Data processing policy for partners
Be the Best
THE BE THE BEST SPORTS Kft.
DATA PROCESSING POLICY FOR PARTNERS
Effective from: 01 02 2021.
Why have we formulated this data processing policy?
The BE THE BEST SPORTS Kft as a Controller manages data for more purposes and is committed to respecting the Data Subjects’ rights and fulfilling the legal obligations, particularly those provided by the General Data Protection Regulation (shortly GDPR).
The BE THE BEST SPORTS Kft. considers it important to show the Data Subjects how the company processes the personal data collected during its business activity.
Who processes your personal data?
Your personal data is processed by the BE THE BEST SPORTS Kft.
Contact details:
Mail: |
1084 Budapest, József utca 3. fszt. 6. |
Web: |
https://btbsports.hu/ |
E-mail: |
info@btbsports.hu |
Phone number: |
+ 36 70 261 6602 |
Basic details of data processing:
Target: |
Fulfilment of accounting requirements |
|
Legal basis: |
GDPR Article 6 (1) c) processing is necessary for compliance with a legal obligation to which the controller is subject; |
|
Nature: |
Automated and manual |
|
Processed data: |
Name, address on invoice |
|
Duration: |
8 years following the issue of invoice |
|
Circle of data subjects: |
Clients affected by issue of invoice |
|
Data processor(s) |
Data: |
Activity: |
KBOSS.hu Kft. 1031 Budapest, Záhony utca 7. |
Operating the invoicing program |
|
PRECIZ-CONT Bt. 5600 Békéscsaba, Víztároló u. 5. |
Accounting activity |
|
Recipient(s) of data transfer: |
National Tax and Customs Administration 1054 Budapest, Széchenyi u. 2. +36 (1) 428-5100 nav_kozpont@nav.gov.hu |
Tax administration |
2. Contracting Partners
Target: |
Processing the data of the Contracting Partners |
|
Legal basis: |
GDPR Article 6 (1) b) Processing is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract |
|
Nature: |
Automated and manual |
|
Processed data: |
Name, Address, Phone number, e-mail |
|
Duration: |
8 years following the termination of the contract |
|
Circle of data subjects: |
Representative of the contracting parties |
|
Data processor(s)
|
Data: |
Activity: |
None |
- |
|
Recipient(s) of data transfer: |
None |
- |
3. Records of Contracting Parties’ contact persons
Contact holding in order to fulfil the contractual obligations |
||
Legal basis: |
GDPR Article 6 (1) f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party |
|
Nature: |
Automated and manual |
|
Processed data: |
Natural person’s name, address, phone number, e-mail |
|
Duration: |
8 years following the termination of the contract |
|
Circle of data subjects: |
Contracting Parties’ representatives and contact persons |
|
Data processor(s)
|
Data: |
Activity: |
None |
- |
|
Recipient(s) of data transfer: |
None |
- |
4. Management of claims
Target: |
Management of the Controller’s claims |
|
Legal basis: |
GDPR Article 6 (1) f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party |
|
Nature: |
Automated and manual |
|
Processed data: |
Natural person’s name, address, his/her data relating to claim management |
|
Duration: |
5 years following the termination of claim management |
|
Circle of data subjects: |
Persons affected by claim management |
|
Data processor(s)
|
Data: |
Activity: |
|
None |
- |
Recipient(s) of data transfer: |
None |
- |
5. Execution procedure
Target: |
Management of execution procedures in the interest of the Controller |
|
Legal basis: |
GDPR Article 6 (1) f) Legitimate interests pursued by the controller |
|
Nature: |
Automated and manual |
|
Processed data: |
Natural person’s name, address, his/her data relating to execution procedure |
|
Duration: |
10 years following the termination of execution |
|
Circle of data subjects: |
Persons affected by execution procedure |
|
Data processor(s)
|
Data: |
Activity: |
|
None |
- |
Recipient(s) of data transfer: |
None |
- |
6. Disputes, legal and litigation cases
Target: |
Management of legal and litigation cases |
|
Legal basis: |
GDPR Article 6 (1) f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party |
|
Nature: |
Automated and manual |
|
Processed data: |
Natural person’s name, address, other identification details coming from the nature of the case, data relating to the phase, facts, description of the case. |
|
Duration: |
5 years following the termination of the case |
|
Circle of data subjects: |
Persons affected by the legal and litigation case |
|
Data processor(s)
|
Data: |
Activity: |
|
None |
- |
Recipient(s) of data transfer: |
None |
- |
7. Records of Data Subjects’ claims, complaints
Target: |
Records of the complaints, claims relating to data processing, maintaining contact with the data subjects |
|
Legal basis: |
GDPR Article 6 (1) c) Processing is necessary for compliance with a legal obligation to which the controller is subject |
|
Nature: |
Automated and manual |
|
Processed data: |
Identification data, contact person’s data |
|
Duration: |
5 years or the termination of legal dispute |
|
Circle of data subjects: |
Data subject, complainer |
|
Data processor(s)
|
Data: |
Activity: |
|
None |
- |
Recipient(s) of data transfer: |
None |
- |
8. Notification of data protection incident
Target: |
Notification of data protection incident, maintenance of contact |
|
Legal basis: |
GDPR Article 6 (1) c) Processing is necessary for compliance with a legal obligation to which the controller is subject |
|
Nature: |
Automated and manual |
|
Processed data: |
Identification data, contact person’s data |
|
Duration: |
5 years or the termination of legal dispute |
|
Circle of data subjects: |
Relevant persons |
|
Data processor(s)
|
Data: |
Activity: |
|
None |
- |
Recipient(s) of data transfer: |
None |
- |
If you don’t give us your required data, the controller is not able to fulfil its contractual and legal obligations.
