PRIVACY POLICY

on the processing of personal data on the website www.nsmi.hu (cookies, registration)

1. Name and contact details of the controller

2. The Data Protection Officer

The Data Protection Officer is the contact person for data subjects (natural persons) who contact the Data Protection Officer in relation to the processing of their personal data by NSMI as Data Controller and the exercise of their rights in this regard. Data subjects may contact the DPO in all matters relating to the processing of their personal data and the exercise of their rights under the General Data Protection Regulation.

The Data Protection Officer can be contacted at: dpo@nsmi.hu      

3. Key legislation on data processing

Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation or GDPR) – on the protection of natural persons regarding the processing of personal data and on the free movement of such data

Act CXII of 2007 on the Right to Informational Self-Determination and Freedom of Information;

Act I of 2004 on Sport

Government Decree 428/2024 (23.XII.) on the Sports Institute of Hungary. and amending certain related government decrees on sports

4. Personal data processing in connection with the cookie(s) used on the website

During the operation of the website, we use short text or numeric codes (cookies). Cookies are generated by the web server through your browser and stored in a separate directory on your computer. The purpose of using cookies is to ensure the proper functioning of the website.

The cookies that run on the website are not suitable for direct identification by the Data Controller, as they do not identify the user (i.e. the person visiting the website), but the browser program and device used and the activities carried out with that device, while the collection of data through cookies constitutes a personal data processing activity in accordance with the relevant EU data protection provisions.

4.1. Setting your web browser to use cookies

Accepting and enabling the use of cookies is not mandatory. You can reset your browser settings to reject all cookies or to indicate when a cookie is being sent, but some features or services may not function properly without cookies.

Most browsers automatically accept cookies by default, but these can usually be changed to prevent automatic acceptance and will offer you the choice each time. The setting options are usually found in the “Options” or “Preferences” menu of the browser, and it is recommended to use the “Help” menu of the browser to find the settings that best suit the Data Subject. For instructions on how to manage cookies for each browser, please click on the links below:

– Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu

– Mozilla Firefox: https://support.mozilla.org/hu/kb/sutik-informacio-amelyetweboldalak-tarolnak-szami

– Microsoft Edge: https://support.microsoft.com/huhu/help/4468242/microsoft-edge-browsing-data-and-privacy

– Opera: https://help.opera.com/en/latest/web-preferences/#cookies

– Safari: https://support.apple.com/hu-hu/guide/safari/sfri11471/mac

4.2. Cookies used on the website

4.3. Legal basis for processing

In the case of strictly necessary cookies used on the Site, the processing is necessary for the performance of a task carried out in the public interest by the Data Controller (Article 6(1)(e) GDPR).

In the case of the above legal basis for processing, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data on this legal basis. You can exercise your right to object in this case by disabling the use of cookies in the browser program you are using as set out in point 4.1 (this also means that your processing will be terminated).

For cookies that are not strictly necessary on the site, the legal basis for processing is the consent of the data subject (Article 6(1)(a) GDPR), which he or she gives by selecting the appropriate option in the active area on the home page when the website is first opened. The data subject may also exercise the right to withdraw his or her consent in this case by disabling the use of cookies as set out in point 4.1.

5. Data processing through the “Contact us” section of the website

By duly filling in the data request panels in the “Contact” menu and making them available to the Data Controller, the data subject may contact the Data Controller, send questions, messages, suggestions and provide the Data Controller with the opportunity to respond to them.

5.1. Categories of personal data processed, purpose, legal basis and duration of processing

5.2. Source of the personal data processed

The Data Controller processes data collected from the data subject.

5.3. Possible consequences of not providing (processing) the data

In case of non-supply/ non-processing of data, the Data Controller cannot contact the data subject, cannot provide him/her with adequate answers or information.

6. Processing of data in connection with registration for the use of the professional sub-sites for grant management

The purpose of the processing of personal data on the registration platform in the context of grant management is to record the personal data necessary for the Data Controller to perform its public interest tasks pursuant to Government Decree 474/2016 (XII. 27.) (hereinafter Government Decree) and Government Decree 428/2024 (XII. 23.). The Government Decree, which lays down the rules on the use and distribution of State subsidies for sport, specifies the procedural rules and data to be provided by applicants when applying for State subsidies for sport, using the subsidies granted and reporting on the professional activities related to the subsidies. The registration platform is designed to facilitate the application for state aid for international sport and sport diplomacy events organised in the home country and the accounting of the use of the aid, e.g. by providing appropriate templates and samples of documents.

6.1. Categories of personal data processed, purpose, legal basis and duration of processing

6.2. Source of the personal data processed

The Data Controller processes data collected from the data subject.

6.3 Possible consequences of not providing (processing) the data

In the event of non-disclosure/ non-processing of data, the data subject will not be able to use the assistance provided by the Data Controller in relation to the application for public funding related to international sport and sport diplomacy events organised in his/her country and the accounting of the use of the funding, as he/she will not be able to access the templates of documents available on the website of the Data Controller, unless he/she is registered.

7. Right of the data subject to object

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data based on Article 6(1)(e). In this case, the controller may no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. The data subject may exercise his or her right to object most easily by sending a statement to the contact details of the controller indicated in point 1. Even in the event of the data subject’s objection, the Controller shall continue to process his or her personal data where this is required by law.

8. Recipients, transmission of data

Server operator:

NETCLASS Ltd.

Company registration number: 03-09-121367

info@netclass.eu

Administration:

Digicorp Ltd.

H-2081 Piliscsaba Ferenc-forrás útja 4.

