Information on data processing

Content

 

I. General information

1. Name, address and contact details of Provider
2
Principles

II. Security measures

1. The Provider shall apply the following security measures to its employees
2. Protection measures

III. Data processing

1. Information about data processing
2. Legal basis, purpose, duration of data processing, data transfer

2.1. Online registration and entry in an event
2.1.1. Data given on online registration and entry
2.1.2. Data given on entry on the premises
2.1.3. Further data given during entry
2.2. Team entry
2.3. Participation in an event, image and video recordings

3. Rights of the Subject

3.1. Erasure
3.2. Information
3.3. Confirmation
3.4. Right of access by the data subject
3.5. Right to rectification
3.6. Right to restriction of processing
3.7. Right to object
3.8. Right to data portability


4. Data transfer

4.1. Accounting
4.2. Hosting service provider
4.3. E-mail service provider
4.4. Számlázz.hu
4.5. Participating in events abroad

5. Dealing with personal data breach

6. Restrictions 

7. Records of processing activities

8. Means of exercising rights

8.1. Place, time, procedure of complaints, means of exercising rights

8.1.1. Place of complaints – in case of data protection complaints

8.1.2. Procedure of complaint

8.1.3. Means of exercising rights

8.2. Legal dispute

 

I. General information

1. Name, address and contact details of Provider

Company name: CRAZY RUNNING EVENTS Korlátolt Felelősségű Társaság (hereinafter: Provider,)
Registered office: Lajos utca 93-99. H. ép. 3 em. 5., H-1036 Budapest
Site: Rigó utca 27-3., H-4030 Debrecen
Dsata controlling registration number: NAHI-126143/2018
Representative: Szandra Tóth
Company registration number: 01-09-290910, registered by: the Debrecen Court of Company Registration
Tax number: 25819025-2-41

Customer service contact:

E-mail: info@crazy5k.com

 

2. Principles

 

With this notice and making it available the Provider aims to ensure the accomplishment of the obligations prescribed by the GDPR regulation and the Privacy Act, including the obligation to inform the participants of the events, as Subjects (hereinafter: Participants or Subjects) who are in a contractual relationship with the Provider.

The purpose of this notice is to provide the Subjects with appropriate information about the data controlled by the Provider and transferred to the entrusted data processor by the Provider, about the name and address of the data processor, the purpose, the legal basis and the duration of data processing, and the legal basis of data transfer.

During processing personal data we take the following principles into consideration:

  • Lawfulness, fairness and transparency;
  • Personal data shall be collected only for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
  • Accuracy: Personal data shall be accurate and, where necessary, up to date;
  • Storage limitation;
  • Integrity and confidentiality shall be managed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures;
  • Accountability: The Provider shall be responsible for compliance with the principles.

 

II. Security measures

1. The Provider shall apply the following security measures to its employees

The provider’s employees processing data and the persons partaking in data processing as entrusted by the Provider are obliged to handle the acquired personal data as confidential business information and preserve it. The persons processing personal data and having access to it are obliged to make a Declaration of Confidentiality.

2. Protection measures

For the security of personal data processed in paper format the Provider shall apply the following measures:

  • the data may be known exclusively by those authorized to it, it may not be accessible for others, or disclosed to others;
  • the documents shall be stored in an adequately closed, dry room equipped with fire protection and security installations;
  • the documents under continuous, active processing shall be accessible exclusively for those authorized to it;
  • during the day, our employee who processes data may leave a room where data processing takes place only after having locked away the data medium they are in charge of or having locked the office;
  • on finishing the work, our employee who processes data shall lock away the paper-based data medium.

For the security of personal data stored in a computer or on a network, the provider shall – in accordance with the applicable information technology regulation – apply the following measures and warranty elements:

  • the computers used during data processing shall be used exclusively by the person authorized to it;
  • the processed data shall be accessible with valid, personal, identifiable authorization at all times;
  • each computer record with the data shall be logged in a traceable manner;
  • if any legal basis for processing data terminates, the data shall be permanently erased in a manner that the data may not be resumed;
  • in the network processing personal data we shall continuously maintain antivirus protection;
  • applying the available information technology means we shall take all steps to prevent the network access of unauthorized persons;

The Provider has not adhered to any approved code of conduct or approved GDPR certification mechanism.

The physical place of storing the data is the site of the Provider.