You may protest against the data processing at the Controller if it is based on the Controller’s legitimate interest.
What principles shall we follow during data processing?
We perform data processing in compliance with legal regulations in force.
The Controller processes only specified personal data, the security of which is defended by all necessary technical and organisational measures.
The Controller pays special attention on ensuring the confidentiality, integrity and availability of personal data.
The Controller is responsible for the authenticity and accuracy of the personal data.
We interpret the expressions we use in this policy in accordance with the concepts specified by the EU General Data Protection Regulation (2016/679. GDPR) and interpretational provisions of Act CXII of year 2011 on Informational Self-Determination and Freedom of Information.
What rights do you have in relation to your personal data processed by the Controller?
The Controller facilitates the exercise of Data Subjects’ rights specified by GDPR. Claims for exercising these rights may not be rejected by the Controller, unless the Data Subject cannot be identified. Therefore, the Data Subject shall disclose his/her identity for the performance of his/her claim.
The Controller shall meet the claim without delay, but within 1 month at the latest counted from delivery or notify the Data Subject of the possible obstacles or delay of performance. In this case the deadline may be extended by 2 more months, but the Data Subject shall be notified of the extension and its reason within 1 month.
The Data Subject’s claim is answered by the Controller in the form it has been received. The Data Subject has the right to submit his/her claim electronically and then he/she will receive the answer by electronic means as well, unless it has been provided expressly otherwise by him/her.
For guaranteeing the rights of Data Subjects, the rights included in this policy may be exercised free, the Controller shall not charge any fee for them, unless the claim is obviously unreasonable or exaggerated particularly due to its repetitive nature.
If the requested action, communication is exaggerated or obviously unreasonable, the Controller may charge a reasonable amount of fee for the performance (with respect to covering the administrative costs increased by the exaggerating claims) or may reject to take any steps urged by the claim.
In these cases, the Controller has the obligation to state reasons to the Data Subject.
In compliance with the laws the Data Subjects may exercise the following rights:
a.) During the whole duration of data processing the Data Subject has the right to obtain information and access from the Controller in relation to the personal data processed by the Controller and the nature of processing, particularly regarding:
- the identity, availability of the Controller and its contact person, if a data protection officer is employed by the Controller, his availability;
- the target, legal basis and duration of data processing;
- the data processor’s name, address, its activity relating to data processing if a data processor will be sought;
- legal basis and recipient of data transfer, if data transfer is carried out;
- data protection incidents that may have taken place.
b.) The Data Subject has the right to obtain from the Controller the rectification of any personal data concerning him or her: if his or her data have changed or are not accurate, he/she has the right to request the Controller to change them at any point during the time of personal data processing. This may be requested via our given availabilities.
c.) The Data Subjects’ personal data will be erased if the personal data have been unlawfully processed, the target of data processing has terminated, the deadline set for the storage of data has expired or it is ordered with binding effect by a court or the National Authority for Data Protection and Freedom of Information
d.) The Data Subject may request the Controller to restrict the processing of his/her personal data
- if the accuracy of the personal data is contested by the Data Subject, for a period enabling the controller to verify the accuracy of the personal data;
- if the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
- if the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
- if the Data Subject has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.
e.) The Data Subject has the right to object to processing of his/her personal data, if his/her data are processed on the legal basis of a legitimate interest pursued by the Controller or a third party. In this case the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
f.) If the processing is based on consent or necessary for the performance of a contract and carried out by automated means, so the Data Subjects’ data are processed by a machine recorder, the Data Subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. Moreover, he/she has the right to transmit those data to another controller without hindrance from the Controller.
Legal remedy available for the Data Subjects
If your rights relating to personal data processing are presumably violated, you may lodge a protest to the National Authority for Data Protection and Information Freedom or the competent regional court (http://bíróság.hu/torvenyszekek)
Contact details of the National Authority for Data Protection and Information Freedom:
Address: 1055 Budapest, Falk Miksa utca 9-11.
Mail: 1374 Budapest, Pf.: 603.
Phone number: +36 1 391 140