We kindly ask you to read carefully this information about data processing, in which our company informs its website visitors and application- or webinar users about processing and protecting data, and about the right of the data’s subject. If you are under 18, please read this information with your legal representative.
In case of any questions or comments, please contact us: diamond@diamond-congress.hu, phone: +36 1 2250210.
Let us introduce ourselves: whom you process your personal data and how you can contact us.
Diamond Congress Ltd. (seated: 1012 Budapest, Vérmező út 8, central and head office: 1015 Budapest, Csalogány utca 28.) is a Hungarian resident business company providing conference organizing services as core activity for more decades. Since 2020 beside the traditional face to face events our conferences are organized online through applications as well.
Company data:
Diamond Congress Ltd.
Seat: HUNGARY, 1012 Budapest, Vérmező út 8. II/4/a
Contact address and central office: HUNGARY, 1015 Budapest, Csalogány utca 28.
Reg.Nr: 01-09-362509
EU VAT number: HU10946130
Contact details: diamond@diamond-congress.hu, +3612250210, www.diamond-congress.hu
Represented by: Attila Varga, managing director, Róbert Hohol, executive officer
In case of data protection queries, please contact us above or our consultant:
Dr. Zsuzsanna Árva
- Email: arvazsuzsi@diamond-congress.hu
- Phone: +36 20 363 7567
Whose data are subject of data processing?
Our data procession information governs the procession of natural person’s data, i.e. governs all data processions in which our company acquires data that may be connected to natural persons, may identify natural persons. During providing our activities, first of all, we acquire data of conference participants that are necessary to fulfil the services ordered by them. We mainly acquire data from the natural person himself/herself registering in the conference database. Sometimes we acquire personal data from the former organiser of the given conference or the professional organising body, if the data’s subject has given his consent to data processing to the future organizers.
Which regulations govern the data procession?
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
Law Nr CXII from the Year 2011 about the information self-governing right and the freedom of information
Opinions of the Commission’s Working Group Nr 29 and of the National Data Protection Office.
Which principles are regarded by us during data procession?
Our company processes data according to the regulations of the GDPR regarding the following principles:
- lawfulness: the company has legal basis for data procession, the data procession is reasoned
- fairness: the data procession occurs according to the legal regulations regarding the interests of the data’s subject
- transparency: the data procession may be followed in all steps of the process
- limited purpose: the data will be processed only according to the goal determined in advance about which the data's subject has been informed
- data minimization: data will be collected in quantity and so long till it is necessary to the legal basis
- accuracy: data will be registered according to its real content, that is why we ensure the right for updating, limiting and right of erasure
- storage limitation: we store the data only to the legal basis necessary time
- integrity and confidentiality: we ensure access to data only to persons whose access is necessary for fulfilling the services or for the determined goal.
Why are my data processed?
You have consented the data processing as follows:
Our webpage visitors (hereinafter: visitors) and application or webinar users may register at their own will and give voluntarily data, with which they may be identified (name, e-mail address, contact data, address, profession, working place) other data given by the visitor voluntarily). With providing the data voluntarily the visitor consents that the exclusive operator of the webpage i.e. our company processes the data according to the principles set up in this information. Please take all the necessary measures to keep your user id and password confidential. Please give us only those data that are necessary to keep contact with you.
Abstracts, posters, e-mails
As it is common by scientific conferences, participants may publish lectures, studies, posters that may be collected in abstract books. The programme book of the conference includes furthermore the name and e-mail address, sometimes scientific degree or other data of the participants.
Lectures, posters, programme and abstract books will be preserved during the Diamond Congress Ltd. exists because of legal interest to reference. We draw your attention that these materials together with the above mentioned personal data will be provided to the participants, i.e. it becomes publicly available.
For our webinar users: in case of every online conference it will be published how long the lectures, posters and other scientific materials submitted and published on the website by the data’s subject himself will be open to webinar participants on the website. After this deadline Diamond Congress Ltd erases all materials, do not preserve any poster or lecture.
Please note, Diamond Congress Ltd takes all efforst to keep these materials confidential and public only to webinar participants, however by the recent technology Diamond Congress Ltd cannot take any financial and non-financial responsibilities for materials and personal data illegal copy or acquisition by third person.
Our company processes the data to fulfil the conference services:
We have to process your data to fulfil the conference services. Data processed: name, address, contact information (telephone, e-mail), invoice address, and card number in case of credit payment by mail order authorisation, scientific degree. Other eventual necessary data: data of workplace.
Furthermore our company may process your data if it may prove the legal interest regarding your data processing, e.g. because of reference we preserve printed abstract books, program leaflets.
In case of invoicing the data processing is a legal obligation to us to fulfil tax and duties administration.
