Oświadczenie o prywatności dla uczestników obozu

Introduction:

The purpose of this Privacy Policy (hereinafter referred to as "Policy") is to provide information to people interested in the Szarvas Camp (hereinafter collectively: "Data Subjects") should be informed - in accordance with the applicable legal requirements - about the processing of their personal data collected on the szarvas.camp website, the purpose(s) and legal basis(s) of the data processing, the identity and contact details of the controller and basic information about the data processing.

The purpose of the Policy is also to inform the Data Subjects:

We endeavour to summarise the above in this Policy in an understandable and clear format so that Data Subjects can understand how the collection, storage and other processing of their personal data when visiting our website, contacting us and other data processing operations may affect their right to information self-determination and privacy.

1. Controller and identification of this website 

1.1. Controller:

JDC Hungary Foundation 

Registration number: 01-01-0012517

Tax identification number: 18942408-2-42

Registered seat: H-1075 Budapest, Síp u. 12.

Website: https://jdchungary.hu/

E-mail: info@jdchungary.hu

 

Contact details of the Data Protection Officer: 

Data Protection Office Kft. 

e-mail: contact@dataprotectionoffice.hu  

1.2. Website: the website at szarvas.camp, and the webpage and subpages accessible from it 

 

2. Basic provisions governing data processing 

2.1.    The scope of this information applies to data processing that qualifies as personal data processing during the use of the Website interface, viewing electronic content made available there, and using services.

2.2. For the purposes of this Policy:

2.2.1. User: any natural person browsing the Website, regardless of the pages or sub-pages of the Website visited;                                                                                  

2.2.2. Personal data: any information relating to an identified or identifiable natural person ("Data Subject"), such as any information about You or any other natural person, such as name, email address;

2.2.3. Controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (See point 1.1);

2.2.4. Processor: the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the Data Controller; (they are specifically identified for each purpose of data processing)


2.3. The Controller is responsible for compliance with the following principles when processing your personal data:

2.4. Our data management activities are carried out in accordance with the applicable European Union and national legislation in force, in particular: 

3. Certain data processing on the Website

3.1. Processing of Website visitor’s data

3.1.1. Data Subjects concerned

Any natural person who visits the Website.

During a visit to the Website, certain data may be automatically recorded on the server serving the Website and generated during the visit. The automatically recorded data are automatically logged by the system on entry and exit without any special declaration or action by the User. For example, the following data may be stored: IP address, browser data, visit parameters. 

3.1.2. The purpose of data processing

The purpose of the data processing is to record the visitor's data during the visit to the Website in order to identify the data subject, to monitor the operation of the Service and to prevent abuse. Without this processing, the Website would not be visible, the basic functions would not work.

3.1.3. Legal basis for data processing

The legal basis for data processing is the legitimate interest of the data controller (Article 6 (1) f) GDPR).

3.1.4. Duration for data processing

The system manages these data for the shortest period of time necessary for the provision of the Service and for the security of its operation - typically less than 1 day - after which the data is overwritten, i.e. deleted. The storage period of personal data is limited to 3 days from the date of accessing the Website.

3.1.5. Recipients of personal data / who can access personal data

The personal data provided by website users may be accessed only by employees of the Foundation whose job it is to operate the website, for the time and to the extent necessary for the performance of their duties. Personal data will not be disclosed to any other recipients, such as a third country addressee or an international organisation.

We may be approached by a court, prosecutor's office, investigating authority, infringement authority, administrative authority, the National Authority for Data Protection and Freedom of Information, and other authority(ies) authorised by law to transfer or transmit personal data in connection with data processing. 

In such cases, we will only disclose information that we are legally required to disclose and to the extent that it is strictly necessary to fulfil the request.

3.2. Newsletter service 

3.2.1. Data Subjects concerned

Website visitors, natural persons who register on the website for our newsletter service. 

The personal data processed are the subscriber's e-mail address and country, - if they provide this voluntarily: name and postal address. When you subscribe to the newsletter, your IP address, as well as the date and time of subscription, will be stored by your Internet service provider in order to investigate possible misuse of your e-mail address.

3.2.2. Purpose of data processing

Our Foundation sends direct marketing materials and newsletters containing up-to-date information to those who have voluntarily and expressly agreed to receive them in advance.

3.2.3. Legal basis for data processing

The legal basis for data processing is your explicit consent (Article 6 (1) a) GDPR).

You give your consent by clicking on the "Subscribe" button on the website after voluntarily providing the personal data required for registration.

