Event Privacy Policy

Effective from: 6^th March 2025

‍

In order to make the changes of present Privacy Policy more transparent we summarize each modification in the chart below with indicating the most important changes and the date from which the changes are effective:

{{table-1}}

Thank you for attending one of our events. We would like to kindly inform you that it is our first priority to properly protect your personal data and to respect your rights related thereto.

To achieve the above goals present privacy policy (hereinafter as: “Policy”) in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter as: “GDPR”) contains all information regarding the personal data processing of

Company name: META-INF Szolgáltató Korlátolt Felelősségű Társaság

Registered seat: 1192 Budapest, Taksony utca 6. fszt. 1., Hungary

Company registration number: 01-09-170431

Tax number: 13024583-2-43

Registered by: Company Registry Court of the Metropolitan Court of Budapest

Represented by: Attila Gáspár and Tibor Hegyi managing directors individually

E-mail: info@meta-inf.hu

Telephone number: +36 30 515 4464

(hereinafter as: “Service Provider”)

with regard to the personal data provided by any third person a who attends (hereinafter referred to as the "Visitor") any online or in person events organized by the Service Provider (hereinafter referred to as the "Event"). The aim of the Policy is to give a clear picture about why, how and how long we process personal data related to the Visitors who interact with the Service Provider in connection with the Event through the website or other channels.

1. A few data privacy related definitions to better understand the Policy

Personal data

means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing

means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Controller

means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by EU or Member State law;

The controller of the Visitor’s personal data is the Service Provider

Processor

means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Third party

means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

Data forwarding

Means the disclosure of personal data to specific third parties;

Data subject

Everybody who shares personal data with the Service Provider through the Website or via other channels or whose personal data is processed by the Service Provider otherwise. For example, the Visitor who reads this Policy;

Consent of the data subject

means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Personal data breach

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

Most of the above definitions are used by the GDPR. The full text of the GDPR is available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=HU . The above list is not complete so should you need more information or explanation do not hesitate to contact us.

The Service Provider would like to inform the Visitor that during the processing it does not process or request any sensitive, genetic or biometric data (except of food intolerance).

2. Other definitions

Website

means the websites operated by the Service Provider, especially but not limited to the domain available at https://www.meta-inf.hu/en/resources/events  or any other domain where the Service Provider publishes information regarding the Events.

Visitor

for the purposes of this Policy, means collectively a person attending the Service Provider's events as a visitor or as a speaker or expert.

3. In which cases do we process personal data?

In accordance with the principles laid down by Article 5 Section (1) of the GDPR the personal data of the Visitor is processed in the following cases:

·           Browsing the Website

·           Registration and ticket purchase for Event

·           Group registration and ticket purchase for Event

·           Providing discount for Events

·           Attend an Event as a speaker or expert

·           Inquiries for service development

·           Taking photographs or video recordings at Event

·            Invoicing

·            Contact

·            Newsletter subscription

·            Placement of cookies on the Website

4. What data, for what purpose and for how long do we process?

In the cases detailed above the legal ground for processing shall be the following:

• In accordance with article 6 Section (1) Point a) of the GDPR the freely given, specific, informed and unambiguous consent of the Visitor (hereinafter as: „Consent”);
• In accordance with article 6 Section (1) Point b) of the GDPR processing is necessary for the performance of a contract to which the Visitor is party (hereinafter as: „Performance of Contract”);
• In accordance with article 6 Section (1) Point c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject (hereinafter as: „Compliance”);
• In accordance with article 6 Section (1) Point f) of the GDPR processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter as: „Legitimate Interest”);

With respect to that the Service Provider is not able to limit the amount of personal data may be sent to the Service Provider by the Visitor via any communication channel,  because the Service Provider has no influence on the Visitor who voluntarily provide personal data, therefore the Service Provider kindly ask the User to provide only the minimum information and data required by the Service Provider in present Policy when contacting the Service Provider in any way, and the Service Provider expressly and emphatically ask the Visitor to do the best to ensure that the Service Provider does not receive any data that it does not want to process.

