Privacy Policy

1. Purpose of the Privacy Policy

The goal of our Privacy Policy is to provide all necessary information about processing your personal data in a concise, transparent, intelligible and easily accessible form, using clear and plain language, and assist the Data subjects in exercising their rights under Section 4.

The legal basis of our duty to communicate information is Article 12 of Regulation 2016/679 of the European Parliament and Council (hereinafter referred to as: GDPR) and the relevant Hungarian data protection regulations.

In the Privacy Policy, we may define you as “data subject”, or “contact person of our business partners” in the following.

2. Data of the controller

Name	Hungarian Archery Association
E-mail	info@efac2023.eu
Telephone number	+36 1 460 4861
Tax number	19013134-2-42

3. Data processing

Hungarian Archery Association (HAA) is the organizer of the EFAC 2023.

HAA have the right to use the material accumulated during the preparation and implementation of the competition as described below. By registering for the competition, the participant accepts that

during the competition and at the events, meetings and competition area organized in connection with it photos, videos, recordings, etc. may be taken of them
HAA can publish the material obtained in this way on the websites and social media channels used by the hosts, and possibly on monitors that are visible to the public during the event.
HAA can use the material in press releases and articles as well as in marketing for five years from the end of the competition
HAA can use a third party to produce the material, but they do not have the right to use the material
HAA have the right to use the information obtained during registration for statistics or making competition related forecasts. The information used here cannot be connected in an identifiable way to individual persons.
HAA publish a summary of the shooting results of the participants on their website.

Register	EFAC Competition register
Contact information	info@efac2023.eu
Regular sources of information	The information in the register is specific to the competition.
Purpose of the register	EFAC maintains and monitors the register when the competition is under EFAC’s responsibility. Participant information of such a competition is managed as required by Hungarian and EU laws and regulations. The information is kept for the necessary time for organizing the competition and communicating with the participant(s). EFAC can use information from the competition register for participant registration, bow inspection, results services, award ceremonies, organizing events related to the competition, informing about the competition and invoicing fees. EFAC publishes the results of the participants in the competition on the EFAC website. EFAC can use an application and data management produced by a third party to manage the competition register. The third party then acts as a subcontractor for EFAC. The subcontractor does not have the right to use the information collected with the application for the competition.
Data content of the register	The register contains the following information First name and last name Postal address, email address and phone number The name and abbreviation of the association belonging to the International Field Archery Association, as well as the country or continent where the association operates Name of local archery club Regarding the competition, division, date of birth, age group, gender, shooting class Participation fee and payment status Information required for issuing an invoice
Deleting data from the registry	The competitor-specific information of the EFAC’s competition register is deleted from the application used by the EFAC no later than six months after the competition. An exception to above is the competitor’s name, category, score and result, which is continuously public.

4. What are your rights?

4.1. Right to access

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information featured in point 3.

You have the right to access to the following information concerning the processing of your personal data:

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
the right to lodge a complaint with a supervisory authority;
the existence of automated decision-making, including profiling, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

4.2. Right to rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4.3. Right to erasure

You have the right to obtain from us the erasure of personal data concerning you without undue delay and we shall have the obligation to erase personal data without undue delay if it is mandatory according to Article 17 of GDPR. The erasure of your personal data is obligatory for us in the following instances:

the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
you withdraw consent on which the processing is based, and where there is no other legal ground for the processing;
you object to the processing and there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

4.4. Right to be forgotten

If we made the personal data public and are obliged to erase your personal data, we inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

4.5. Right to restriction of processing

You have the right to obtain from us restriction of processing if is obligatory according to Article 18 of GDPR. Such instances are the following:

the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead;
we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;

If you obtain restriction of processing in accordance with the above, we inform you before the restriction of processing is lifted.

4.6. Right to data portability

You have the right to receive the personal data concerning you, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us if is possible according to Article 20 of GDPR. Where technically feasible, you have the right to have the personal data transmitted directly from us to another controller.

4.7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you. In such case, we no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

4.8. Right to lodge complaint

You have the right to appeal to the Hungarian courts and to make a complaint to the Hungarian (https://naih.hu/) Supervisory Authority.

5. Measures and notification

5.1. Informing Data subjects

We communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 of GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We also inform you about those recipients on the request of yours.

5.2. Mode and deadline of notification

We provide information on action taken on a request under Articles 15 to 22 of GDPR to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We inform you of any such extension within one month of receipt of the request, together with the reasons for the delay. Where you make the request by electronic form means, we provided the information by electronic means where possible, unless you request it otherwise.

If we do not take action on your request, we inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy (see point 4.7.).

5.3. Monitoring

If we have reasonable doubts concerning the identity of the natural person making the request, we may request the provision of additional information necessary to confirm the identity of the data subject.

5.4. Costs of measures and notifications

We provide you information and take the necessary measures free of charge.

6. Possible recipients

6.1. During the operation of our website

Our website’s hosting provider (data processor) can have access to the personal data you provide while using the website. The data processor’s data are the following:

Name: DotRoll Kft.

Connection: https://dotroll.com/

6.2. During financial management

The following data processor, as our contracted service provider is responsible for the payment procedure.

Name: KBOSS.hu Kft
Connection: info@szamlazz.hu

Name: OTP Bank Zrt.

Connection: https://www.otpbank.hu/portal/hu/JogiEtikaiNyilatkozat

Name: adMinister Kft.

Connection: 1095 Budapest, Mester utca 85/B. 4. emelet 410. – tel: +36 30 317-3893

6.3. During guest management

The following data processor is responsible for the organization of the competition, those who belongs to the organization and has a confidentiality agreement.

Name: Hungarian Archery Association
Connection: misz.hu

7. Other provisions

7.1. Processing for different purpose

If we intend to further process the personal data for a purpose other than that for which the personal data were collected, we provide the you prior to that further processing with information on that other purpose and with any relevant further information.

7.2. Data protection

We secure your personal information from unauthorized access, use or disclosure. We secure the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When personal information (such as connection data) is transmitted to other Web sites, it is protected through the use of encryption.

7.3. Data breaches

Data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

7.4. Changes to our Privacy Policy

We will occasionally update this Privacy Policy to reflect feedback. We encourage you to periodically review this Policy to be informed of how we are protecting your information.

Effective: 1st of December, 2022

EFAC

Controller