We may process your data as well if you consented e.g. you given your consent to process your data to future organizers.
Legal interest as base of data processing
We may process your data because we have legal interest to do so. It occurs in the following cases:
- after termination of the conference (conract) we preserve all data for five more years to have evidence for proving of business activity towards the participant in case of legal dispute or towards the tax office in case of control;
- abstract books, program leaflets are preserved in some pieces to serve for us as reference for our services.
How do we process your data?
Our company processes the provided personal data and information only in connection with the goal of the data providing of the participants, and uses only to fulfil the requests of the participants, to communicate with her/him. The goal of the data processing is the fulfilment of the information requests, communication with the visitor, and fulfilment of the services (conference participation).
Diamond Congress Ltd. collects, processes, stores and deletes the data according to its contracts or the legal regulations.
Diamond Congress Ltd. processes the data to third persons only in the following cases:
- to subcontractors contributing in the fulfilling of the service, and with whom we sign data procession contract, or
- if the procession to third person is requested or previously consented by the data’s subject or
- we are legally obliged.
Please contact us if you wish to be informed about our data administrators. With our data administrators in every case we conclude data procession contract, in which our administrators oblige themselves to process the data according to legal regulations and this information is given to you.
Diamond Congress Ltd. erases the data if the data’s subject requests us in writing to do so, except we are obliged to preserve the data by the law. We erase the data also, if there are no legal obligations or they are not necessary to prove the delivery of contracted services, or we also erase the data which are processed exclusively according to your consent and you ask us in writing to do so.
Electronic data are erased in such way that their restoration should not be possible; paper data will be erased by erasing machine or by companies whose main activity and profession is the erasing of official documents.
Data will be collected by Diamond Congress Ltd. electronically. Data connected to contracts may be available on paper as well. Paper data will be stored on the seat or subsidiary of Diamond Congress Ltd. in folders. Only the authorised employees may have access to the necessary data, other persons have no possibility to access (closed shelves and rooms).
Employees are informed about their right to access and about their obligation to hinder unlawful access (pay attention to key, not entitled third person may not be left alone by open shelves).
Electronically collected data are stored and protected as follows: they are stored on servers at the central office of Diamond Congress Ltd. A multi-level firewall system cares about the outer protection of the information net of Diamond Congress Ltd.
The protection of data in databases are ensured by a two-level access protection system. On data base level data can be accessed directly only by the system administrator, other persons may have access to stored data only through an application connected to the data-base. These applications use own user identification.
In the application zone the Apache server accepts real data and commands only from local terminals (from HAProxy), and after having built the secure data connection and having been convinced that the queries are real, will only serve towards the Internet. The software written in Apache PHP5.2 running environment communicates directly with the MySQL data base located in DB zone. Both the application zone and DB zone marked by green are totally isolated from the direct Internet side.
At the virtual conference space we provide access to the presentation videos, posters given by the authors themselves (and also abstracts, as mentioned above) and product information by our exhibitors. This access is limited in time as it is announced at the certain webinar information site. Entering the conference area is available only by having a proper username and password combination, this is generated randomly by the organisers and it is announced by e-mail before starting the event. Username is generated using user ID and the webinar's name it is not originated from e-mail address or other personal data. The password is never identical to the database password created by the participant. Diamond Congress Ltd. does not take responsibility for the content of these materials (e.g.: scientific reliability, originality, trade secrets, etc).
Erasure of data on request are fulfilled by an employee having access to data, in other cases, permanently, but at least the data will be supervised annually and if their storage is not necessary any more, they are erased by the entitled employees.
Do I have access to my data?
Conference participants may modify their data in the registration system. In case the modification does not work, please contact us, and we do the amendments.
How long are your data preserved?
In case your data are processed according to your consent and there is no other legal basis (e.g.: delivery of contract), we preserve your data, till you revoke your consent or there is no goal for the procession and you consent the erasure.
In case we process the data on contractual basis we preserve the data for 5 years from the termination of contract, those data which are bases for annual balance are preserved 8 years from the termination. After this time period we erase the data.
In case there is legal interest for the processing of data we preserve them till we may prove the legal interest; if there is no more legal interest, we store them for 5 years from the termination of the legal interest.
What shall I know about cookies, other loggings?
Diamond Congress Ltd. uses cookies on its webpage to enlighten the use of webpage and the communication. On the webpage of the company Google Analytics is used, which regulation may be find: https://policies.google.com/privacy?hl=en
Furthermore during the use of our applications your browser may send us automatic information when you open or use a web address such data as: IP address, opened webpage, activity logging. We may get information about the used hardware as type, operation system, its settings or individual identities. These pieces of information depend on your settings, so we suggest to study the user’s menu, user’s guide regarding information-technology, -security before using the hardware.