4.1. Browsing

The Website may be freely visited and browsed by the Visitor without expressively providing any personal data to the Service Provider. However, when visiting the Website at any time, the Visitor’s computer or mobile device sends a request to the Service Provider. It is like sending a letter to which the Visitor wishes to get the content of the Website as an answer. The Service Provider (and the Website) can only answer this request if the Visitor provides his/her address. This address is the Visitor’s internet identifier address, IP address for short. The Service Provider sends the requested Website to this IP address. This is an automatic process. With respect to the IP address, we would like to inform the Visitor that the Service Provider does not handle the IP address in any way and does not log visits or IP addresses.

4.2. Registration and ticket purchase for the event

4.2.1. Attending an Event that may be attended in person  (as visitor)

The Service Provider organizes events related to the promotion of Atlassian products at various times, during which it is necessary to process the personal data of the people applying for the event in order to verify the legitimacy of their application and participation at the event and to send them information about the event. Within this scope, the Service Provider processes the following data related to events:

{{table-2}}

The Service Provider informs the Visitor that it uses - in addition to its own sales - the services of third parties for the organization of events and the sale of tickets for participation. These third-party providers are the platforms called Cooltix and Meetup, about which more information is provided in Section IX.5.1. and IX.5.2. of this Policy. Cooltix and Meetup may request additional information in addition to that provided in this section, so please read this privacy policy carefully.

In the case of events organized through Meetup, with the exception of registration data on the platform, the Service Provider is considered as data controller, and the operator of Meetup is the data processing partner of the Service Provider, through whom the Service Provider obtains the data. The Service Provider can send a message to the e-mail address provided by the Visitor via the Meetup system, and can access the Visitor’s name, the user ID of the Visitor in the Meetup system via a database that can be downloaded from the system and also whether the Visitor has responded to the Service Provider's event and if so when and the date when the Visitor has joined the group created by the Service Provider, and the link to the Use Visitor’s  Meetup profile, where he can access additional data shared by the Visitor on his / her profile.

The Service Provider sells tickets to its events also through the Cooltix. In this case except for the data necessary for registering to the Cooltix platform, the Service Provider is a controller of the Visitor’s name, e-mail address, the name of the event to which the Visitor bought tickets for and the number of tickets the Visitor bought, which is obtained by the Service Provider through Cooltix as processor.

The Service Provider processes the Visitor's phone number in order to contact the Visitor, if the Visitor has registered for an Event, to check whether the Visitor is actually attending the Event, and if the Service Provider detects that the Visitor bought a ticket that includes programs requiring registration, and which the Visitor has not yet registered, be able to draw the Visitor's attention to the need for registration to participate in the respective program.

4.2.2. Data processing related to the provision of a communication service for the Event

The Service Provider provides a separate communication channel for Visitors at its virtual events. The communication channel is provided by the Service Provider via the Slack. If the Visitor gives the consent, after providing the following data, the Service Provider will provide him/her with the possibility to participate in the communication, after a separate registration.

{{table-3}}

‍

4.3. Group registration or ticket purchase for Event

The Service Provider allows the Visitor to purchase tickets in groups for certain Events. In this case, one Visitor registers or purchases tickets for the Event on behalf of several person. For the Visitor purchasing tickets, the information provided in IV.2.1., while for the people for whom the Visitor is purchasing tickets, the following information is required:

{{table-4}}

After the above information by the guest, the Service Provider will notify the invited persons of the possibility to receive tickets for the Event at the e-mail address provided by the guest. In order for the guests to receive the tickets, it is necessary to provide additional data beyond the data detailed in this clause, which shall be the same as the data specified in clause IV.2.1. By providing the data specified in Section IV.2.1, the guests will also become Visitors, whose data will be processed by the Service Provider.

The Service Provider informs the Visitor that it is the Visitor's responsibility and liability to obtain the consent of the Service Provider to provide the above data of the guest. If the guest submits any claims against the Service Provider due to the lack of consent, the Visitor shall be obliged to indemnify the Service Provider or to compensate the Service Provider instead.

