Data protection information
For participants and contributors to the International Scientific and Teaching
Course of the ESNCH
Data Controller:
ALTAGRA Business Services and Travel Agency Ltd;
Head office: 1141 Budapest, 109 Cinkotai street, ground floor 4.
Tax number: 11886747-2-42;
Company registration number: Cg. 13-09-082901
Name of data controller’s representative: Andrea Vándor, managing director
Contact details of the data controller’s representative:
E-mail: andrea.vandor@altagra.hu;
Telephone: +36 30 4025 716
INTRODUCTION
ALTAGRA Business Services and Travel Agency Ltd. (hereinafter referred to as the “Company”), as the Data Controller, has prepared this Privacy Notice (hereinafter referred to as the “Notice”) in order to provide detailed information to persons participating in and contributing to events and conferences (hereinafter referred to as the “Subjects”). The Company, as Data Controller, shall provide information on the scope of its data processing, the method, purpose and legal basis of data processing, as well as on the safeguarding of the constitutional principles of data protection, the requirements of data security, the prevention of unauthorized access to the personal data of the Subjects, the prevention of alteration and unauthorized disclosure or use of the data. Among the aforementioned, the Company declares that the Prospectus is in
compliance with the valid and applicable data protection legislation, in particular the Info. Act and the Regulation 2016/679 of the European Parliament and the Council of 27 April 2016. ) on the protection of the processing and free movement of personal data of natural persons, and
repealing Directive 95/46/EC (General Data Protection Regulation; hereinafter “GDPR”), and will process personal data solely in accordance with the provisions of this Prospectus and the Company’s Privacy and Data Security Policy (hereinafter “Privacy Policy”), which contains the details of the processing.
1. TYPE OF DATA PROCESSING
1.1 Registration
| Scope of Data Subjects | Purpose of Data Processing | Legal Basis | Consequence of Not Providing Data |
|---|---|---|---|
| Participants of events, conferences | Registration for conferences and events | Article 6(1)(b) GDPR (performance of contract) | Prerequisite for the performance of the contract |
| Speakers at events, conferences | Performance of the travel contract | Article 6(1)(b) GDPR (performance of contract) | Prerequisite for the performance of the contract |
Source of data
– Directly from the Data Subject: where he/she contracts or entrusts the Data Controller
directly
– Indirectly from the Data Subject: the Data Subject provides the data to the intermediary travel agency, legal entity (hereinafter referred to as the “Contracting Partner”), which transfers the data to the Company.
If the Company obtains the personal data from a Contracting Partner (data processing), the consent to process the data is obtained from the Contracting Partner. The Company is not responsible for the absence of consent.
The Company shall stipulate the following in the contract with the Contracting Partner:
– the contracting partner has obtained the consent and is therefore solely responsible;
– the thorough listing of the Data Subjects’ data
– if the Company transfers data to other service providers in the framework of this contract, the authorisation for the transfer of data per group of service providers (accommodation, event venue, catering, travel agents, passenger transport companies, IT and technical companies, etc.)
– the duration of the processing, which will largely last until the invoice for the service is settled after the trip.
Scope of data processed
Full name of the contracting party, telephone number, signature, personal data included in the scope of account information, personal data of individuals involved in the implementation, data relating to meals, travel document data, academic degree, date of birth, job title, medical seal number/operating licence number, workplace’s name, address, email address, mother’s name.
Data retention period
Until the end of the 5th year after the conference/event has taken place.
Data transmission
There will be no transfer of data in accordance with Articles 44-49 of the GDPR.
Recipients
Information technology service provider: rentIT Kft., 2030 Érd, Festő street 93.
Company registration number: 13-09-155650
Method of providing data, consequences
Providing data is voluntary. If you do not provide the required data, you will not be able to use the service you registrated for. If the registration process fails for any reason, the Data Controller will send a reminder e-mail to the e-mail address provided by the registrant or notify the registrant by telephone.
1.2 Photographs and videos taken at the event
| Scope of Data Subjects | Purpose of Processing | Legal Basis |
|---|---|---|
| Event participants, speakers | Event documentation via photos and videos | Article 6(1)(a) GDPR (consent) |
Scope of data processed
Photo and video recordings of the natural person.
Data retention period
Until consent is withdrawn.
Data transmission
There is no transfer of data under Articles 44-49 of the GDPR.