The Data Controller will process the data until the consent is withdrawn. You may withdraw your consent at any time by sending a message to this effect to our e-mail address. If you withdraw your consent, your data will be deleted and we will no longer send you newsletters.

3.2.4. Duration for data processing

Your personal data will be processed until your consent is withdrawn, but no later than the last day of the 3rd year following the year in which your consent was given.

You may withdraw your consent at any time by sending an e-mail to contact@dataprotectionoffice.hu but the withdrawal shall not affect the lawfulness of the data processing prior to its withdrawal. If you withdraw your consent, you will no longer be entitled to receive the newsletter, and we will no longer be able to send you the newsletter.

3.2.5. Recipients of personal data / who can access personal data

The Foundation will ensure that the personal data of Data Subjects collected when subscribing to the newsletter are protected at all times from disclosure to unauthorised persons. 

The personal data provided for the purpose of registering for the newsletter service may only be accessed by employees of the Foundation performing communication and marketing tasks, also in this context, for the time and to the extent necessary for the performance of their duties. Personal data will not be disclosed to any other recipients, such as a third country addressee or an international organisation.

We may be approached by a court, prosecutor's office, investigating authority, infringement authority, administrative authority, the National Authority for Data Protection and Freedom of Information, and other authority(ies) authorised by law to transfer or transmit personal data in connection with data processing. 

In such cases, we will only disclose information that we are legally required to disclose and to the extent that it is strictly necessary to fulfil the request.

4. Processing of cookies

4.1. What are cookie-s?

Cookies are small data files placed by the browser on the user’s computer or device. Among other things, they collect information, remember users’ individual preferences, and generally make the site easier to use. Cookies by themselves do not collect any data stored on your computer or in files. Please read the following notice carefully for more information about how we collect information when you use the Foundation’s Website.

Cookies set by the website owner (in this case, JDC Hungary Foundation) are called "first-party cookies." Cookies set by parties other than the website owner are called "third-party cookies." Third-party cookies enable third-party features or functionality to be provided on or through the website (e.g., advertising, interactive content, and analytics). The parties that set these third-party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.


4.2.  Why do we use cookies?

We use first- and third-party cookies for several reasons. Some cookies are required for technical reasons in order for our Website to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Online Properties. Third parties serve cookies through our Website for advertising, analytics, and other purposes. This is described in more detail below.

 

4.3.  Your consent 

By browsing this Website, you consent to us placing cookies on your computer for the purpose of analysing how you use our Website.

 

4.4.  How can I control cookie-s?

You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services. 

The Cookie Consent Manager can be found in the notification banner on our website. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of our website may be restricted. You may also set or amend your web browser controls to accept or refuse cookies.

The specific types of first- and third-party cookies served through our Website and the purposes they perform are described in the table below.

 

4.5.  Types of cookies

4.5.1. Essential website cookie-s

These cookies are strictly necessary to provide you with services available through our Website and to use some of its features, such as access to secure areas.

Legal basis for processing: legitimate interest of the Data Controller - Article 6 (1) (f) GDPR, i.e. consent from the User is not required where the sole purpose of the use of cookies is to provide a communication over an electronic communications network or where the Data Controller as a service provider strictly needs the cookies to provide an information society service explicitly requested by the subscriber or user.

 

Name:

rc::a

Purpose: 

Used to track and analyze user behaviour to distinguish humans from bots or automated software.

Provider:

www.google.com

Service: 

reCAPTCHA View Service Privacy Policy

Country:

United States

Type:

html_local_storage

Expires in:

persistent

 

 

Name:

laravel_session

Purpose: 

Internally laravel uses laravel_session to identify a session instance for a user

Provider:

Laravel

Service: 

Laravel View Service Privacy Policy

Country:

Netherlands

Type:

server_cookie

Expires in:

2 hours

 

4.5.2. Performance and functionality cookies:

These cookies are used to enhance the performance and functionality of our Website but are non-essential to their use. However, without these cookies, certain functionality (like videos) may become unavailable.

Legal basis for the processing of data related to the operation of performance and functional cookies: visitor consent (Article 6 (1) (a) GDPR)

 

Name:

XSRF-TOKEN

Purpose: 

This cookie is written to help with site security in preventing Cross-Site Request Forgery attacks.

Provider:

szarvas.camp

Service: 

Advertiser's website domain View Service Privacy Policy

Country:

Netherlands

Type:

server_cookie

Expires in:

2 hours

 

4.5.3. Analytics and customization cookies:

These cookies collect information that is used either in aggregate form to help us understand how our Website is being used or how effective our marketing campaigns are, or to help us customize our Website for you.

