right to restriction and withdrawal of data processing
At the request of the data subject, the Data Controller restricts data processing if one of the following conditions is met:
– the data subject disputes the accuracy of the personal data – in this case, the restriction applies for the period that allows for the verification of the accuracy of the personal data;
– the processing is unlawful, but the data subject opposes the erasure of the data and requests the restriction of their use instead;
– the Data Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise, or defense of legal claims;
– the data subject has objected to processing – in this case, the restriction applies for the period until it is determined whether the legitimate grounds of the Data Controller take precedence over the data subject’s legitimate grounds.
7.6. Right to data portability
The data subject is entitled to receive their personal data provided to the Data Controller in a structured, commonly used, and machine-readable format, and the data subject has the right to transmit this data to another controller without the Data Controller preventing it.
7.7. Right to object
The data subject is entitled to object at any time to the processing of their personal data if:
– the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
– the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party.
In the event of objection, the Data Controller may no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
7.8. Automated decision-making, including profiling
The Data Controller does not make automated decisions based on the personal data provided by the data subject, including profiling.
**8. LEGAL REMEDIES:**
– The data subject may contact the Data Controller for any matter related to the processing of personal data using the contact details provided in point 1.
– The data subject may request information or initiate any proceedings related to the processing of personal data with the National Authority for Data Protection and Freedom of Information:
– Name: National Authority for Data Protection and Freedom of Information
– Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C
– Postal address: 1530 Budapest, Pf.: 5.
– Phone: +36 (1) 391-1400
– Fax: +36 (1) 391-1410
– Email: ugyfelszolgalat@naih.hu
– Website: http://www.naih.hu
**9. DATA SECURITY:**
The Data Controller ensures the security of personal data by taking technical and organizational measures that ensure a level of protection appropriate to the risk.
9.1. Technical measures
The Data Controller takes the following technical measures to ensure the security of data processing:
– Protection of data against unauthorized access (e.g., encryption, password protection);
– Protection of data against unauthorized disclosure (e.g., encryption, access controls);
– Protection of data against unauthorized changes (e.g., backup copies, access controls);
– Protection of data against loss (e.g., backup copies, fault-tolerant systems);
– Monitoring of the security of data processing (e.g., system logs, access logs).
9.2. Organizational measures
The Data Controller takes the following organizational measures to ensure the security of data processing:
– Training and raising awareness of employees involved in data processing;
– Ensuring the segregation of duties in data processing;
– Regularly checking and evaluating the effectiveness of technical and organizational measures.
**10. AMENDMENTS TO THE DATA PROCESSING INFORMATION:**
The Data Controller reserves the right to amend this Data Processing Information. The Data Controller informs the data subject about the amendment, and the data subject accepts the Data Processing Information in force at the time of use.
Budapest, December 14, 2023.
Bézs Egyesület