For the physical storage of the data the Provider uses the services of the following host service provider:

Name of the data processor: Evista Kft.
Registered office of the data processor: Attila utca 11. I/1., H-6722 Szeged
Tax number of the data processor: 13063746-2-06
Contact details of the data processor: info@e-vista.hu

 

III. Data processing

1. Information about data processing

During the sporting events organized by the Provider, the Provider collects the data specified in the tables in chapter 2. The Provider complies with its obligation relating to the collected data in this notice.

2. The legal basis, purpose, duration of data processing, data transfer

2.1. Online registration and entry in an event

One may enter our events on the premises or after prior registration online. On online entry, prior registration is a prerequisite of entry, since only by registration can we ensure the necessary security measures related to participation in the event, the appropriate refreshments, packages, time measurements, if any, and the display of results associated with the events. We ask you to register at our site exclusively if you wish to enter in a particular event. Registration helps the process of entering further events as well.

As long as a registered person does not enter one of our events, the legal basis for the data given by them is their freely given consent, and their data shall be preserved in our system until the withdrawal of their consent. We collect only such data that are necessary for participating in each event, thus facilitating further entries. We might also need access to the data collected on registration to provide possible discounts later on (for example: discounts for people having already entered a number of events).

2.1.1. Data given on online registration and entry

Category of data

Purpose of data processing

Legal basis for data protection

Duration

Data transfer

Surname, First name

Keeping contact and identification

Freely given consent, data indispensable for the performance of contract following online registration (based on the mandate of the Hungarian Sports Act § 72/B.)

Until the erasion of the Profile surface (until the withdrawal of consent)

Host service provider, e-mail service provider

Place and date of birth

Identification of persons with identical names, ensuring terms of participation

Address

Identification of persons with identical names

Shirt-size[1][2]

Ensuring a T-shirt in the appropriate size in the event package

Freely given consent

Until the withdrawal of consent

E-mail address

Necessary to complete registration (e. g.  confirmation e-mail)

Freely given consent

Until the erasion of the Profile surface (until the withdrawal of consent)

Gender

Assigning to the appropriate category of the events (man, woman)

Freely given consent, data indispensable for the performance of contract following online registration

Telephone number[3]

Communicating urgent information related to the event

Freely given consent, data indispensable for the performance of contract

Until the withdrawal of consent

Emergency contact name[4]

Contacting a relative in case of an accident or other health issues

Freely given consent, data indispensable for the performance of contract following online registration

Until the withdrawal of consent

Emergency contact telephone number[5]

Language of communication

Providing appropriate communication

Until the erasion of the Profile surface (until the withdrawal of consent)

 

2.1.2. Data given on entry on the premises

Category of data

Purpose of data processing

Legal basis for data protection

Duration

Surname, First name

Keeping contact and identification

Data indispensable for the performance of contract

3 working days following the event (Hungarian Sport Act. Par. 72/B. (2))

Date of birth

Identification of persons with identical names, ensuring terms of participation

Shirt-size[6]

Ensuring a T-shirt in the appropriate size in the event package

Freely given consent

Gender

Assigning to the appropriate category of the events (man, woman)

Data indispensable for the performance of contract

Telephone number[7]

Communicating urgent information related to the event

Freely given consent

Name of emergency contact

Contacting a relative in case of an accident or other health issues

Data indispensable for the performance of contract

Telephone number of emergency contact

Language of communication

Providing appropriate communication

 

 

If a parent wishes to enter his or her underage child below the age of 18 in an event, we request the following data of the legal representative for the purposes of the authenticity of the declaration with a legal effect, the identification of the subject making the declaration: name, place and date of birth, address, name of the child.

 

2.1.3. Further data given during entry

Category of data

Purpose of data controlling

Legal basis for data protection

Duration

Category of data

Bill-to name

Mandatory for issuing an invoice issue

Performing the legal obligations in Act on VAT

8 years after the last day of the year that the invoice was issued

Accountant, host service provider, e-mail service provider, billing software

Bill-to address

Mandatory for issuing an invoice issue

Cégnév

Not mandatory data, it it necessary to perform billing, if the invoice is required to be issued for the name of a company

Tax number/ VAT number

Paid entry fee

Mandatory for issuing an invoice

Fact of participating in a particular event, date and place of participation

 

2.2. Team entry

The Provider facilitates participants to enter an event as teams of 10 or 20 as it is customary at sporting events. We hereby call the attention of everybody who registers, that if they wish to enter their friends, acquaintances, relatives in a team, during the entry they may give the personal data of exclusively those persons who have mandated the team captain, that is the person performing the entry, to transfer this data. The freely given consent of the subject is necessary in all cases for the transfer of the given data to Provider during team entry.