4.4. Providing discount for Events

The Service Provider wishes to reward the loyalty of the Visitor, namely the fact that the Visitor attends the Event organised by the Service Provider more than once, by offering a discount, and in order to do so and to verify that the Visitor is entitled to a discount when purchasing a ticket to the Event, in connection with which the Service Provider processes the following data.

{{table-5}}

‍

4.5. Inquiries for service development

If the Visitor purchases a ticket for an Event, the Service Provider asks for the Visitor's consent during the registration process, so that the Service Provider may contact the Visitor in connection with the Event and the services provided by the Service Provider for the purpose of service development. If the Visitor gives his/her consent, the Service Provider will process the following data.

{{table-6}}

‍

4.6. Attending an event (as speaker or expert)

{{table-7}}

If the Visitor attends the Service Provider's event as a speaker or expert, then prior to the event the Service Provider will request the Visitor’s consent to publish the personal data indicated above on the event's website.

 The Service Provider publishes the data for the purpose of promoting the event and providing information about the performers to Visitors who attend the event as visitors.

 In addition to the above, the processing of data relating to experts or speakers (as identification) is covered by the Visitor Privacy Policy.

 The Service Provider will also publish the details of the Visitor's LinkedIn profile in order to provide Visitors who register as a participant in the Event with information about the experts or speakers, but only if the Visitor who is an expert or speaker has given his/her consent.

4.7. Data processing related to providing a communication channel in case of a virtual event

The Service Provider shall also be allowed to take photos or video recordings at events, which may include the Visitor”s image. In all cases, the recordings are made for the purpose of promoting the Service Provider by presenting the event. Please note that since the recording made at the event – due to the fact that individual Visitors are not higlighted –are considered to be crowd recordings, according to Section (2) 2:48 of Act V of 2013 on the Civil Code, the Service Provider is not required to ask the Visitor’s consent for the recording and use of the image, so by attending the event, the Visitor voluntearily consents to the Service Provider creating an image and using it for promotional purposes on the website, in any publications, YouTube and other social network accounts.

{{table-8}}

‍

4.8. Invoicing

4.8.1. If the invoice about the Service is issued for a legal entity and it is required to make contact in connection with the invoice to be issued then the Service Provider processes the personal data of the person designated by the legal entity as found below.

{{table-9}}

The Service Provider processes the above personal data only if the contact person’s e-mail address contains the name of a natural person. If the contact e-mail address is general (e.g. info@example.com or finance@example.com) then the Service Provider process the data but it shall not be considered as personal data. The Service Provider draws the Visitor’s attention that if the e-mail address contains the name of a natural person the consent of the contact person to provide such data shall be obtained by the Visitor.

4.8.2. If the invoice about the counter value of using the Service shall be issued for a natural person the Service Provider process the following data.

{{table-10}}

The mandatory content of the invoice and the duration of storing is prescribed by law therefore the Service Provider process these in order to comply with its legal obligation.

4.9. Customer service

In order to provide information and support on the event, the Service Provider maintain a customer service, which may be contacted by the Visitor by e-mail or by using the contact form on the Event website.

If the Visitor contacts the Service Provider’s Customer Service by e-mail at the address support@meta-inf.hu or by using the contact form on the event’s website, the Visitor acknowledges the processing of personal data by sending the e-mail or by clicking on the “Send message” button or a similar button. In order to be able to fulfill the Visitor’s customer service requests, certain personal data must be processed. Without these, the Service Provider is not be able to complete the customer service request as the Service Provider would not be able to contact the Visitor.