Legal basis for the processing of data related to the Analytics and customization cookies: visitor consent (Article 6(1)(a) GDPR)

 

Name:

_ga

Purpose: 

Records a particular ID used to come up with data about website usage by the user

Provider:

Google Analytics

Service: 

Google Analytics View Service Privacy Policy

Country:

Netherlands

Type:

http_cookie

Expires in:

1 year 1 month 4 days

 

Name:

_gid

Purpose: 

Keeps an entry of unique ID which is then used to come up with statistical data on website usage by visitors. It is a HTTP cookie type and expires after a browsing session

Provider:

Google Analytics

Service: 

Google Analytics View Service Privacy Policy

Country:

Netherlands

Type:

http_cookie

Expires in:

23 hours 59 minutes

 

Name:

_ga_#

Purpose: 

Used to distinguish individual users by means of designation of a randomly generated number as client identifier, which allows calculation of visits and sessions

Provider:

Google Analytics

Service: 

Google Analytics View Service Privacy Policy

Country:

Netherlands

Type:

http_cookie

Expires in:

1 year 1 month 4 days

 

Name:

_gat#

Purpose: 

Enables Google Analytics regulate the rate of requesting. It is a HTTP cookie type that lasts for a session

Provider:

Google Analytics

Service: 

Google Analytics View Service Privacy Policy

Country:

Netherlands

Type:

http_cookie

Expires in:

less than 1 minute

 

4.5.4. Advertising cookies:

These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

Legal basis for the processing of data related to the operation of cookies for marketing purposes: the consent of the visitor (Article 6(1)(a) GDPR)

 

Name:

_fbp

Purpose: 

Meta (Facebook) tracking pixel used to identify visitors for personalized advertising

Provider:

Meta

Service: 

Facebook View Service Privacy Policy

Country:

Netherlands

Type:

http_cookie

Expires in:

2 months 29 days 

 

4.6.  How can I control cookies on my browser?

As the means by which you can refuse cookies through your web browser controls vary from browser to browser, you should visit your browser's help menu for more information. The following is information about how to manage cookies on the most popular browsers:

In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit:

To opt-out of being tracked by Google Analytics on websites, please visit http://tools.google.com/dlpage....

To opt-out of being tracked by Meta (Facebook) Pixel on websites, please visit https://accountscenter.faceboo..., open the Ad Preferences page and change any settings to Not Allowed, also turning off any options to use your profile information for advertising purposes.

 

4.7. What about other tracking technologies, like web beacons?

Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are tiny graphics files that contain a unique identifier that enables us to recognize when someone has visited our Website or opened an email including them. This allows us, for example, to monitor the traffic patterns of users from one page within a website to another, to deliver or communicate with cookies, to understand whether you have come to the website from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of email marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.

 

4.8. Where can I get further information?

If you have any questions about our use of cookies or other technologies, please contact us at: szarvas@jdc.org

 

5. Data processing in relation to social media pages

Social media service providers (Facebook, Instagram, etc.) have different interpretations of the data processing that takes place when they operate business pages on their platforms. This affects you in that it determines who will be the primary recipients of information about your data activities on these sites and who you can exercise your data subject rights against.

The logic behind the difference is not easy to understand, not only as a data subject but also as a business user. In order to be present on these platforms, we can only accept the different approaches of service providers, which are non-negotiable issues given their size and economic weight. The differences are summarised below.

For more information about social media activity related to the Szarvas Camp, please see the privacy policy available here: Szarvas Camp › Adatvédelmi nyilatkozat táborozóknak.

 

5.1.  Social media platforms with which we carry out so-called joint data processing

§  Facebook (Szarvas Int'l Jewish Youth Camp | Szarvas (facebook.com))

§  Instagram (Szarvas Camp (@szarvascamp) • Instagram-fényképek és -videók)

§  Twitter (twitter.com/szarvascamp)

In relation to our pages on these social media sites, we are jointly responsible with the relevant service provider for the lawful processing of personal data that results from your visit to or interaction with our pages.

Details of our data processing practices are set out in this Privacy Notice. For more information on the contact details of the service providers and details of joint processing, please click here:

·       Facebook Page analytics (provider: Meta Platforms)

https://www.facebook.com/legal...

·       Instagram (provider: Meta Platforms)

https://www.facebook.com/legal...

·       Twitter (provider: Twitter)

Controller-to-Controller Transfers (twitter.com)

If you have any questions about your personal data, your service provider will be able to provide you with information. As a data controller, we do not have access to any data relating to the user processed by the service provider in relation to these pages, beyond the visible activities (reactions, comments, shares, etc.), but only to the anonymised statistical analyses aggregated from them.

