EFFECTIVE DATE: 2 January 2024

This Privacy Notice (hereinafter: the “Notice”) aims to provide comprehensive and consistent information to data subjects about all data processing activities carried out by Sansz ’98 Bt. (hereinafter: the “Controller”, “Company”) on the website swingeryours.hu (hereinafter: the “Website”), on registration forms (eu.jotform.com and www.docs.google.com), as well as on its Facebook, YouTube, TikTok, Instagram, Spotify, and Apple Podcast platforms, in line with the applicable legislation and professional guidelines.

  1. Controller

Information regarding the Controller is as follows:

  • Name: Sansz ’98 Bt.
  • Registration number: 13 06 072832
  • Registered seat: 2017 Pócsmegyer, Gödszigeti út 1.
  • Email: swingeryours@gmail.com
  • Telephone: +36 30 226 7070

  1. Principles

The proper handling of personal data in compliance with applicable rules plays a key role in the Controller’s activities. The Company is committed to processing personal data in line with data protection requirements, with due regard to the fundamental right to privacy and the protection of personal data.

III. Applicable Legislation

  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter: GDPR)
  • Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: Infotv.)
  • Act V of 2013 on the Civil Code (hereinafter: Civil Code)
  • Act CLXXV of 2011 on the Right of Association, Non-profit Status, and the Operation and Support of Civil Organizations (hereinafter: Civil Act)
  • Act C of 2000 on Accounting

  1. Definitions
  • Identifiable natural person: A natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to that natural person’s physical, physiological, genetic, mental, economic, cultural, or social identity.
  • Data subject: An identified or identifiable natural person.
  • Personal data: Any information relating to a data subject.
  • Special categories of data: Any data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health data, or data concerning a natural person’s sex life or sexual orientation.
  • Consent: A freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  • Controller: A natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of personal data processing.
  • Joint controller: A controller which jointly determines the purposes and means of processing with one or more other controllers.
  • Processing: Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, or otherwise making available, alignment, restriction, erasure, or destruction.
  • Transfer: Making personal data available to a specific third party.
  • Restriction of processing: Marking stored personal data with the aim of limiting their future processing.
  • Third party: A natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons authorized to process personal data under the direct authority of the controller or processor.
  • EEA state: A Member State of the European Union or another state party to the Agreement on the European Economic Area, as well as states whose citizens enjoy equal status under international agreements with the EU and EEA Member States.
  • Third country: Any state that is not an EEA state.

  1. Scope of Processing
  2. Contact

The Controller provides an option for data subjects to contact it via the contact section of the Website. The Controller also operates an email address for communication, where inquiries are accepted.

  1. Event registration
  • Legal basis: Consent of the data subject [Article 6(1)(a) GDPR]
  • Purpose: Registration of the data subject for events organized by the Controller.
  • Data processed: Name, email address, Facebook profile, phone number, address, date of birth, message (any additional data provided voluntarily).
  • Retention period: Until written withdrawal of consent.
  1. Enforcement of contractual claims
  • Legal basis: Legitimate interest of the Controller in enforcing contractual claims [Article 6(1)(f) GDPR].
  • Purpose: Lodging, enforcing, and defending legal claims arising from contracts.
  • Data processed: Name, contractual data.
  • Retention period: Until written withdrawal of consent.
  1. Invoicing / Donation certificate
  • Legal basis: Compliance with legal obligations [Article 6(1)(c) GDPR].
  • Purpose: Issuing invoices in full compliance with applicable laws through www.bilingo.hu; preparing and storing donation certificates in pdf format and sending them by post upon request.
  • Data processed: Name, address, bank account number, email.
  • Retention period: 10 years.

  1. Processors, Recipients, and Third Countries

The Controller does not transfer data to third parties, third countries, or international organizations, unless required by law or an authority.

The Controller uses the following processors:

  • Billing: www.bilingo.hu (data may be transferred to the National Tax and Customs Administration to the extent required, with full respect for data security).
  • Accounting: KO-BACK Kft. (registered seat: 2360 Gyál, Bercsényi utca 74.; company registration number: 13 09 063912; tax number: 10596742-2-13).

Cookies

When the data subject visits the Website, small data files (“cookies”) are placed on their device. These serve various purposes:

  • Session cookies: Necessary for browsing and using Website functions; deleted at the end of the session.
  • Analytical cookies: Collect data about usage for Website optimization; provided by Google Analytics.
  • Marketing cookies: Customize advertisements; provided by Google Analytics.
  • Preference cookies: Store user choices (e.g., cookie acceptance, sorting options).

Examples:

  • User → Legal basis: Legitimate interest; Purpose: Access for registered users; Retention: Persistent
  • firebaseLocalStorageDb#firebaseLocalStorage → Legal basis: Legitimate interest; Purpose: Chatbox functionality; Retention: Persistent

VIII. Data Security

The Controller pays special attention to meeting data security requirements. Measures implemented include:

  • Use of HTTPS protocol to protect communication.
  • Storage of personal data in a separate database.

  1. Rights of Data Subjects
  • Right to withdraw consent: Data subjects may withdraw consent at any time; this does not affect prior lawful processing.
  • Right to information: Data subjects may request written information; the Controller must respond within one month.
  • Right to rectification: Data subjects may request correction or amendment of personal data.
  • Right to erasure: Data subjects may request deletion, unless retention is required by law. Deletion is carried out within 10 working days.
  • Right to restriction: Data subjects may request restriction (e.g., for legal claims). Restricted data will be stored separately.
  • Right to data portability: Data subjects may request their personal data in a structured, commonly used, machine-readable format, and may request transfer to another controller.
  • Right to object: Data subjects may object to processing based on legitimate interest, including profiling. Processing may continue only if overriding legitimate grounds are demonstrated.

Remedies

Data subjects may contact the Controller directly with questions or rights requests.

If their rights are infringed, they may lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH, address: 1055 Budapest, Falk Miksa utca 9–11; postal address: 1363 Budapest, Pf.: 9; tel.: +36 (1) 391-1400; email: ugyfelszolgalat@naih.hu).

They may also initiate civil proceedings before the competent court of their residence (https://birosag.hu/torvenyszekek).

Dated: Budapest, 1 January 2024

On behalf of Sansz ’98 Bt.

Csanád Sereg, Managing Director