2.3. Participation in an event, image and video recordings

At the sporting events organized by the Provider the organizer of the events, as Data Processor makes video and image recordings. The video and/or image recordings are not only crowd scenes, but direct, individualized images are taken of persons participating in the events.

Since video and image recording is an indispensable part of an event, all persons who participate in an event organized by the Provider consent that video and/or image recordings will be taken of them.

However, the Provider wishes to take all necessary measures to ensure the subjects’ rights to data protection, in respect of which the Provider has carried out a Legitimate Interest Assessment to determine if the Provider can assure persons participating in the events that no video and/or image recordings are made of them at their individual request.

During the Legitimate Interest Assessment the provider considered the subjects’ right to image, the personal data nature of the photographs taken of them. The Legitimate Interest Assessment is an appendix of this notice. As a result of the test it has been concluded that the Provider cannot manage individual requests, thus if a person does not wish video and/or image recordings to be made of them, the only way they can achieve this if they do not attend the event.

The Provider shall share the photographs and video recordings on the Provider’s website and social media surface (e. g. Facebook)

The video and image recordings shall be made by the cameraman or photographer invited for the particular event on the basis of ad-hoc order.

Category of data

Purpose of data processing

Legal basis for data protection

Duration

Data transfer

Voice and/or image of the Subject and  other data that can be attributed to the Subject

The promotion of the services of the Provider, using for marketing purposes, it is the participants’ need to capture their sports performance

Subject’s consent, 2:48.§ (1) of the Civil Code

5 years after the date of the event or until the withdrawal of consent

Host service provider of the website, photographer and cameraman

 

The Provider is authorized to act in connection with the processing of the data of the Subject on the basis of point 3 of this notice on data processing and the notice on data processing prepared for the event, i. e. the Provider may be requested at any time to erase the image taken of the Subject from the Provider’s website or social media surface.

3. Rights of the Subject

3.1. Erasure

The Provider may request the erasure of the personal data without justification and delay – in person or in writing, by sending an electronic mail, where

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the subject has withdrawn his or her consent, which has been the basis for data processing and data processing has no other legal basis;
  • the subject objects to the processing of personal data concerning him or her and there are no overriding legitimate grounds for the processing;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the processor is subject;
  • the personal data have been collected in relation to the offer of information society services.

The Provider shall not erase data to the preserving of which the Provider is obliged to as prescribed by law. Considering that an accounting document is made out on every purchase in the webshop, the accounting document and the contract supporting its content shall be preserved even after the Participant or any of his or her data are erased, for the duration of the performance of the obligation specified in the Act on Accounting.

 

3.2. Information

The Participant has the right to request information about processing data relating to him or her, the method of data processing, blocking, erasing it and to ask for information of any measures relating to his or her processed data in person or in writing. The Subject may ask the Provider to allow an inspection of his or her data. In order to enforce these rights, on the Provider’s website there is a Profile surface for registered persons, which includes the data given by the Subject and a possibility to modify certain data.

3.3. Confirmation

The data subject shall have the right to obtain from the processor confirmation as to whether or not the personal data relating to him or her are being processed, and, where that is the case, access to the personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the processor rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;

3.4. Right of access by the data subject

The Provider shall give the Subject a copy of the contract specifying the personal data undergoing processing, send it by e-mail and the Subject may request a copy of it at any time in the future.

3.5. Right to rectification

The subject shall have the right to initiate a modification in his or her data processed by the Provider. This may be done at the Provider’s contact details, by phone, by postal letter, electronic mail and on the profile surface of the website www.crazy5k.hu

 

3.6. Right to restriction of processing

The Subject shall have the right to obtain from the processor restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the Subject, for a period enabling the Provider to verify the accuracy of the personal data;
  • the processing is unlawful and the Subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the Subject has objected to processing pending the verification whether the legitimate grounds of the data processor override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, be processed only with the Subject's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

A Subject who has obtained restriction of processing shall be informed by the Provider before the restriction of processing is lifted.

3.7. Right to object

The Participant shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her if data processing is necessary for the purposes of the legitimate interests pursued by the Provider or a third party, except where such interests are overridden by the Subject’s interests or fundamental rights and freedoms of the Subject, which require protection of personal data.

