About the processing of user personal data in connection with the operation of https://worldaquatics-budapest2024.com website (the “Website”)

In compliance with our obligation under Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (hereinafter “GDPR”), we inform you that in the course of operating the Website, we process the personal data of visitors to the Website (“Users” or “Data Subjects“) as follows.

1. NAME OF THE CONTROLLER

The operator of the Website and the controller of the personal data of the users of the Website (hereinafter referred to as the “Controller“):

National Event Management Agency Nonprofit Co. Ltd.(Company Registration Number: 01-10-142172, Tax Number: 32173174-2-41, registered office: 1054 Budapest, Garibaldi u. 2., postal address: 1054 Budapest, Garibaldi u. 2., main telephone number +36 1 896 2264, main e-mail address: info@nruevent.hu, represented by dr. Mátyás Falvai CEO)

Contact details of the Data Protection Officer of the Controller: +36 1 896 2264, info@nruevent.hu:

2. PERSONAL DATA PROCESSED IN THE COURSE OF THE OPERATION OF THE WEBSITE – DESCRIPTION OF THE SCOPE OF THE PROCESSING

• In the course of the operation of the Website, we process as technical data the IP address of the Users’ computer or mobile device and the approximate geographical location that can be inferred from it; the type, features and version number of the operating system; the type and version number of the browser;

• The Controller uses cookies in the operation of the Website in order to facilitate the operation and use of the Website, to track activity on the Website and to display relevant offers.

USE OF COOKIES

As with other websites, the Controller uses a common technology called cookies, as well as technical log files on the web server, in order to obtain information about how Data Subjects use the Website.

The use of cookies and web server log files allows the Controller to monitor the traffic on the Website and to tailor the content of the Website to the User’s personal needs.

A cookie is a small package of information (file), often carrying an anonymised unique identifier. When you visit a website, the website asks your computer for permission to store this file on a part of your computer’s hard drive that is specifically dedicated to storing cookies.

Each website you visit can send a cookie to your computer if the browser you are using is set to allow it. However, in order to protect your privacy, your browser will only allow a website to access the cookies that it has sent to your computer, i.e. a website will not access cookies sent by other websites. Browsers are usually set to accept cookies.

However, if you do not wish to receive cookies, you can set your browser to refuse to accept cookies. In this case, some elements of the Website may not function effectively when you browse the Website. Cookies cannot extract other information from your computer’s hard drive and do not carry viruses.

For a detailed description of the cookies used by the Website, their purpose and how they are used, please refer to the Website’s Cookie Notice, which appears in a pop-up window, and also provides an interactive interface to opt-out of the use of certain cookies. Please read this notice carefully before browsing the Website

• The chess matches can be followed live through the interface (widget) on the Website, which redirects to the FIDE live stream. The Data Controller provides Users with the possibility to comment during the live stream. The comment, including its content and the commenter’s profile data, will be displayed in the so-called comment section next to the stream interface.

3. PURPOSE AND LEGAL BASIS OF THE PROCESSING

For the User’s IP address (section 2.1):

According to Article 6(1)(e) of the GDPR, the processing is necessary for the performance of a task carried out in the public interest – The public task of the Controller is provided for in Articles 2(2), 3 and 4 of Government Decree 591/2022 (XII. 28.) on the designation of the National Event Management Agency as a non-profit limited company and on the definition of certain tasks.

For cookies (section 2.2): 

In the case of cookies that provide basic functionality, the purpose of the processing is to ensure the basic functions of the Website, and the legal basis for the processing is the performance of a task in the public interest pursuant to Article 6 (1) (e) of the GDPR – The public task of the Controller is provided for in Articles 2(2), 3 and 4 of Government Decree 591/2022 (XII. 28.) on the designation of the National Event Management Agency as a non-profit limited company and on the definition of certain tasks.

In the case of other cookies (statistical cookies, performance cookies, targeting cookies and advertising cookies), the purpose of use is the collection of data necessary for the provision of services available on the Website, the display of personalised content and advertisements, the production of statistics, the technical development of the IT system, and the legal basis for the processing of data necessary for the performance of a task carried out in the public interest pursuant to Article 6(1)(e) of the GDPR. – The public task of the Controller is provided for in Articles 2(2), 3 and 4 of Government Decree 591/2022 (XII. 28.) on the designation of the National Event Management Agency as a non-profit limited company and on the definition of certain tasks.

For data made public in the comments section (point 2.3):

Voluntary consent in accordance with Article 6(1)(a) of the GDPR, expressed by the User by posting his/her comments.

4. DURATION OF STORAGE OF PERSONAL DATA

Automatically recorded IP addresses (point 2.1) are stored by the Controller for a maximum of one year after their recording.