‍

4.10. Newsletter subscription

The Visitor may subscribe to our notices. There are several ways to do this. The Visitor  may sign up for it at one of the Service Provider’s events by completing the form provided for this purpose or if the Visitor uses the Service Provider's software in a trial version, at the time of downloading and accepting its privacy policy and general terms and conditions and clicking on the download button the Visitor subscribes to the Service Provider’s newsletter, which lasts until the Visitor unsubscribes but until the end of the trial period as latest, unless the Visitor continue to use the product after the trial period expired, because in this case until the Visitor unsubscribe. In connection with this, the Service Provider processes the Visitor's e-mail address under the explicit consent of the Visitor until the Visitor withdraws this consent. There are several ways to withdraw the consent, for more details, see Section VI of present Policy. In addition, it is also possible to unsubscribe directly from the Service Provider's newsletters via the link at the bottom of the newsletter.

‍

‍

5. What are cookies and why we use them?

Cookies are data packages that are sent by webservers to the Visitor’s computer automatically, where they are stored – depending on the type of the cookie – for a definite period.

Cookies do not hold any security risk to the Visitor’s computer or not cause any malfunction.

In order to ensure the smooth operation of the Website, certain cookies (known as session cookies) are automatically installed on the computer when the Visitor visits the Website. The purpose of such cookies is to ensure the security of the Website, to preserve the data recorded on our online forms, to display multimedia content and to balance the traffic on the Website. Personal data collected using these cookies (in particular the IP address of the Visitor’s computer) will be processed for our legitimate interest in the safe and smooth operation of the Website for the duration of the Visitor’s stay on the Website. Closing the browser will automatically delete them from the computer.

With the Visitor’s consent given on the Website, the following types of cookies may be installed on the computer for the following purposes:

• Cookies for web analytical measurements and for statistical purposes (e.g., Google Analytics). These are important to us because the Service Provider is provided with information about the specific characteristics of the visitors (IP address, city, type of device, browser, operating system are they using, and what sub-pages the Visitor have visited on our site). the Service Provider uses these data anonymized for statistics and reports to improve the Website and the marketing strategy.

• Remarketing cookies (such as Google AdWords) allow us to analyze how the Visitor uses the Website and, consequently, to display personalized content to the Visitor, including advertising on online platforms outside our site (e.g., other websites or social media).

In addition, the Service Provider distinguishes between session-specific cookies and persistent cookies. A cookie valid for a single session only survives until the Visitor closes the browser. Permanent cookies continue to live and are not automatically deleted when browser is closed. Why do they stay there and what's good about it? Well, such persistent cookies, for example, help to make the site run faster and remembering things that the Visitor has set on the Website.

The Visitor can manage cookies in the browser’s settings. How these settings are set depends on the type of the browser.

Further information may be found on cookie settings for the most popular browsers on the following links:

Google Chrome: https://support.google.com/chrome/answer/95647?hl=hu-hu&p=cpn_cookies
Firefox:  https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak-szami
Internet Explorer / Edge: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies
Safari: https://support.apple.com/hu-hu/HT201265

If the Visitor has any further question regarding cookies, please contact the Service Provider at privacy@meta-inf.hu  where its colleagues are more than happy to help.

Further information regarding the cookies used by the Service Provider can be found at https://www.meta-inf.hu/legal-documents/cookie-szabalyzat

6. How can the Visitor withdraws the consent if the ground for processing is based on consent?

If under present Policy the legal ground of processing is the data subject's i.e., the Visitor's consent, then the Visitor has the right to withdraw this consent. Depending on the purpose of processing there are many ways to do it. The consent given at browsing can be withdrawn at any time, free of charge and without limitation by revisiting the Website and clicking on the pop-up window. In addition, if the Visitor does not have the possibility to withdraw the consent given this way, it can be withdrawn by sending a message to privacy@meta-inf.hu or in case of newsletter subscription by clicking on the "Unsubscribe" button at the bottom of the email or by sending a letter to the Service Provider's headquarters address.

Please note that the withdrawal of consent does not affect the legality of the processing prior to the withdrawal.

7. Where and how my personal data is stored?

All personal data is stored electronically on trusted secure servers. The data which is stored by the Service Provider is either on a server located within the European Union or on a server of a processor who is properly certified in relation to the processing of personal data.

The Service Provider ensures the protection of data on several levels (physically, technically and organizationally), which in each case comply with industry standards.