In such a case the Provider shall no longer process the personal data.

The processing of personal data given by the Subject to the Provider for purposes other than those for which the personal data were initially collected shall be allowed only where the processing is compatible with the initial purpose of processing.

The Subject has the right to initiate the modification, erasure of his or her data and the declaration of his or her objection in connection with data processing at any time by sending an electronic mail to the office e-mail address of the Provider. The Provider shall without undue delay but within one month the latest – or if this notice specifies a shorter period, within the period specified there - reply to the Subject’s letter, and shall – where it is compatible with his or her rights laid down by law - comply with his or her request.

The Provider informs the Subject that the processed data are not used for profiling or automated decision-making.

3.8. Right to data portability

The Subject shall have the right to receive the personal data relating to him or her in a commonly used, machine-readable format and have the right to transmit those data to another processor without hindrance from the Provider where processing is based on the consent of the Subject or on a contract and the processing is carried out by automated means. The Subject shall have the right to request the Provider to transmit his or her personal data directly to the other processor.  That right of the Subject shall not apply where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the processor, and this right shall not affect the rights and freedoms of others.

4. Data transfer

 The data processors store the transferred data for the duration necessary for the performance of the obligation laid down in the contract with the Provider. The Provider has assessed the risk of data transfer during making contract with the data processors. The Provider shall be directly responsible for the activity of the data processors in regard to the protection of data.

4.1. Accounting

For the accomplishment, performance of the duties laid down in the Act on Accounting the Provider transfers the data on the issued invoices to the following entity:

Name of data processor: Fürkész Építőipari és Szolgáltató Korlátolt Felelősségű Társaság
Address of data processor: H-4177 Földes, Újfalui utca 23.
Tax number of data processor: 10557280-2-09
Contact details of data processor: tatorjan.tibor'at'upcmail.hu

4.2. Hosting service provider

During the operation of the website the hosting service is provided by the following entity:

Name of data processor: Evista Kft.
Office address of data processor: HU-6722 Szeged, Attila utca. 11. I/1.
Tax number of data processor: 13063746-2-06
Contact details of data processor: info'at'e-vista.hu

4.3. E-mail service provider

Name of data processor: Mailchimp: The Rocket Science Group, LLC
Address of data processor: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA
Contact details of data processor: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA
Further information: https://mailchimp.com/help/about-the-general-data-protection-regulation/

https://eur-lex.europa.eu/legal-content/HU/TXT/HTML/?uri=CELEX:32016D1250&from=EN

 

4.4. Számlázz.hu

For issuing invoices the Provider uses the services of Számlázz.hu, the operator of which is:

Name of data processor: KBOSS.hu Kft.
Address of data processor: H-1031 Budapest, Záhony utca 7/C.
Tax number of data processor: 13421739-2-41
Contact details of data processor: info@szamlazz.hu

 

4.5. Participating in events abroad:

The Provider organizes events in several European Union countries, where participation is independent of citizenship. It may be necessary to transfer specific data of the participants in events organized in certain countries – due to obligations laid down by the governing law of the given country – to certain authorities or organizations. If data are transferred due to such local law prescription the Subject shall be specifically informed about it on entry.

 

5. Dealing with personal data breach

The Provider shall take all necessary measures for the protection of data, it might still happen that Provider falls victim of a personal data breach. As soon as the Provider becomes aware that a personal data breach has occurred related to the data processed by the Provider, the Provider shall notify the personal data breach to the competent supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the Provider is able to demonstrate, in accordance with the accountability principle, that the personal data breach is unlikely to result in a risk to the rights and freedoms of the Subject.

 Where such notification cannot be achieved within 72 hours, the reasons for the delay shall accompany the notification and information may be provided in phases without undue further delay.

 In the case of experiencing a personal data breach the Provider shall communicate the personal data breach to the Subject, without undue delay, where that personal data breach is likely to result in a high risk to the rights and freedoms of the natural person in order to allow him or her to take the necessary precautions. The communication shall describe the nature of the personal data breach as well as recommendations for the Subject to mitigate potential adverse effects.

After the recognition of the personal data breach we shall ascertain whether all appropriate technological protection and organizational measures have been implemented on the one hand to establish immediately whether a personal data breach has taken place and on the second to inform promptly the supervisory authority and the Subject. To achieve this, the representative designated by the Provider convenes the members, all persons processing the data, and an external IT expert within 24 hours after having become aware of the breach to find the reason for the emergence of the breach, to elaborate on action plans to be carried out and to take the necessary measures to prevent future breaches.

