PRIVACY POLICY OF RE-CONNECT HUB
effective from January 1st, 2023
This privacy policy provides an overview about how we process personal data as joint controllers:
Central Transdanubian Regional Innovation Agency Nonprofit Ltd. (H-8000 Seregélyesi út 113, Székesfehérvár, Hungary);
RAZVOJNI CENTER SRCA SLOVENIJE DOO (1270 Litija, Kidričeva cesta 1, Slovenia);
MB „Efekto grupe“ (Gedimino str. 47, 3000 Kaunas, Lithuania);
Cooperazione Paesi Emergenti (Via Crociferi n. 38 Catania, Italy);
Obcina Radenci (Radgonska cesta 9, 9252 Radenci, Slovenia);
Comharchumann Forbartha Ionad Deirbhle Teo. (Fód Dubh, Co. Mhaigh Eo, Eachléim, Ireland);
(hereinafter referred to as “us” or “we”), institutions that developed and maintain the RE-CONNECT HUB interactive online collaborative platform for persons and organisations participated in circular tourism.
We value the great effort that has been provided by the RE-CONNECT Erasmus+ project partnership (https://www.reconnecthub.eu/contact/) when developing a unique online hub. Even more, we value all the persons & organisations, tourism hots and providers, stakeholders who will join our still growing RE-CONNECT family and who start creating amazing business ideas in circular tourism with us! Nevertheless, sometimes, we may need to collect information about our users and their use of our service to help us achieve that goal. Our users are usually students and young entrepreneurs but for this Privacy Policy, we use the term “users” only.
If you have any questions concerning how we process your personal data, you can contact our Joint Contact Point. All privacy enquiries sent to us are received and reviewed by our Joint Contact Point, which serve as a contact point for you and supervisory authorities. Contact to Joint Contact Point:
Country | Organisation | Contact |
HUNGARY | Central Transdanubian Regional Innovation Agency Nonprofit Ltd. | |
LITHUANIA | MB “Efekto grupe” | |
ITALY | Cooperazione Paesi Emergenti | |
SLOVENIA | Razvojni Center Srca Slovenije | |
SLOVENIA | Obcina Radenci | |
IRELAND | Comharchumann Forbartha Ionad Deirbhle Teo. |
This Privacy Policy is primarily designed to ensure compliance with our informational obligations pursuant to Articles 13 and 14 GDPR towards data subjects about whom we process personal data as a controller. Typical data subjects are users of the RE-CONNECT HUB. Being an EU-based subjects, we must comply with the EU general data protection regulation (the “GDPR“) provisioning your individual rights[1] when processing the personal data, applicable sections of the national data protection legislation (the “Data Protection Act”) and other legislation. In case that you do not understand any information provide in this Privacy Policy, do not hesitate to contact our Joint Contact Point.
Data subjects’ requests delivered at the Joint Contact Point shall be handled individually and on behalf of us by the controller from the country from which data subject request was sent.
Why we process personal data?
Generally, we need to process personal data to:
- provide our services and for that purpose process personal data of users of the RE-CONNECT HUB;
- meet our legal and contractual obligations; and
- pursue our own legitimate interests.
For what purposes and under which legal bases do we process personal data?
We process personal data for the following purposes and legal grounds:
| Purpose of the processing personal data | Legal ground |
Establishment, exercise, or defence of legal claims (legal agenda) | Legitimate interest | |
Management of data subject requests | Compliance with legal obligation | |
Provide our services – operating the RE-CONNECT contract | Contract | |
Protection of property and security | Legitimate interest |
What are our legitimate interests that we pursue?
We rely on a legal ground of legitimate interest pursuant to Article 6 (1) f) of GDPR for the following purposes. We provide description of these purposes and legitimate interests below:
Establishment, exercise or defense of legal claims (legal agenda) | From time to time, we might need to pursue a legal claim, ask for compensation or off-court settlement, or report certain facts to public authorities and aforementioned processing operations shall be considered as our legitimate interest. |
Protection of property and security | We consider our legitimate interest protecting the property and security of us including our employees or users of RE-CONNECT HUB. We rely on this legal ground to ensure the security of our information assets and IT systems. |
What personal data we process?
We process personal data for two types of users. Firstly, in most cases we process standard contact and identification types of personal data such as name, surname, country, and email for the persons. Secondly, we process standard identification types of personal data such as name, country, and email for organisations.
Who are recipients of your personal data?
We take the confidentiality of your personal data very seriously and have internal policies in place to ensure that your data is only shared with authorized personnel or a verified third party. Our staff might have access to your personal data on a strictly need-to-know basis typically governed and limited by function, role and department of the particular employee. Personal data of users or other natural persons are provided to the extent necessary to following categories of recipients:
- our verified and properly mandated processors;
- our professional advisors (e.g., attorneys or auditors);
- providers of standard software and cloud services;
- providers of technical (IT) and organizational (events agency) support of us;
We also use sub-contractors to support us in providing services who might process personal data for us. We ensure that selection of our sub-contractors and any processing of personal data by them is compliant with the GDPR in terms of technical and organizational security of processing operations. If we use our own recipients to process personal data (our internal staff), your personal data are always processed based on authorizations and instructions that inform our recipients about not only our internal privacy policies but also about their legal responsibility for their violations. If we are requested by the public authorities to provide your personal data, we examine the conditions laid down in the legislation to accept the request and to ensure that if conditions are not met, we do not adhere to the request. In case that you have a question about our current processors, do not hesitate to contact our Joint Contact Point for further information.