We process statistical data on the basis of our legitimate interest related to our social media presence. 

The data will be processed for as long as you remain a user of the social networking site and engage in any interaction with our site.

 

5.2.  Social media platform regarding which we are considered as sole data controller

§  YouTube ((18) SzarvasCamp - YouTube)

The YouTube service provider and our Foundation are separately responsible for the lawful processing of personal data that is generated as a result of your visit to or interaction with our site on these social platforms. Therefore, you can contact both parties in case of a question regarding data processing.

Details of our processing of your data can be found in this Privacy Notice.

The data will be processed for as long as you remain a user of the relevant social networking site and engage in any interaction with our site.

For more information on the contact details of the service provider and details of the processing carried out by the service provider, please click here:

§  YouTube (service provider: Google Ireland Limited - Google LLC)

https://policies.google.com/privacy

 

6. External organizations as independent data controllers

Other external organizations may process personal data as independent data controllers in accordance with their own privacy policies. The Controller has no control over the collection and further use of data by such other third party organizations. 

7. Data Processors

Contributors (subcontractors) that we use to provide our services may sometimes have access to your personal data in the course of their activities - for example, messages sent to us may be sent to us via our email service provider. These subcontractors therefore work in complete confidentiality and provide contractual guarantees that they will fully comply with our instructions and the applicable data protection regulations. Your data will remain under our control even if we use a data processor. 

Data processor name: DigitalOcean, LLC

Registered office: 101 6th Ave New York, NY 10013, USA

Website: www.digitalocean.com

Contact: privacy@digitalocean.com

 

Data processor name: WEBSTATION Bt.

Registered office: Makovecz Imre utca 23., 1034 Budapest, Hungary

Website: www.wst.hu

Contact: info@wst.hu

 

Data processor name: Microsoft Ireland Operations Limited Registered office: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland

Website: www.privacy.microsoft.comContact: +353 1 706 3117

8. Data security measures

8.1. Ensuring basic conditions for data security

Our Foundation fully complies with the data and confidentiality, information security and access regulations that serve the security of data, accordingly, we ensure adequate data protection by operating an IT system that meets the technical standards of the age and by taking organizational measures.

We select and operate the computing tools used for data processing in such a way that the data processed is always secure for You and other Data Subjects:

a)     access (availability),

b)    authenticity,

c)     the integrity of the data,

d)    protection against unauthorised access (confidentiality of data).

In processing the data, we ensure the information system’s:

-       privacy (taking into account the potential threats to data processing),

-       complete protection (all elements of the IT system are protected), 

-       continuity of protection (continuity of protection over time),

-       proportionality to the potential risks.

9.     Persons entitled to access the data 

We ensure that your personal data is protected from unauthorised access at all times.

We may be approached by a court, prosecutor's office, investigating authority, infringement authority, administrative authority, the National Authority for Data Protection and Freedom of Information, and other authority(ies) authorised by law to transfer or transmit personal data in connection with data processing. In such cases, we will only disclose information that we are legally required to disclose and to the extent that it is strictly necessary to fulfil the request.

10.  Your rights and means of enforcement as a Data Subject

Your right to control your personal data will be maintained for the duration of the processing. As a data subject, you have the right to access, rectify, erase or restrict the processing of your personal data, to object to the processing of your data and, in certain cases, to the portability of your data.

For details of your data subject rights, please refer to Articles 14-22 of the GDPR.

To exercise your data subject rights, please contact us using one of the contact details provided. We will respond to your request as soon as possible and at the latest within one month. No costs will be charged for the procedure to comply with your request.

If you wish to exercise your rights as a data subject, this will involve your identification and the Data Controller will need to communicate with you as necessary. Therefore, in order to identify you, you will be required to provide personal data (but the identification will only be based on data that the Data Controller already holds about you) and your request will be available in the email account of the Data Controller within the time period indicated in this notice for contacting you.

You do not need to justify the legal basis for your request, as data protection rights are a fundamental right of data subjects.

Yes, lack of identification may lead to a refusal of the application. Identification will take place to the same extent and in the same way as the data was provided.

- Do you, as the Data Subject, have to refer to your relationship with the data subject to the request?

Yes, you need to refer to your relationship with the data subject to the request. Without a clear and precise relationship, your request may be refused. 

-Place and method of application:

You, as the Data Subject, may submit your request by sending a letter to our postal address indicated in this Policy or by sending an electronic (e-mail) message to the e-mail address provided. 