Addressees
The photos will be displayed by the Data Controller on its own website, publications or social
media platforms.
Source of data
The source of personal data is the natural person.
Method of data supply, consequences
The source of the data is voluntary. If you do not give your consent, you will not be shown on the photos taken at the event.
1.3 Signing the attendance sheet at the event
| Data Subjects Concerned | Purpose of Data Processing | Legal Basis |
|---|---|---|
| Event participants, speakers | Keeping of attendance sheets of participants of conferences and events, which form the basis for invoicing and other complaints. | Article 6(1)(b) GDPR, fulfilling of the contract. |
Scope of personal data
Title, first and last name, company name, signature, conference/event name, time, place.
Data retention period
Until the end of the 5th year after the conference/event has taken place
Data transmission
There will be no transfer of data in accordance with Articles 44-49 of the GDPR.
Recipients
Information technology service provider: rentIT Kft., 2030 Érd, Festő street 93.
Company registration number: 13-09-155650
Scientific organizers: European Society of Neurosonology and Cerebral Hemodynamics,
Reinacherstrasse 131, Basel, Switzerland 4053
Source of data
The source of personal data is the data registered.
Method of providing data, consequences
Provision of data is voluntary. If you do not provide the required data, we will not be able to prove that you attended the event in the event of a complaint.
1.4 Processing of data of conference/event speakers
| Data Subjects Concerned | Purpose of Data Processing | Legal Basis |
|---|---|---|
| Event participants, speakers | Processing of the data of a person participating in the conference/event as a speaker during the organisation and duration of the conference. | Article 6(1)(b) GDPR, fulfilling of the contract. |
Scope of personal data
Title, first and last name, email address, telephone number, company name, position, photo
and video recordings, name of author(s), workplace, email address.
Submission of presentations, abstracts and scientific articles will be done mainly through the registration interface or by e-mail. The author’s data are provided voluntarily. The author may also provide details of co-authors with their prior consent. The presenter acknowledges that his/her data will be included in the programme booklet, the summary volume and the proceedings. Publication may happen in printed or electronic form.
Data retention time
Until the end of the 5th year after the conference/event or until consent is withdrawn.
Data transmission
There will be no transfer of data in accordance with Articles 44-49 of the GDPR.
Recipients
Information technology service provider: rentIT Kft., 2030 Érd, Festő street 93.
Company registration number: 13-09-155650
Source of data
The source of personal data is the speaker.
Method and consequence of data provision
The provision of data is voluntary. If you do not provide the required data, you will not be able to participate in the event/conference as a speaker.
1.5 Billing
| Data Subjects Concerned | Purpose of Data Processing | Legal Basis |
|---|---|---|
| Event participants, speakers | Invoicing of the event/conference | Article 6(1)(c) GDPR, fulfilment of a legal obligation under the Act on Accounting of 2000. |
Scope of personal data
Name, address, service ordered, fee, date of invoice, payment deadline
Data retention period
Until the end of the 8th year after the invoice is issued
Data transmission
No transfer of data pursuant to Articles 44-49 of the GDPR.
Addressees
Accounting office: Kálvin Könyvelőiroda Kft., 1053. Budapest, Kálvin tér 5.
company registration number: 01 09 907282
Information technology service provider: rentIT Kft., 2030 Érd, Festő street 93.
Company registration number: 13-09-155650
Source of data
The source of personal data is the participant and speaker of the event.
Method and consequence of data supply
The provision of data is mandatory. If you do not provide the required data, we will not be able to issue an invoice.
1.6 Call for conference
Data subjects
concerned
Purpose of data processing Legal basis
| Data Subjects Concerned | Purpose of Data Processing | Legal Basis |
|---|---|---|
| Parties interested in the conference | By electronic mail or other equivalent means of individual communication in connection with the conference | Article 6(1)(a) GDPR, consent of the data subject |
Being registered in the professional database may happen via e-mail, telephone or in person. The data are provided by the interested party on a voluntary basis. The data recorded include name, place of work and e-mail address. The legal basis for data processing is the consent of the interested party. The processing lasts for the period indicated by the interested party or until the consent is withdrawn.
Scope of personal data
Name, e-mail address, name and address of place of work
Data retention period
Until consent is withdrawn.
Data transmission
No transfer of data pursuant to Articles 44-49 GDPR.
