Deloitte Legal Göndöcz and Partners Law Firm (registered seat: 84/C Dozsa Gyorgy Road, Budapest, 1068, Hungary) undertook to execute for the European Bank for Reconstruction and Development (registered seat: One Exchange Square, London EC2A 2JN, United Kingdom, hereinafter referred to as „Client”) the „Foundation of Hungary’s Sustainable Capital Market Strategy and Action Plan” project (hereinafter referred to as „Project”) and as part of the Project to organize and perform the „Sustainable Capital Markets Conference” online conference (hereinafter referred to as „Conference”) held on 20 October, 2021.
This data privacy notice shall govern the processing of data related to the Conference by Deloitte Legal Göndöcz and Partners Law Firm (registered seat: 84/C Dózsa György Road, Budapest, 1068, Hungary, hereinafter referred to as “Data Controller”).
Processed personal data categories:
In relation to the person who registeres to the Conference (hereinafter referred to as „Data Subject”):
Name; e-mail address; telephone number; Employer organization’s name, position held in Employer organization.
To organize and perform the Conference; to register the registration in order to provide the participation of the Data Subject; liaison with the Data Subject in relation to the Conference.
Personal data is disclosed to Client and the Hungarian National Bank (registered seat: 9 Szabadsag Square, Budapest, 1054, Hungary) who participates in the Project.
Deloitte Advisory and Management Consulting Private Limited Company, Dozsa Gyorgy ut 84/C, 1068 Budapest, Hungary (company registration number: 01-10-044100);
Deloitte CE Business Service Sp. z o.o., Al. Jana Pawla II 22, 00-133 Warsaw, Poland;
Deloitte Central Europe Service Centre s.r.o., Italská 2581/67, 120 00, Prague 2 – Vinohrady, Czech Republic;
Deloitte CZ Services s.r.o., Italská 2581/67, 120 00, Prága 2 – Vinohrady, the Czech Republic;
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA;
Maileon – WANADIS Kft. (153 Budaorsi Road, Budapest, 1112, Hungary);
The above mentioned Data Processors provide IT related services.
Consent of the data subject, which may be withdrawn anytime. The withdrawal shall not affect the lawfulness of processing based on consent before withdrawal.
The data will be processed until the consent is withdrawn. Please note that without processing the Data Subject’s personal data the participation in the Conference cannot be provided, so if the consent is withdrawn, further participation is not provided.
In the absence of such withdrawal the retention period of the personal data is 6 (six) months from the day of the Conference. The personal data will be permanently deleted after the end of the term.
Security of data processing:
The Data Controller and data processors shall establish technological, physical, administrative and procedural safeguards all in line with the industry accepted standards in order to protect and ensure the confidentiality, integrity or accessibility of the personal data processed; prevent the unauthorized use of or unauthorized access to the personal data or prevent a personal data breach (security incident) in accordance with Deloitte CE instructions, policies and applicable laws. In case where the data processing include the transfer outside of the European Union (EU) the transfer is based on EU approved standard contractual clauses, thus ensuring an adequate level of personal data protection as required by the applicable data protection laws.
Data subject rights:
Data subjects have the following rights regarding data processing by the Data Controller:
a. Right to information: Data Subjects may request information at any time on the processing of their personal data. At the Data Subject’s written request, the Data Controller shall inform the Data Subject of which of his/her data the Data Controller is processing, the purpose and duration of data processing, the addressees, the data subject’s rights, as well as his/her option of filing a complaint.
b. Right to access: The Data Subject may access to his/her personal data, also request copy of the personal data
c. Right to rectification: Data Subjects may at any time request the rectification or completion of their data.
d. Right to erasure: Data Subjects may request the erasure of their data, if
i. the data processing is no longer necessary, or
ii. their data are unlawfully processed.
e. Right to withdraw consent: Data Subjects may at any time withdraw their consent. The Data Controller must delete the data or render them irreversibly unidentifiable.
f. Right to request the restriction of data processing,
a. if the accuracy of the data is disputed (the restriction applies until it is established whether it is indeed or it is not necessary to clarify the data),
b. if the data processing is unlawful, and the Data Subject objects to their deletion and requests their restriction instead,
c. if the Data Controller has no longer any use of the data for the defined purpose, but the data subject needs them for filing, asserting or protecting legal claims.
g. Right to data portability: upon request, the Data Subject is entitled to receive his/her personal data provided to the Data Controller in a machine readable format and/or request that the Data Controller transfer these data to another data controller assigned by the Data Subject
In response to a request for the exercise of the Data Subject’s rights, the Data Controller shall notify the Data Subject, in writing within 30 (thirty) days of receipt of the request. The Data Subjects shall send any statements, comments or requests concerning the processing of their personal data via postal mail addressed to the registered office of the Data Controller at 1068 Budapest, Dózsa György út 84/C or in an e-mail message sent to the dataprivacyHU@deloittece.com e-mail address. Should you have any questions, requests or comments regarding the data processing, please indicate “Sustainable Capital Markets Conference” sas the subject of your inquiry.
Right to legal remedy: Upon the infringement of their rights, Data Subjects may turn to the regional court with competence at their address or place of residence, and anyone may request an investigation by the Hungarian National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa Street 9-11., mailing address: 1363 Budapest, Pf. 9., e-mail: firstname.lastname@example.org, website: https://naih.hu/) with reference to an infringement of their rights or the immediate risk thereof. The regional court shall give such request priority and hear the procedure as a matter of urgency.