Magyar English Deutsch Čeština 中文

Data Processing Notice

Data Processing Notice

Covering the operations, website and related systems of ROBOHUN — pursuant to GDPR (EU 2016/679) and Hungarian Act CXII of 2011.

Effective: from the date of adoption.

I. Data Controller

Name: Magyar Robotikai Szövetség Egyesület (ROBOHUN) — Hungarian Robotics Association Registered office: 1224 Budapest, Dózsa György út 168/B, Hungary Website: robotikaiszovetseg.hu Represented by: Máté Viktor Benyovszky and Zoltán Petrásovits, co-presidents

II. Data Processing Activities

1. Contact, website usage and online forms

Data processed: name, email address, name of organisation or company, other data provided in the message or form, and data technically generated during website usage.

Purpose, legal basis, retention: responding to contact requests, managing inquiries, operating and developing the website, and providing online services. The legal basis may be the data subject’s consent, steps taken prior to entering into a contract, the legitimate interest of the association, or compliance with a legal obligation, depending on the matter. Data is retained only for the period necessary to fulfil the purpose or until the end of the applicable statutory retention period.

Cookies and technical data: the website may use technical solutions necessary for its operation, including cookies or technologies with equivalent functionality. Their purpose is to ensure the proper functioning of the website, improve user experience, maintain security, and collect anonymised or aggregated statistical information. Such processing is based on the legitimate interest related to website operation and, where necessary, the data subject’s consent. Technical data and cookie settings are processed for the duration necessary for the given purpose.

2. Membership records and administration (CiviCRM)

Data processed: name, address, email address, phone number, membership type, membership status, data related to membership fee payments, and other relevant data provided during membership administration. The association may also maintain its membership register in the CiviCRM system accessible from the website.

Purpose, legal basis, retention: establishing, recording and managing membership, communication, membership fee records, and administration of the association’s operations. The legal basis is primarily the performance of the membership relationship and compliance with the association’s legal obligations. Data related to the membership relationship is processed for the duration of the relationship and subsequently for the period necessary for the assertion, enforcement and defence of legal claims. Personal data contained in documents that must be retained under accounting, archival, organisational or other legislation may be processed for the retention period applicable to the given document. If the data subject expressly requests after the termination of membership, certain contact data may be further processed for a specified purpose, on the basis of consent, until the consent is withdrawn or the purpose ceases.

3. Event organisation and registration

Data processed: name, email address, organisation, participation data, payment data, and other necessary information provided during registration.

Purpose, legal basis, retention: organising events, managing applications, communicating with participants, handling fee payments and conducting events. The legal basis is the performance of a contract with the data subject, administration related to the event, and where necessary, compliance with a legal obligation. Data is retained for the necessary administrative period following the conclusion of the event; invoicing and accounting data is retained for the period prescribed by the applicable legislation.

4. Newsletter and electronic communications

Data processed: name, email address, and the data subject’s communication preferences.

Purpose, legal basis, retention: the association may conduct two types of electronic communication. The legal basis for operational communications directly related to membership — such as general assembly, membership, administrative or professional operational messages — is the performance of the membership relationship or the legitimate interest of the association. The legal basis for newsletters, professional news, programme recommendations and other communications sent on the basis of separate subscription is the data subject’s consent. Data is processed for operational communications until the membership relationship exists; for newsletters, until unsubscription or withdrawal of consent.

5. Financial, accounting and donation data processing

Data processed: name, invoicing data, bank account number or transaction identifiers, amount, payment method, date, and necessary data related to donations or payments.

Purpose, legal basis, retention: invoicing, bookkeeping, recording financial transactions, managing donations and fulfilling statutory obligations. The legal basis is contract performance and compliance with legal obligations. Data related to accounting documents and financial records is retained for the period prescribed by the applicable legislation.

III. Data Transfers and Data Processors

Personal data is transferred to third parties only on the basis of a statutory obligation, at the request of an authority or court, or to service providers who perform data processing tasks on behalf of the association.

The association engages data processors only when this is necessary for the realisation of the data processing purpose. Such services may include website hosting, email services, newsletter delivery, document storage, membership records or customer relationship management, including CiviCRM-based systems. Data processors are engaged in all cases in accordance with the applicable legal requirements.

IV. Data Security

In the course of data processing, the association applies appropriate technical and organisational measures suited to the nature of the data, the purpose of processing and the available technical capabilities to ensure data security:

  • access protection, password usage and, where available, two-factor authentication;
  • access management, secure document storage and the use of technical solutions to protect the systems used;
  • only those persons may access the data whose duties require it.

V. Data Subject Rights

The data subject has the right to information, access, rectification, erasure, restriction of processing, data portability, objection and withdrawal of consent under the GDPR. Requests may be submitted via the association’s contact details; the association shall examine and respond to the request without undue delay and within 30 days at the latest. In the case of an erasure request, the association shall erase or anonymise the data if there is no further legal basis or mandatory retention reason for the processing.

Remedies: National Authority for Data Protection and Freedom of Information (NAIH), 1055 Budapest, Falk Miksa utca 9–11, naih.hu — or court.

VI. Final Provisions

This notice is adopted by the Board and reviewed as necessary — in the event of legislative changes, organisational changes or new data processing activities. Publication: website and document repository.