Notwithstanding the above, the Service Provider shall not be liable for any damage, destruction or unauthorized access to the data in the event of technical error, natural disaster, terrorist or criminal act.

8. What rights the Visitor has in connection with processing personal data?

Request for information (right to access): the Visitor may request information about the processing of the collected personal data at any time, either in person, at the Service Provider’s registered seat address, in writing by sending a registered letter or by email to privacy@meta-inf.hu.

Pursuant to Article 15 Section (1) of the GDPR, a request may include information on the data processed, their source, purpose, legal ground, duration, name and address of any processor, processing activities and the Visitor’s rights in relation to processing. In the case of data transfer, to whom and for what purpose the data have been or will be transferred.

A request for information is considered authentic if the Visitor is clearly identified by the Service Provider. If the request is sent by e-mail or post, only the e-mail sent from the Visitor’s registered e-mail address will be considered as authentic, and the Service Provider will only be able to send information to the postal address registered by it. Unless the Visitor voluntarily verify the identity otherwise thereof, the Service Provider will not be able to send information to an e-mail address or postal address that is not registered in its records in order to protect the Visitor’s privacy.

Rectification: The Visitor may at any time request the rectification, modification or amendment of the collected data in the same manner described above. The Service Provider can also do this only on the basis of a request from a credible source presented when submitting the request.

Restriction: The Visitor may request that the Service Provider restricts the processing of the personal information in particular if:

a) The Visitor argues the accuracy of the personal data we process. In this case, the limitation refers to the period during which the accuracy of the data is checked.

b) Although the legal ground for processing does not stand for us, but the Visitor is requesting the Service Provider in writing to keep them for the purpose of filing, asserting, or defending any legal claim the Visitor may have

Objection: If the Service Provider process the Visitor’s personal data on the ground of legitimate interest, the Visitor may at any time object to the processing of the Visitors personal data. In such cases, the Service Provider will review the legality of the objection and, if it is well established, the Service Provider terminate the processing of data and notify anyone to whom the personal data subject to the objection may have been previously transmitted.

Deletion (“Right to be forgotten”): The Visitor may request the deletion of the Visitor’s personal data at any time for any of the reasons set out in Article 17 Section (1) of the GDPR.

The Service Provider may refuse deletion if the processing of the Visitor’s personal data is required by law or if it is necessary to enforce thelegal claims. The Service Provider will always inform the Visitor about the refusal of the request for deletion. Once it is deleted, the data cannot be recovered.

Transfer of Personal Data (Portability): The Visitor may at any time request the Service Provider to transfer the data processed in connection with the Visitor in a structured, widely used, machine-readable format to the Visitor or to another controller.

The Service Provider kindly ask the Visitornot to exercise the above rights improperly, but only if it has a real ground or if any of the conditions set out in the GDPR actually exist.

9. To whom the Service Provider transfers personal data and who has right to access them?

The Visitor’s personal data is kept confidential and will not be disclosed to any third party except as provided below.

9.1. With respect to the organisation of the trainings:

The Service Provider uses the so called JIRA and Confluence softwares developed and distributed by the following service provider in connection with the organisation of the trainins, and the following service provider is therefore considered as the Service Provider's data processor

Name: Atlassian B.V. c/o Atlassian, Inc.
Address: 350 Bush Street San Francisco, CA 94104 USA

e-mail address:  eudatarep@atlassian.com

(hereinafter referred to as: “Atlassian”)

Atlassian may not use the above-described data for any purpose outside the performance of its duties and it makes no independent decision regarding the personal data.

Atlassian's privacy policy is available at the following link: https://www.atlassian.com/legal/privacy-policy

Atlassian takes all reasonable measures to ensure that personal data is protected by the GDPR, so Atlassian has also submitted itself to the use of provisions of the SCC. The Atlassian SCC-compliant Data Privacy Notice can be downloaded at the following link: https://www.atlassian.com/legal/data-processing-addendum

9.2. Transmission of data related to the sending of newsletters, system messages and educational or marketing materials

If the Visitor subscribed to our newsletter, either voluntarily or by using one of the Service Provider paid or free apps, furthermore if the Visitor chose to use the services detailed in Section IV.1.9. above the Service Provider will forward the Visitor’s email address to its processing partner. This processor is the Hubspot e-mail service provider through which the Service Provider sends system messages, eDMs and newsletters related to the operation of the Service.