 

6. Restrictions 

On behalf of a Subject who is below the age of 18 years or is otherwise incapable, his or her legal representative may give consent.

7. Records of processing activities

The Provider shall maintain a record of data processing activities.

This record shall contain inter alia the following information:

  • name and contact details of the data processor;
  • purposes of data processing;
  • a description of the categories of Subjects and of the categories of personal data
  • the categories of addressees
  •  the categories of recipients to whom the personal data have been or will be disclosed;
  • where possible, the envisaged time limits for erasure of the different categories of data;

 

8. Means of exercising rights

8.1. Place, time, procedure of complaints, means of exercising rights

8.1.1. Place of complaints – in case of data protection complaints

The Subject may submit his or her objection to the Provider’s data processing activities at the following contact details: Postal address: Crazy Running Events Kft., H-1036 Budapest, Lajos utca 93-99 H. ép. 3/5  E-mail: info@crazy5k.com  

8.1.2. Procedure of complaint

In case of an oral complaint made on the telephone or other electronic communications services the Provider shall send a copy of the record no later than at the same time as the substantive answer. In all other cases the Provider shall proceed pursuant to the rules for a written complaint. Complaints recorded with the help of a telephone or other means of electronic communications shall be combined with unique identifiers, which make the retrieval of complaints easier. The Provider shall substantively ranwer the complaint received in writing within 30 days. Under this contract action means posting. On rejection of a complaint the Provider shall inform the Subject of the reason for rejection.

8.1.3. Means of exercising rights

In the case of a violation of rights, genuine or otherwise relating to processing his or her personal data a subject may appeal to the District Court of Debrecen or initiate an investigation at the Hungarian National Authority for Data Protection and Freedom of Information (Chair: dr. Attila Péterfalvi, Szilágyi Erzsébet fasor 22/C, H-1024 Budapest, ügyfélszolgálat@naih.hu, 036-13911400, www.naih.hu)

8.2. Legal dispute

If a dispute between the Provider and the Subject cannot be settled during negotiations, the following means are available for the Subject to exercise his or her rights: initiation of the proceeding of the Arbitration Board at the Arbitration Board competent at the residence of the Subject. Pursuant to Act CXXX of 2016 (CCP.) the District Court of Debrecen is competent for legal remedy (address: Arany János u. 25-31., H-4024 Debrecen).

 

Appendix 1: Legitimate Interest Assessment of Making Video and/or Image Recordings

 

Personal data concerned: The Subject’s (hereinafter the Participant or Subject) right to image

Subject: The natural person participating in the running events organized by the Provider

1./ Reason for performing a Legitimate Interest Assessment:

The Provider wishes to make video and/or image recordings in the running events organized by the Provider, which the Provider intends to share on the Provider’s  website and social media surface.

Pursuant to paragraph (1) of Article 6 of the GDPR regulation the Provider wishes to process the data which forms the basis of the Legitimate Interest Assessment pursuant to point f) of paragraph (1) of Article 6 of the GDPR regulation, which states that processing is necessary for the purposes of the legitimate interests pursued by the processor or by a third party.

However, all this must fulfill the condition that this legitimate interest of the data processor or a third party is proportionate to the restriction of the right to the protection of personal data.

Performing this Legitimate Interest Assessment is necessary to determine whether this condition has been fulfilled concerning the personal data forming the basis of this Legitimate Interest Assessment, i. e. the Provider has the right to  further process this personal data without the specific consent of the Subject.

During the Legitimate Interest Assessment the Provider shall:

  • identify the data processor’s legitimate interest in processing the personal data forming the basis of the Legitimate Interest Assessment;
  • determine the Subject’s legitimate interest concerning his or her personal data forming the basis of the Legitimate Interest Assessment, fundamental rights concerned as the counterpoint of the legitimate interests of the Provider,
  • perform the weighting of the legitimate interests of the Provider and the interests, fundamental rights of the Subject, on the basis of which shall determine whether the personal data may be processed.