Company registration number: 13-09-16170

support@digicorp.hu

8.1.Data transfers to third (non-EEA) countries

There will be no transfers to third countries.

9. Protection of personal data processed

The Data Controller takes great care to ensure that your data are adequately protected physically and by information technology when developing the technical and procedural rules for data processing operations. The measures taken are primarily aimed at preventing and preventing unauthorised access to, alteration, unauthorised disclosure, transmission, disclosure, erasure or corruption of the data processed. The Data Controller shall choose the means and measures used for data processing accordingly. The Data Controller shall also ensure that only authorised persons have access to the processed data and that the authenticity and integrity of the processed data are guaranteed.

10. Rights of the data subject in relation to data processing

In relation to the processing of your personal data by the Data Controller, you have the right to:

• to receive adequate and transparent information, including feedback from the Data Controller on whether the processing of your personal data is ongoing;
• to be informed of the scope of the personal data processed; to receive a copy of the personal data processed;
• to obtain rectification of inaccurate personal data;
• request the erasure of personal data processed where the processing is based solely on the data subject’s consent or where the data are no longer necessary for the purposes for which they were collected or where the processing is unlawful;
• exercise the right to portability of personal data, that is, the right to receive personal data in a commonly used machine-readable form, to transmit them to another controller or to request such a transfer, provided that the processing is automated and based on a contract or on consent and that the exercise of that right does not undermine the legitimate interests or freedoms of others;
• to request restriction of the processing of your personal data (for example, where the accuracy of the data processed is contested or where the unlawfulness of the processing has been established pending clarification of these circumstances);
• object to the processing of your personal data (for example, where the legal basis for the processing is the legitimate interests of the controller or of a third party) or withdraw your consent at any time,
• in the event of processing that is considered to be unlawful, to a supervisory authority or to a court.

The content of each right

(a) right of access to personal data: the data subject has the right to obtain from the Controller feedback as to whether his or her personal data are being processed and, if so, the right to access the following information:

the categories of personal data processed,

the purposes for which the data are processed,

the recipients to whom your personal data have been or will be disclosed,

the intended duration of the storage of the data or the criteria for determining that duration,

the source of the data, if the data have not been collected from the data subject,

the right of recourse (complaint) to a supervisory authority,

if automated decision-making or profiling is used in the processing, the fact, logic and likely consequences for the data subject;

to obtain a copy of the personal data processed.

(b) right to rectification of personal data: the data subject shall have the right to obtain from the Controller, upon his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her, or the completion of incomplete personal data, including by means of a supplementary declaration.

(c) right to erasure of personal data: the data subject shall have the right to obtain from the controller, upon his or her request, the erasure of personal data relating to him or her without undue delay and the controller shall be obliged to obtain from the data subject, without undue delay, the erasure of personal data relating to him or her where:

• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; or
• the data subject withdraws his or her consent and there is no other legal basis for the processing; or
• the data subject objects to the processing and there are no overriding legitimate grounds for the processing; or
• the personal data have been unlawfully processed; or
• the personal data must be erased in order to comply with a legal obligation applicable to the controller; or
• the personal data have been collected in connection with the provision of information society services (e.g. in the context of on-line marketing, online competitions).

There may be important reasons and interests that may allow the processing of the data subject’s data even if he or she has requested their deletion (e.g. exercising the right to freedom of expression and information, or if it is necessary for the establishment, exercise or defence of legal claims, or if the processing is required by law).

(d) right to restriction of processing: the data subject shall have the right to obtain, at his or her request, restriction of processing by the controller where:

• the data subject contests the accuracy of the personal data (in which case the restriction shall last until the Controller verifies the accuracy of the personal data); or
• the processing is unlawful and the data subject requests the restriction of the use of the data instead of their erasure; or
• the Controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or
• the data subject has objected to the processing (in which case the restriction shall continue until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the data subject).

During the restriction period, except in cases of overriding public interest or the protection of individuals’ rights, no data processing operations other than data storage may be carried out on the restricted data.

1. e) The right to data portability:
   The data subject has the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used, and machine-readable format. Furthermore, they have the right to transmit those data to another data controller. This right applies if the processing is based on the data subject’s consent or a contract and is carried out by automated means. The exercise of this right must not adversely affect the rights and freedoms of others.

1. f) The right to object:
   If data processing is based on the legitimate interest of the data controller or is necessary for performing a task carried out in the public interest by the data controller, the data subject has the right to object to the processing of their personal data at any time, based on reasons related to their particular situation. In such cases, the data controller may no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

Remedies

If you believe that the processing of your personal data by the Data Controller has resulted in a violation of your rights and your related inquiries or comments were not answered, were answered inadequately, or were not addressed in a timely manner, you have the right to file a complaint with the competent supervisory authority.

Supervisory Authority:
Name: National Authority for Data Protection and Freedom of Information
Address: 1055 Budapest, Falk Miksa utca 9-11
Email: ugyfelszolgalat@naih.hu
Phone: +36 (1) 391 1400

You also have the right to turn to the competent court based on your place of residence or habitual residence if you believe that the Data Controller is processing your personal data in violation of applicable laws or binding legal acts of the European Union.

We recommend that before contacting the supervisory authority or the courts, you first reach out to the Data Controller, as the necessary information regarding your concerns and requests requiring redress is available from them.

The Data Controller is committed to ensuring lawful, transparent, and fair data processing. Therefore, in cases of perceived violations, we take immediate action to clarify the issue, remedy any established violations, and inform you of our findings and the measures taken. Additionally, if you submit a request related to data processing, we will provide a response within a maximum of one month from the date of your inquiry.

Budapest, February 3, 2025