Data processing policy for partners

Be the Best

THE BE THE BEST SPORTS Kft.

DATA PROCESSING POLICY FOR PARTNERS

Effective from: 01 02 2021.

 

Why have we formulated this data processing policy?
The BE THE BEST SPORTS Kft as a Controller manages data for more purposes and is committed to respecting the Data Subjects’ rights and fulfilling the legal obligations, particularly those provided by the General Data Protection Regulation (shortly GDPR).

The BE THE BEST SPORTS Kft. considers it important to show the Data Subjects how the company processes the personal data collected during its business activity.

Who processes your personal data?
Your personal data is processed by the BE THE BEST SPORTS Kft.

Contact details:

Mail:

1084 Budapest, József utca 3. fszt. 6.

Web:

https://btbsports.hu/

E-mail:

info@btbsports.hu

Phone number:

+ 36 70 261 6602

 

Basic details of data processing:

1.      Invoicing

Target:

Fulfilment of accounting requirements

Legal basis:

GDPR Article 6 (1) c) processing is necessary for compliance with a legal obligation to which the controller is subject;

Nature:

Automated and manual

Processed data:

Name, address on invoice

Duration:

8 years following the issue of invoice

Circle of data subjects:

Clients affected by issue of invoice

Data processor(s)

Data:

Activity:

KBOSS.hu Kft.

1031 Budapest, Záhony utca 7.

info@szamlazz.hu

Operating the invoicing program

PRECIZ-CONT Bt.

5600 Békéscsaba, Víztároló u. 5.

Accounting activity

Recipient(s) of data transfer:

National Tax and Customs Administration

1054 Budapest, Széchenyi u. 2.

+36 (1) 428-5100

nav_kozpont@nav.gov.hu

http://nav.gov.hu

Tax administration

 

2.      Contracting Partners

Target:

Processing the data of the Contracting Partners

Legal basis:

GDPR Article 6 (1) b) Processing is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract

Nature:

Automated and manual

Processed data:

Name, Address, Phone number, e-mail

Duration:

8 years following the termination of the contract

Circle of data subjects:

Representative of the contracting parties

Data processor(s)

 

Data:

Activity:

None

-

Recipient(s) of data transfer:

None

-

 

3.      Records of Contracting Parties’ contact persons

Target:

Contact holding in order to fulfil the contractual obligations

Legal basis:

GDPR Article 6 (1)  f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party

Nature:

Automated and manual

Processed data:

Natural person’s name, address, phone number, e-mail

Duration:

8 years following the termination of the contract

Circle of data subjects:

Contracting Parties’ representatives and contact persons

Data processor(s)

 

Data:

Activity:

None

-

Recipient(s) of data transfer:

None

-

 

4.      Management of claims

Target:

Management of the Controller’s claims

Legal basis:

GDPR Article 6 (1) f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party

Nature:

Automated and manual

Processed data:

Natural person’s name, address, his/her data relating to claim management

Duration:

5 years following the termination of claim management

Circle of data subjects:

Persons affected by claim management

Data processor(s)

 

Data:

Activity:

 

None

-

Recipient(s) of data transfer:

None

-

 

5.      Execution procedure

Target:

Management of execution procedures in the interest of the Controller

Legal basis:

GDPR Article 6 (1) f) Legitimate interests pursued by the controller

Nature:

Automated and manual

Processed data:

Natural person’s name, address, his/her data relating to execution procedure

Duration:

10 years following the termination of execution

Circle of data subjects:

Persons affected by execution procedure

Data processor(s)

 

Data:

Activity:

 

None

-

Recipient(s) of data transfer:

None

-

 

6.      Disputes, legal and litigation cases

Target:

Management of legal and litigation cases

Legal basis:

GDPR Article 6 (1) f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party

Nature:

Automated and manual

Processed data:

Natural person’s name, address, other identification details coming from the nature of the case, data relating to the phase, facts, description of the case.

Duration:

5 years following the termination of the case

Circle of data subjects:

Persons affected by the legal and litigation case

Data processor(s)

 

Data:

Activity:

 

None

-

Recipient(s) of data transfer:

None

-

 

7.      Records of Data Subjects’ claims, complaints

Target:

Records of the complaints, claims relating to data processing, maintaining contact with the data subjects

Legal basis:

GDPR Article 6 (1) c) Processing is necessary for compliance with a legal obligation to which the controller is subject

Nature:

Automated and manual

Processed data:

Identification data, contact person’s data

Duration:

5 years or the termination of legal dispute

Circle of data subjects:

Data subject, complainer

Data processor(s)

 

Data:

Activity:

 

None

-

Recipient(s) of data transfer:

None

-

 

8.      Notification of data protection incident

Target:

Notification of data protection incident, maintenance of contact

Legal basis:

GDPR Article 6 (1) c) Processing is necessary for compliance with a legal obligation to which the controller is subject

Nature:

Automated and manual

Processed data:

Identification data, contact person’s data

Duration:

5 years or the termination of legal dispute

Circle of data subjects:

Relevant persons

Data processor(s)

 

Data:

Activity:

 

None

-

Recipient(s) of data transfer:

None

-

If you don’t give us your required data, the controller is not able to fulfil its contractual and legal obligations.