What countries do we transfer your personal data to?
By default, we seek not to transfer your personal data outside the EU and/or European Economic Area where not necessary.
How long do we store your personal data?
We must not and we do not want to store your personal data for longer than necessary for the given purpose of processing. Due to this legal requirement but also due to technical and financial aspects of data storage we actively delete data where no longer necessary. Retention periods are either provisioned in respective laws or are set out by us in our internal policies. When processing of your personal data is based on consent and you decide to withdraw your consent, we do further not process your personal data for the specific purpose. However, it does not exclude the possibility that we process your personal data on different legal grounds especially due to our legal obligations.
General retention periods for our purposes are as follows:
Purpose | General retention period |
Establishment, exercise, or defence of legal claims (legal agenda) | Based on limitation period according to the law. |
Management of data subject requests | Based on limitation period according to the law. |
Provide our services – operating the RE-CONNECT HUB | During the contractual relationship with users and 2 years after termination of the contract |
Protection of property and security | 1 year |
The above retention periods only specify the general periods during which personal data are processed for the specific purposes. However, we proceed to erasure or anonymization of personal data before the expiry of these general periods if we consider the personal data to be unnecessary in view of the above-mentioned processing purposes. Conversely, in some specific situations, we may keep your personal data longer than stated above if it is required by law or our legitimate interest.
How we collect your personal data?
Generally, we collect your personal data directly from you. You can provide your personal data to us by different means e.g.:
- by registration on our website;
- communication with you;
- completing and submitting a contact form with your comments, queries, or questions.
What rights do you have?
If we process your personal data based on consent to the processing of personal data, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You have the right to effectively object to the processing of personal data for direct marketing purposes, including profiling.
You also have the right to object to the processing of your personal data based on the legitimate interests we follow, as explained above. You are also entitled to the processing of personal data on the legal basis of a public interest.
If you exercise your right to object, we will gladly demonstrate to you the way how we evaluated these legitimate interests as overriding the interests, rights and freedoms of the data subjects.
The GDPR lays down general conditions for the exercise of your individual rights. However, their existence does not automatically mean that they will be accepted by us because in a particular case exception may apply. Some rights are linked to specific conditions that do not have to be met in every case. Your request for an enforcing specific right will always be dealt with and examined in terms of legal regulations and applicable exemptions.
Among others, you have:
- Right to request access to your personal data according to Article 15 of the GDPR. This right includes the right to confirm whether we process personal data about you, the right to access to personal data and the right to obtain a copy of the personal data we process about you if it is technically feasible.
- Right to rectification according to Article 16 of the GDPR, if we process incomplete or inaccurate personal data about you.
- Right to erasure of personal data according to Article of the 17 GDPR;
- Right to restriction of processing according to Article 18 GDPR
- Right to data portability according to Article 20 GDPR;
- Right to object against the processing including profiling based on legitimate or public interest according to Article 21 (1) of the GDPR;
- Right to object against processing for direct marketing purposes including profiling according to Article 21 (2) of the GDPR;
- Right to not be subject to the automated individual decision making according to the Article 22 of the GDPR.
If you feel that we are processing incorrect personal data about you given the purpose and circumstances, you can request rectification of incorrect or incomplete personal data.
You have a right to lodge a complaint related to personal data to the relevant data protection supervisory authority or apply for judicial remedy. Please note that because of leading controller, Central Transdanubian Regional Innovation Agency Nonprofit Ltd. is from Hungary our competent data protection authority is the Hungarian National Authority for Data Protection and Freedom of Information (https://www.naih.hu/). In any case we advise to primarily consult us with your questions or requests.
Do we process your personal data via automated means which produces legal effects concerning you?
We do not currently conduct processing operations that would lead to the decision which produces legal effects or similarly significantly affects concerning you based solely on automated processing of your personal data in light of Article 22 GDPR.
How we protect your personal data
It is our obligation to protect your personal data in an appropriate manner and for this reason we focus on the questions related to protection of personal data. We have implemented generally accepted technical and organizational standards to preserve the security of the processed personal data, especially considering the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. In situations where special categories of data are processed, we use encryption technologies e.g., during communication with the payment gateway. Your personal data are stored on our secure servers or servers of our web site providers located in data centers in Hungary. If third-party analytics tools are used data are stored on third-party servers (see cookies).
Cookies
Cookies are small text files that improve website usage e.g., by allowing us to recognize previous visitors when logging in to a user environment, remembering a user’s choice when opening a new window, measuring website traffic, or how evaluation of usage of the website for the improvement. Our website uses cookies in particular to measure its traffic. You can always stop storing these files on your device by changing your web browser to a different setting.
Changes to this privacy policy
The information we give you with regard processing of personal data may change or cease to be up to date. From these reasons we may change this privacy policy from time to time by posting the most current privacy policy and its effective date on our website. In case we change this privacy policy substantially, we may bring such changes to your attention by explicit notice, on our websites or by email.
[1] See Articles. 12 – 22 GDPR: http://eur-lex.europa.eu/legal-content/SK/TXT/HTML/?uri=CELEX:32016R0679&from=EN