Recipients
Scientific organizers: European Society of Neurosonology and Cerebral Hemodynamics, Reinacherstrasse 131, Basel, Switzerland 4053 Parties interested in the conference
Source of data
The source of the personal data is the person interested in the conference.
Method and consequence of data supply
The provision of data is voluntary. If you do not provide the necessary data to subscribe to the newsletter, we will not be able to send you a newsletter.
2. DATA TRANSMISSION
No data is transferred to countries outside the EU.
Data may be transferred:
– Data to a court, police, prosecutor’s office, bailiff, public administration body necessary to decide on a specific case; and to a public tax authority.
– Data may also be transferred in order to exercise rights and fulfill obligations in connection with a contractual relationship in cases that cannot be specified in advance (e.g. to the tax authorities, for audits relating to the operation of the Company; to a law firm providing legal representation).
– For payment purposes, it is forwarded to the accountant by e-mail. In order to ensure
the security of your data, we have established specific guarantees for personal data in the framework of the cooperation with the accounting firm.
– In order to organise an event, data may be transmitted to: accommodation, event venues, catering units, passenger transport companies, IT companies, professional groups. These data will be transmitted by e-mail.
3. DATA PROCESSORS
In addition to the foregoing, the Data Controller will transfer data only to its contractually related co-controllers and/or processors, including only to those who are contractually bound to the Data Subject; accordingly, the Data Controller will transfer data to third parties only for the purposes and to the extent necessary to fulfill the purposes set out in this Policy.
Data processors: accountants, accommodation, event venues, catering establishments, passenger transport companies, IT companies, professional organisations.
4. AUTOMATIC DATA MANAGEMENT (including profiling)
No profiling or automated decision making will take place during the processing. In the latter context, the Company informs the Data Subjects that it does not make decisions on the conclusion of contracts based solely on automated processing. The Company does not profile any Data Subject on the basis of the available personal data.
5. EXERCISE OF RIGHTS, REMEDIES
The Data Subject may exercise his/her rights under the GDPR and the Info law throughout the entire period of data processing. The rights may be exercised subject to the legal basis.
Details of the individual rights:
| Right | Description | GDPR Article |
|---|---|---|
| Right to Information | The Data Subject has the right to be informed of the way in which personal data are processed before the processing starts. | Articles 12-14 GDPR |
| Right to Rectification | The Data Subject has the right to request the rectification of his or her personal data if the personal data held by the controller are inaccurate and can be proven to be so. | Article 16 GDPR |
| Right of Access | The Data Subject has the right to obtain from the controller the personal data held about him or her. | Article 15 GDPR |
| Right to Erasure (“Right to be Forgotten”) | The Data Subject has the right to obtain the erasure of his or her data unless processing is based on the performance of a contract, fulfillment of a legal obligation, or the exercise of official authority. | Article 17 GDPR |
| Right to Object | The Data Subject may object to the processing of his or her personal data if the legal basis is legitimate interest or the exercise of official authority. Objection does not imply immediate erasure. | Article 21 GDPR |
| Right to Restriction | If the Data Subject does not consider the Controller entitled to process their data, they can request the suspension of processing during the investigation. | Article 18 GDPR |
| Right to Data Portability | The Data Subject has the right to obtain their personal data in a digital, tabular format. | Article 20 GDPR |
| Right to Redress | If the Data Subject considers that the Data Controller has infringed applicable data protection laws, they may submit a complaint or seek legal remedies. | Varies; includes national redress provisions |
| Withdrawal of Consent | The Data Subject may withdraw consent at any time, resulting in the cessation of processing related to consent-based activities. | Applicable for consent-based processing |
| Right to Review Automated Decision-Making | The Data Subject may request a manual review of any automated processing operation with legal effects. | GDPR provisions on automated processing |
6. ACCESS TO DATA
Personal data may be accessed by competent staff of the Controller and Processors to the
necessary extent for the performance of their tasks.
7. PROTECTION OF DATA
The Company will take all reasonable steps to ensure that the data it processes is not accessible to unauthorised persons. The Data Controller shall take appropriate IT, technical and personnel measures to protect the personal data it processes against, inter alia, unauthorised access or unauthorised alteration.
Detailed information about the data protection of the conference venue – Semmelweis University Theoretical Building (1089 Budapest Nagyvárad square 4) – can be found here [GDPR information]
Budapest, 2 January 2025