Diamond Congress Ltd. informs you about cookies also on its homepage and ask for your consent. We do not collect, or store data accessed from cookies.
Why do I get newsletters, what rights do I have regarding newsletters?
Diamond Congress Ltd. sends newsletters (typically conference circulars) only if the data’s subject has given his consent (on paper in writing, in email, or ticked on the internet). We inform you at the bottom of the newsletter about your rights: about the possibility to unsubscribe, or to rectificate your data. In case you unsubscribe, your data will not be stored or processed any more for the goal of newsletter sending.
What kind of rights do I have regarding my data procession?
- Right for information
You have right to get understandable information for what reason, which data, how and for how long will be processed by our company. To give you the information we need to identify you, and because of this, we may give you the information only personally in previously agreed office time or you may request it in writing. In case of written request you need two witnesses on the request, in case of requests submitted by e-mail, we give the information only to the email address processed by us. If you may not send the request from the e-mail address processed by us, please send it us per post authorized by two witnesses. We fulfil the request free of charge within 15 days from the receipt.
- Disposition with the data:
right to rectificate, protest, limitation and erasure, data portability
For the request of data’s subject Diamond Congress Ltd. rectificate or supplement the inaccurate personal data without delay.
The data’s subject may protest any time against the procession of her/his data on basis of legal interest. The data controller may process the data further only if she/he proves that the procession is reasoned by righteous reasons with forcing effect, which have priority against the interests, rights and freedoms of the data’s subject, or they are in connection with submitting, validation or protection of legal claims. If the data’s subject protests against the procession on basis of direct business purposes, the personal data may not be processed further on this legal title.
On the request of the data’s subject the data controller limits the procession, if the accuracy of the data is disputed, the procession is unlawful, but the data’s subject does not ask for the erasure only for limitation, the data controller does not have legal basis for the data, but the data’s subject requests the procession to validate some of her/his rights during the time of the examination in which the lawfulness of the data procession will be examined. About the lifting of the limitation the data’s subject must be informed.
On the request of the data’s subject, in case of the revoke of her/his consent, for her/his protesting the data controller erases without delay the personal data regarding the data’s subject, except for other legal basis the procession is necessary, or public interest reasons the procession, or it is necessary for submitting, validating, protecting legal claims. Data must also be erased in case they have been processed unlawful or their erasure is obligatory according to law.
The Diamond Congress. Ltd informs about the rectification, limitation, erasure of the data the data’s subject, except the information is impossible or needs special force.
- Legal remedy
The data’s subject is entitled to submit a complaint to the authority appointed for this task. Against the decision or silence of the authority the data’s subject may appeal to court. The data’s subject is entitled to go to court in case of unlawful procession of her/his personal data.
Appointed authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság
1125 Budapest, Szilágyi Erzsébet fasor 22/c
www.naih.hu
+36-1-3911400,
ugyfelszolgalat@naih.hu
May unauthorized third person access to my personal data?
We speak about personal data breach in case your data is accessed by unauthorized third person, or there is a danger of accession.
No personal data breach occurred by Diamond Congress Ltd. in the last decades. The following possible risk may occur:
- loss, steal of hardware containing data (laptop, mobile phone)
- burglary
- attack against server
- ensuring wilful or negligent access to third unauthorized persons to personal data,
- illegal copy about webinar lecture, posters.
Hindering the above risks, Diamond Congress Ltd:
- allows access to personal data only to those, to whom it is necessary to work, the access is ensured by user’s id and password,
- permanently supervises its information security system, servers and ensures the security on the level reasonably expectable of an information technology services rendering company; Diamond Congress Ltd. ensures the necessary hardware,
- informs the employees about the necessary data protection measures,
- draw the attention of webinar participants about their rights for using the applications, materials.
In case any of the employees of Diamond Congress Ltd. notice a personal data breach, they report it to the managing director, who appoints the person without delay, who is responsible for investigating within 24 hours: the data’s subject whose personal data have been injured, and the possible risks. She/he suggests without delay how to process the data breach and informs the director. The general manager decides about the necessary measures that are able to avoid, prevent but at least minder the damages.
In case the data breach has high risk for the rights and freedom of the data’s subject, Diamond Congress Ltd. informs the data’s subject about the data breach without reasonable delay with the following content at least: character of the breach, contact person and contact information, possible risks from the breach, measures for remedy.
Present data procession information enters into effect on the 20th of April 2020. Matters not regulated in the present information are governed by the GDPR and the relevant Hungarian regulations.
Budapest, 20 April 2020.
Attila Varga, managing director