Personal data processed using cookies (point 2.2.) will be processed for a maximum of 120 days depending on the setting of the cookie, the specific date can be found in the browser menu as described in section 2.

5. CATEGORIES OF RECIPIENTS OF PERSONAL DATA

The recipients of the personal data are the following data processing companies used by the Controller:

• TRENDENCY ONLINE ZRT. (registered office: 1092 Budapest, Knézits utca 12. fszt. 3., Company registration number: 01-10-047275, Tax number:23745269-2-43)
• LOUNGE DESIGN Szolgáltató KFT. (Registered office: 1025 Budapest, Felső Zöldmáli út 72., Company Registration Number: 01-09-940287,)

6. DATA SECURITY

The Data Controller or the Data Processors shall ensure the backup of the IT data and the technical environment of the Website, operating with the necessary parameters according to the retention period of each data, thus guaranteeing the availability of the data within the retention period and permanently destroying them at the end of the retention period.

The integrity and functionality of the IT system and the data storage environment is monitored using advanced monitoring techniques, and the necessary capacities are continuously ensured. It records events in its IT environment using complex logging functions to ensure that any incidents can be detected and evidenced at a later stage.

A high bandwidth, redundant network environment is used to serve the Website at all times, ensuring that the load is distributed securely across its resources.

It ensures the disaster resilience of the IT systems used by the Controller and the Data Processors in a planned manner, and ensures business continuity and thus the continuous service of the Users by means of organisational and technical means at a high level.

The Controller and the Data Processors set high security standards for their staff, including confidentiality, and ensure compliance with these standards through regular training, and strive to operate planned and controlled workflow in their internal operations.

7. INFORMATION ON DATA SUBJECTS’ RIGHTS

The rights of Data Subjects in relation to data processing are the following:

THE RIGHT TO TRANSPARENT INFORMATION:

The Data Subject has the right to be informed of the facts and information relating to the data processing before the processing starts.

THE RIGHT OF ACCESS OF THE DATA SUBJECT:

The Data Subject has the right to receive feedback from the Controller as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access:

• the personal data processed and the category of personal data processed, the purposes of the processing
• the recipients or categories of recipients to whom the personal data have been or will be disclosed by the Controller,
• the envisaged period of storage of the personal data or, where this is not possible, the criteria for determining that period.

THE RIGHT TO RESTRICTION OF PROCESSING:

The Data Subject has the right to obtain, at his or her request, the restriction of data processing by the Controller in the following cases:

• where the Data Subject disputes the accuracy of the processing, in which case the restriction shall apply for a period of time which allows the Controller to verify the accuracy of the personal data,
• Where the data processing is unlawful and the Data Subject opposes the erasure of the data and requests instead the restriction of their use,
• where the Controller no longer needs the personal data for the purposes of the processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims,
• if the Data Subject has objected to the processing, in which case the restriction shall apply for a period of time until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the Data Subject.

THE RIGHT TO OBJECT:

The Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or where the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling. The Controller shall not, on the basis of the objection, cease processing where the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

INFORMING THE DATA SUBJECT OF A PERSONAL DATA BREACH:

If a potential personal data breach is likely to result in a high risk to the rights and freedoms of the Data Subject, the Controller shall inform the Data Subject of the personal data breach without undue delay.

THE RIGHT TO COMPLAIN TO THE SUPERVISORY AUTHORITY:

If the Data Subject has a grievance concerning the processing of his or her personal data, it is advisable to contact the Controller and submit a request to exercise the relevant data subject rights before filing a complaint in order to deal with the matter more quickly and efficiently.

At the same time, the Data Subject has the right to submit a complaint to the supervisory authority if he or she considers that the processing of personal data infringes data protection legislation. Contact details of the supervisory authority:

National Authority for Data Protection and Freedom of Information

(Nemzeti Adatvédelmi és Információszabadság Hatóság –“NAIH”)

Headquarter: 1055 Budapest, Falk Miksa utca 9-11.

Postal address: 1363 Budapest, PO Box 9.

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

E-mail: ugyfelszolgalat@naih.hu.

THE RIGHT TO AN EFFECTIVE JUDICIAL REMEDY AGAINST CONTROLLERS OR PROCESSORS:

Without prejudice to the right to a complaint, Data Subjects have the right to an effective judicial remedy by bringing a civil action if they consider that their rights have been infringed as a result of the improper processing of their personal data.

Legal proceedings shall be brought before the Metropolitan Court of Budapest, but the Data Subject may choose to bring the action before the competent court of his/her place of residence.

This Privacy Policy shall be effective from 01.08.2024.