You may protest against the data processing at the Controller if it is based on the Controller’s legitimate interest.

What principles shall we follow during data processing?

We perform data processing in compliance with legal regulations in force.

The Controller processes only specified personal data, the security of which is defended by all necessary technical and organisational measures.

The Controller pays special attention on ensuring the confidentiality, integrity and availability of personal data.

The Controller is responsible for the authenticity and accuracy of the personal data.

We interpret the expressions we use in this policy in accordance with the concepts specified by the EU General Data Protection Regulation (2016/679. GDPR) and interpretational provisions of Act CXII of year 2011 on Informational Self-Determination and Freedom of Information.

 

What rights do you have in relation to your personal data processed by the Controller?

The Controller facilitates the exercise of Data Subjects’ rights specified by GDPR. Claims for exercising these rights may not be rejected by the Controller, unless the Data Subject cannot be identified.  Therefore, the Data Subject shall disclose his/her identity for the performance of his/her claim. 

The Controller shall meet the claim without delay, but within 1 month at the latest counted from delivery or notify the Data Subject of the possible obstacles or delay of performance. In this case the deadline may be extended by 2 more months, but the Data Subject shall be notified of the extension and its reason within 1 month.

The Data Subject’s claim is answered by the Controller in the form it has been received. The Data Subject has the right to submit his/her claim electronically and then he/she will receive the answer by electronic means as well, unless it has been provided expressly otherwise by him/her.

For guaranteeing the rights of Data Subjects, the rights included in this policy may be exercised free, the Controller shall not charge any fee for them, unless the claim is obviously unreasonable or exaggerated particularly due to its repetitive nature.

If the requested action, communication is exaggerated or obviously unreasonable, the Controller may charge a reasonable amount of fee for the performance (with respect to covering the administrative costs increased by the exaggerating claims) or may reject to take any steps urged by the claim.

In these cases, the Controller has the obligation to state reasons to the Data Subject.

In compliance with the laws the Data Subjects may exercise the following rights:

a.) During the whole duration of data processing the Data Subject has the right to obtain information and access from the Controller in relation to the personal data processed by the Controller and the nature of processing, particularly regarding:

-        the identity, availability of the Controller and its contact person, if a data protection officer is employed by the Controller, his availability;

-        the target, legal basis and duration of data processing;

-        the data processor’s name, address, its activity relating to data processing if a data processor will be sought;

-        legal basis and recipient of data transfer, if data transfer is carried out;

-        data protection incidents that may have taken place.

b.) The Data Subject has the right to obtain from the Controller the rectification of any personal data concerning him or her: if his or her data have changed or are not accurate, he/she has the right to request the Controller to change them at any point during the time of personal data processing. This may be requested via our given availabilities.

c.) The Data Subjects’ personal data will be erased if the personal data have been unlawfully processed, the target of data processing has terminated, the deadline set for the storage of data has expired or it is ordered with binding effect by a court or the National Authority for Data Protection and Freedom of Information

d.) The Data Subject may request the Controller to restrict the processing of his/her personal data

-        if the accuracy of the personal data is contested by the Data Subject, for a period enabling the controller to verify the accuracy of the personal data;

-        if the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;

-        if the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;

-        if the Data Subject has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.

e.) The Data Subject has the right to object to processing of his/her personal data, if his/her data are processed on the legal basis of a legitimate interest pursued by the Controller or a third party. In this case the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.

f.) If the processing is based on consent or necessary for the performance of a contract and carried out by automated means, so the Data Subjects’ data are processed by a machine recorder, the Data Subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. Moreover, he/she has the right to transmit those data to another controller without hindrance from the Controller.

 

Legal remedy available for the Data Subjects
If your rights relating to personal data processing are presumably violated,  you may lodge a protest to the National Authority for Data Protection and Information Freedom or the competent regional court (http://bíróság.hu/torvenyszekek)

Contact details of the National Authority for Data Protection and Information Freedom:

Address: 1055 Budapest, Falk Miksa utca 9-11.

Mail: 1374 Budapest, Pf.: 603.

Phone number: +36 1 391 140