As a Data Subject, you are entitled to:

·    prior information, and you may request information about the processing of your personal data and/or access to your data - in which case you will be informed whether a controller is processing personal data concerning you and, if so, the exact purposes, legal basis, scope of the data processed and the main rules of the processing (as set out in this Notice) and, upon request, we will provide you with a copy of the personal data processed; 

If your request is manifestly unfounded or excessive, in particular because of its repetitive nature, having regard to the administrative costs of providing the information or information or of taking the action requested: a reasonable fee may be charged or the act on the request may be refused.

The burden of proving that the request is manifestly unfounded or excessive lies with our Foundation as Controller.

·    access to your data: the data subject will be informed, upon request and after identification, whether or not we are processing your personal data and, if so, the details of the processing.

·    rectification of your data, i.e. the correction or rectification of inaccurate personal data relating to you, or the completion of incomplete data; 

·    deletion of your data, i.e. making the data unrecognisable in such a way that it is no longer possible to recover it;

request for cancellation may be granted if one of the following grounds applies:

The data may not be deleted if the processing is necessary for the establishment, exercise or defence of our legal claims.

·    restriction of the processing of your data, on the basis of which we will restrict the data processing at your request if one of the following conditions is met:

If the processing is restricted, such personal data may be processed, except for storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.

If a restriction is imposed, you will be informed in advance of the lifting of the restriction on processing in accordance with the applicable regulations.

The restriction of data processing may also take place independently of your request, in particular, but not limited to, in the following cases:

·    to object to a data processing activity: as a data subject, you can object at any time to the processing of personal data that we process about you on the basis of a legitimate interest. We will stop processing at your request unless the data are necessary for the exercise of our rights.

·    to data portability: as a data subject, we will send you, at your request, your personal data that we have collected and process from you, on the basis of your consent or on the basis of a contract between us, in a structured, commonly used, machine-readable format. You may also request that we transfer this data directly to another controller.

to ensure that you are not subject to automated decision-making on individual matters, including profiling.

Please note that we do not use automated decision-making or profiling in the processing of your data. 

·    in the event of a personal data breach - where it is likely to result in a high risk to your rights and freedoms - we will provide you with information about the personal data breach’s:

a)          circumstances, 

b)          effects and 

c)           measures taken to prevent it.

·    if the transfer is made outside the exceptions provided for by law, we will provide information on the legal basis and recipient(s) of the transfer upon request.


10.1. Withdrawal of consent:

In the case of data processing based on your consent, you may withdraw your consent at any time, but such withdrawal shall not affect the lawfulness of data processing based on consent prior to that date. 

11. Procedures for exercising rights in relation to data processing

Our Foundation, as the Controller, will inform you of the action taken on your request pursuant to Articles 15 to 22 of the GDPR within one month of receipt of your request at the latest, which may be extended by two months if necessary (taking into account the complexity of the request and the number of requests, pursuant to Article 12 (3) of the GDPR).

Any extension of the deadline will be notified within the time limit set for the procedure, stating the reason for the extension.

12. LEGAL REMEDIES:

SUBMITTING A COMPLAINTwe recommend that you make use of the possibility to submit a request, complaint, objection (and all related consultations) directly to us before initiating any official or judicial procedure. Our telephone number, e-mail and postal address, as well as the contact details of our Data Protection Officer, are available for the above purposes in the Introductory section of this Policy.


INITIATING A PUBLIC AUTHORITY PROCEDURE: You may, at your discretion, submit a data protection notification and initiate a public authority procedure if you believe that we have breached our obligations regarding the processing of your personal data.

The competent authority: 
National Authority for Data Protection and Freedom of Information
Address:                    1055 Budapest, Falk Miksa u. 9-11.
Postal address:                                1363 Budapest, Pf.: 9.
Telephone number:                                +36 (1) 391-1400, 
E-mail address:                            ugyfelszolgalat@naih.hu
Address of its website:                                  About the Authority - Nemzeti Adatvédelmi és Információszabadság Hatóság (naih.hu)


INITIATING A COURT PROCEDURE: If you, as a Data Subject, do not agree with our decision regarding your request or objection, or if we fail to comply with the mandatory deadline for replying, you may turn to court within 30 days of notification of the decision or the last day of the deadline. The regional court has jurisdiction to hear the case. The action may also be brought, at the option of the person concerned, before the regional court of the place of residence or domicile (for a list of courts and their contact details, please consult the following link: http://birosag.hu/torvenyszekek ).

 

If you have any questions or comments about this Policy, please contact us at the telephone number or e-mail address indicated in the Introduction to this Policy, or by letter to our postal address.

JDC Hungary Foundation

Controller