HubSpot may not use the e-mail address or other data provided for any purpose other than the performance of its task or make any personal decision about it.

Contact details of the processor:

Name: HubSpot Ireland Limited

Address: Hubspot House, 1 Sir John Rogerson's Quay, Dublin Docklands, Dublin, D02 CR67, Ireland

Registration number: IE515723

Email: privacy@hubspot.com

Phone: +353 1 5187500

Represented by: Christian Kinnear director

Contact details of the DPO: https://preferences.hubspot.com/privacy

(hereinafter referred to as “Hubspot”)

If Hubspot transfers any data outside of the European Union, for example to its parent company HubSpot Inc., (seat: 25 First Street, 2nd Floor, Cambridge, MA 02141, USA, registration number number: 000955519, represented by: Brian Halligan director), the User’s email address and other data is protected in the same level as in Europe, in light of the European Commission's adequacy decision for EU-US data flows.

Hubspot’s privacy related documents may be found at the following links:

https://legal.hubspot.com/privacy-policy     

https://www.hubspot.com/data-privacy/gdpr/product-readiness    

9.3. Correspondence (e-mail)

The Service Provider uses Gmail a product of Google Inc. to manage correspondence by e-mail.

Name: Google Ireland Ltd

Registered seat: Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Location of Servers: Dublin, Ireland

(hereinafter as: “Google”)

Google processes EU related data within the territory of the European Union through its servers located in Dublin, Ireland. Google may not access, modify, delete, use, or otherwise manipulate Visitor related data stored on the server provided by Google.

Google provides the protection of data on multiple levels, such as physically protecting data storage servers, which are secured and supervised by security guards and technicians, it restricts access to server rooms by its employees and by providing uninterruptible power supply and other state-of-the-art infrastructure, restricting access to data, continuously monitoring its system, encryption, and firewall protection. The Google Privacy Policy is available at https://policies.google.com/privacy

9.3.2. Tracking the receipt of e-mails

If under the provisions of present Policy, the Service Provider tracks the delivery of messages, it uses the services of an external service provider called Mailtrack as a data processor, the contact details of which are as follows:

Name: The Mail Track Company S.L.
Address: Calle Córcega, número 301, ático 2a, 08008 Barcelona, Spain

Registration number: B66095670

E-mail: rivacy@mailtrack.io 

Phone number: +1 678 999 0141

Represented by: Eduardo Manchón director

Web: https://mailtrack.io/en/

(hereinafter as: “Mailtrack”)

Mailtrack is a data processor residing within the European Union, in Spain, therefore it shall comply with the provisions of the GDPR.

More information on Mailtrack’s data processing is available at: https://mailtrack.io/en/privacy

9.4. In connection with the Website:

The Service Provider operates the Website through the servers of an external service provider related to which the processor is:

Name: Amazon Web Services, Inc.

Registered seat: 410 Terry Avenue North, Seattle, WA 98109-5210, USA

E-mail: EU-privacy-DSR@amazon.com   

Phone number: +1-206-266-1000

Represented by Eva Gehlin and Barbara Scarafia directors

European server locations: London, Frankfurt, Stockholm, Paris, Dublin

(hereinafter as: “Amazon”)

Although the Service Provider use the servers of Amazon located outside the territory of the European Union, namely in the United States the User’s data is still secure and protected by the provisions of the GDPR, with respect to the European Commission’s adequacy decision for EU-US data flows.