2./ The legal interest of the Provider as a data processor:

The Provider organizes races, events. According to the habit of amateur races every organizer makes video and image recordings, the reason for which is

  1. to promote the Provider’s own service, reflect the atmosphere of the events organized by the Provider, and thus advertise the service and promote entries for future events. Considering that a large number of running events are organized, the people have a great choice of races, in order to remain in business it is indispensable for the Provider to reflect the atmosphere of the organized events in video and image recordings, to demonstrate the usage of the course in practice;
  2. it provides a significant value for the participants of the events that their completing the challenge has been captured, a photograph has been taken of it. Participants are regularly photographed at amateur running events, thus the Provider is also regularly asked for photographs taken at the events organized by the Provider.

 

3./ Material scope:

The participating persons’ images shown in the photographs.

Duration of data processing: Until the objection of the Subject.

The participants has the right to have individualized images taken of them exclusively with their consent. Pursuant to the Civil Code and the Commentary of it this consent is realized by the Provider’s informing  every participant that video and/or image recordings are made at the Provider’s events.

The Provider has examined if the Provider can ensure each participant the possibility to indicate before the event if he or she does not allow making image recordings. Meeting individual requests in such an event, however, is unfeasible, since hundreds, thousands participate in an event. The cameraman or photographer who attends the event cannot select and individually recognize he persons who requested that no photographs should be taken of them. The Provider has also examined if it is feasible to exclude certain participant from image recording by the use of an individual marking. It has been concluded that it is not feasible, as one might, for instance, reach a determining part of the course along with another person, thus the other person could not be photographed either, at the finish line, for example. The Subject might often be in a position, which makes the distinguishing mark hidden, and also, due to the nature of the events, changes of clothes often happen, which would make taking snapshots before and after the events impossible.

For an event a photographer takes several thousands of photos in order for the selection of the best images and to capture each moment of the event, and the ex-post election of those image by image would cost an exceedingly high input of money and time.

4./ Making video and/or image recordings, i. e.

the processing of the image of the Subject is indispensable for below reasons:

  1. For the Provider’s economic interest, to show the atmosphere of the events, to advertise the service of the Provider
  2. In order to meet the expectation of the Subjects participating in the events towards the Provider, based on the collective practice it is justified on behalf of the participants to expect the organizer of a running event to take photographs of them.

5./ Interests of the Subject, fundamental rights:

Pursuant to the Fundamental Law everybody has the right to protect their personal data. Article 5 of the GDPR Regulation precisely defines the principles relating to the processing of the personal data of the Subject, which includes data minimization, according to which data processing shall be adequate, relevant and limited to the necessary. Processing shall be limited to data which is necessary for the purposes for which the personal data are processed and adequate for the purposes. The personal data shall be processed for no longer and to not greater extent than is necessary for the purposes.

It is in the Subject’s, as a natural person’s interest enjoying the above-mentioned protection to

  • practise the right of informational self-determination and the right prescribed by the GDPR Regulation and
  • have his or her privacy and
  • his or her personality rights laid down in paragraph (9) of Act I of 2012

shall be respected and protected by the data processors. Having regard to this the Provider pays special attention to ensure that nobody is recorded in an image which can be offensive or disagreeable (i. e. during an injury or malaise). In order to achieve this, the Provider shall check with every cameramen and photographers and monitor throughout the event which moment should not be recorded.

6./ Comparing the interests of the Company and the Subject:

Every participant possesses adequate information that video and/or image recordings shall be made of him or her, thus it is their decision whether they want to participate in the event against this background.

However, the difficulties described above and the expectations towards the Provider make it essential to make video and/or image recordings during the events organized by the Provider.

7./ Securities:

The Provider and the cameraman or photographer shall lay down the principles of  image recording in an individual agreement.

8./ The result of the Legitimate Interest Assessment:

The Provider’s interests relating to the processing of the personal data forming the object of this Legitimate Interest Assessment override the Subject’s interests relating to the protection of his or her personal data.

As a result of the Legitimate Interest Assessment it has been concluded that the legal basis defined in point f) of Article 6 of the GDPR regulation exists regarding the personal data forming the object, namely the image of the Subject, that is the personal data forming the object may be processed by the Provider without further specific consent.

                              

 

 

[1] It is optional to provide during registration, although it is recommended in order that we can add an appropriate sized shirt to the event kit assembled for the participant. If one does not want to provide the shirt-size one shall acknowledge that an arbitrary-sized shirt of the organizers’choice shall be   placed in the event kit in the future.
[2] May be modified later on in the Profile menu
[3] Optional
[4] May be modified later on in the Profile menu
[5] Please, provide the telephone number of a person who has entitled you to provide his or her number, the recorded data may be modified later on in the Profile menu.
[6] Optional
[7] Optional