Amazon ensures the protection of data on multiple levels, physically protecting data storage servers, its infrastructure through uninterruptible power supplies and other advanced tools, limiting access to data, continuous monitoring of its system, encryption, and finally, environmentally selecting data center locations, because Amazon set up its data centers in places where it is not exposed to nature, such as seismic activity. More information about Amazon's security solutions is available at https://aws.amazon.com/compliance/data-center/data-centers/

Amazon’s general privacy policy can be reached at: https://aws.amazon.com/privacy/  

9.5. In connection with organizing events:

We use the services of the following partners as processors in connection with the organization of events:

9.5.1. Cooltix

We use Cooltix, a service available at http://www.cooltix.hu  for the sale of tickets in connection with its events that is subject to purchasing tickets. Data of Cooltix is found below:

Name: COOLTIX Kft.

Registered seat: 1084 Budapest, József utca 3. 3/27., Hungary

Company registration number: 01-09-286080

E-mail address: ticket@cooltix.hu

Telephone number: +36-96-550-521

Represented by Kubovics Péter managing director

(hereinafter as: „Cooltix”)

The privacy policy of Cooltix is accessible at: https://support.cooltix.com/hu/articles/6912348-adatkezelesi-szabalyzat

9.5.2.   http://Meetup.com

We use the service celled Meetup available through the website of http://meetup.com  to register the application and the intention of participation and to keep records thereof for the events which do not request ticket purchase but requests registration.

Name: Meetup Inc. (member of the WeWork company group)

Registered seat: 632 Broadway 10th Floor Conference Room New York, NY 10012, USA

E-mail address: privacy@meetup.com

Represented by Scott Heiferman director

(hereinafter as: “Meetup”) 

Meetup processes the data within the US, but its processing complies with the provisions of the GDPR because it is based on them.

Meetup’s privacy policy is available at: https://help.meetup.com/hc/en-us/articles/360044422391-Privacy-Policy

9.5.3. Slack

We enable communication related to our virtual events through the application called Slack, the provider of which is:

Name: Slack Technologies Limited

Registered seat: 4th Floor, One Park Place Hatch Street Upper Dublin 2, Ireland

E-mail: privacy@slack.com, dpo@slack.com 

Represented by Allan Shim director

(hereinafter as: “Slack”) 

By giving the consent for the Service Provider to add the Visitor’s e-mail address to Our own Slack communication channel related to the event, the Visitor acknowledges that by providing e-mail address, Slack will use the the other data displayed in Visitor account (such as email address, name, Visitorname, etc.) to third parties so that they may become known to these people.

Slack's parent company (name: Salesforce) is a company registered and operating outside the European Union, but processing of data of Visitors located within the European Union takes place in in the European Union. in Ireland. If Slack processes data outside the European Union, the personal data enjoys the same protection as data processed within the EU, as Slack’s parent company is a participant of the EU-USA Data Protection Framework.

More information on processing of data by Slack is available at: https://slack.com/intl/en-hu/privacy-policy#dpa

9.6. In connection with invoicing

The Service Provider issues its invoices with one of Hungary's largest online billing system, http://szamlazz.hu . If the Visitor provides his/her own data as billing data, then as described above, since it is considered as personal data it is subject to processing by the Service Provider. Operator of http://szamlazz.hu  website as our processing partner is:

Name: http://KBOSS.hu  Kereskedelmi és Szolgáltató Kft.

Registered seat: 1031 Budapest, Záhony utca 7., Hungary

Company registration number: 01-09-303201

E-mail address: info@szamlazz.hu

Represented by: Balázs Ángyán managing director

(hereinafter as: „KBOSS”)

KBOSS has a privacy policy complying with the GDPR which is available at: https://www.szamlazz.hu/adatvedelem/

10. What third-party social media plug-ins may be found on the Website?

To receive feedback on the contents the Service Provider share on the Website and to share them what use socal media sites meaning the Service Provider uses the services (plugins) of third-party providers. The plugins are only active when the Visitor specifically click on the button to allow them to contact social media sites. The plugins of the following two social media sites can be found on the Service Provider’s website: Facebook, Twitter, LinkedIn, Meetup, YouTube

If the Visitor is logged in to any of these sites, it may occur that the Visitor’s visit on the site will be attached to the Visitor’s personal profile. If the Visitor clicks on the specific button, the Visitor’s browser will forward the relevant information directly to that social media site and store them there.

Information about the scope and purpose of the data collected, further processing of the Visitor’s data and use of the Visitor’s data by the social media provider, and the Visitor’s rights regarding personal data can be found in privacy statements of the social media providers, which are available at:

Facebook: https://www.facebook.com/policy.php

Twitter: https://twitter.com/en/privacy   

LinkedIn: https://www.linkedin.com/legal/privacy-policy

Meetup: https://www.meetup.com/privacy/

YouTube: https://policies.google.com/privacy

11. To whom and in what cases the Service Provider is obliged to disclose personal data?

The Service Provider may be requested to disclose personal data it processes to authorities in response to legal requests, like search warrants, court orders, production orders or subpoenas. These requests come from third parties such as civil litigants, law enforcement and other government authorities. The Service Provider discloses data in accordance with applicable law, the Service Provider cannot be held liable for any such transfer or any resulting consequences. The Service Provider will always inform the Visitor about the transfer if it is not prohibited by law or by the requester authority.

12. What are the responsibilities with regard to the personal data the Visitor provide?

When the Visitor provides to the Service Provider personal data, the Visitor is responsible for ensuring that the information and contributions are true and correct.

The Service Provider asks the Visitor to provide third-party data only if specifically authorized to do so by the third party. The Service Provider assumes no liability for any resulting claims.

If a third-party objects the processing of personal data by credibly verifying its identity, the Service Provider will immediately delete third-party data without notifying the Visitor. The Visitor is requested to only provide third-party personal data only if the Visitor has informed the third party of the availability of this Policy.

13. Management of Personal data breach

Personal data breach – except that is unlikely to result in a risk to the effected person – may occur will be reported to the supervisory authority within 72 hours from becoming known to us in accordance with the law, and the Service Provider will also maintain records of any breach that may occur. In the cases specified by law, we also inform Visitors concerned.

14. Data Protection Officer (DPO)

Pursuant to Article 37 of the GDPR appointment of a DPO is mandatory if:

a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;

b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or

c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.

With respect to that the Service Provider is not subject to any of the clauses above and because there is no other compelling reason to appoint a DPO the Service Provider is not appointing anyone for this position.

15. Amendment of the Privacy Policy

If the scope of the processed data, the legal ground of the processing or other circumstances change, this Policy will be amended and published in accordance with the provisions of the GDPR and the Visitor will be notified of such change given that the changes will become effective from the following day of publication, through our Website. Please be sure to read the Policy changes carefully as they contain important information about the processing of the personal data.

16. To whom the Visitor can turn to for information regarding thepersonal data or to exercise of the rights?

If the Visitor has any questions, please contact the Service Provider by email privacy@meta-inf.hu, phone +36 30 515 4464 or at 1192 Budapest Taksony utca 6. fszt 1., Hungary

The Visitor is entitled to exercise the rights related to the processing of personal data against the Service Provider as controller. If the Visitor wish to exercise such rights, the Visitor must first notify the Service Provider.

If the Visitor feel that the rights have been violated, the Visitor can complain to the National Authority for Privacy and Freedom of Information:

Name: National Authority for Privacy and Freedom of Information

Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary

Mailing address: 1363 Budapest, PO box: 9., Hungary

Phone: +36 1 391 1400

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

In the event of a dispute arising out of or in connection with this the present Privacy Policy, its breach, validity or interpretation, the Visitor may bring the dispute to the competent court under Act CXXX of 2016 on the Code of Civil Procedure (Code of Civil Procedure):

Name: Budapest District Court for the XVIII. and XIX. Districts

Address: 1191 Budapest, Kossuth tér 7/9., Hungary
Mailing address: 1703 Budapest, PO Box. 4., Hungary
Phone: +36 1 357 4333
E-mail: kispest.elnokseg@birosag.hu
Website: https://fovarositorvenyszek.birosag.hu/jarasbirosagok/budapesti-xviii-es-xix-keruleti-birosag

‍