The Eva Duda Dance Company (hereafter referred to as Data Controller) provides the following comprehensive information on the management and use of data collected and recorded through the evaduda.net website and other websites it manages. By accepting consent, you as the visitor permit the Data Controller to process the personal or anonymous data collected on the websites operated by the Data Controller in the following ways and for the purposes detailed below.

Personal data will only be processed to provide newsletter service.

1. Data Analysis

For anonymized statistical purposes, the Data Controller uses Google Analytics and Facebook Pixel services to measure the number of visitors to the website. It is not classified as personal data processing. It allows us to obtain information on how visitors use the visited websites and subsequently offer our content to viewers of the managed websites, based on individual or group criteria – all anonymously, without knowing precisely who they are. The purpose of anonymous statistics and analysis that do not constitute data processing:

• to improve the operation and functionality of the website by using analytical tools,
• quality assurance,
• Facebook-based measurement to improve the targeting of our advertising activities

1. General Disclosure

The provision of data is voluntary and visitors of the managed websites are free to decide whether or not to consent to the requested personal data for the provided newsletter service. The Data Controller processes the data only to provide the newsletter service, following the legislation in force at the time.

Basic data privacy concepts:

• Data subject: any natural person who is identified or can be identified, directly or indirectly, based on his or her data
• Personal data: any information related to the data subject; an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as name, number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
• Data controller: a person who, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by EU or Member State law, the data controller or the specific criteria for the designation of the data controller may also be determined by the EU or Member State law.
• Data processor: a person who processes personal data on behalf of the data controller

1. Data Controller’s personal information:

Name: Dadu-Art Művészeti Szolgáltató Nonprofit Közhasznú Korlátolt Felelősségű Társaság

Registered office: 1111 Budapest, Stoczek Street 13. GFL. 2.

Registration number: 01-02-0011264

Tax number: 14368392-2-43

Email address: agi@evaduda.net

Website: http://evaduda.net

2. Scope of the processed data

Personal data: name and email address of the natural person who has consented to receive the newsletter, data processing for direct marketing purposes, and optionally mobile phone number and postal code.

3. Purpose of data processing

The Data Controller, as an association operating in the field of culture, processes the personal data of registered newsletter subscribers to contact subscribers via personal contact details recorded with documented consent, to provide them with information on Data Controller’s programs, events, and the possibility to register to them in the newsletter.

4. Duration of data processing

The newsletter service is provided until the withdrawal of the authorization for data processing by the registrant, until the existence of the Data Controller. At the request of the data subject, the Data Controller shall delete data and unsubscribe the former subscriber from the newsletter.

5. Legal basis for data processing

For the newsletter service as direct marketing: the digitally documented consent of the data subject, which consent is, in any case, voluntary and informed, given by the data subject after having read the privacy policy

6. Data transmission

Data may only be transferred in cases that are mandatory by law.

7. Data processors

The Data Controller utilizes data processors in the course of data processing, for which the prior consent of the data subject is not required, it is only informative. The legal basis for data transmission is the performance of a service or a legal obligation. The purpose of the data processing is the fulfillment of a contract with a data processor taking into account data protection requirements. The Data Controller uses a data processor for the processing of the data described in this notice:

• The Rocket Science Group LLC d/b/a Mailchimp ( LLC 675 Ponce de Leon Ave NE Suite 5000. Atlanta, GA 30308 USA, Privacy Policy: https://mailchimp.com/legal/data-processing-addendum-preview/) as the mailing system.

8. Data security measurements, technical and organizational measurements for data protection

The Data Controller shall apply extensive technical and operational security measures to prevent unauthorized use and misuse of the processed personal data and shall provide the service and personal data with the highest possible security protection.

The Data Controller regularly monitors its security procedures and develops them in line with technological developments. Communication and data transmission between servers and services is conducted over secured channels and the Data Controller continuously updates the software on the operating IT equipment.

To ensure the security of your personal data, technical, administrative, and physical security measures are taken to ensure that only authorized persons have access to your personal data and use it for the purposes for which it was provided. To achieve this, we take the following measures:

• the Data Controller shall establish procedures to ensure that the data collected, stored, and processed is protected; it shall take the appropriate actions to protect the data against accidental or unlawful destruction, loss, alteration, damage, transmission, unauthorized disclosure, or access;
• IT systems are protected by firewalls and virus protection;
• electronic data processing and recording is carried out by computer programs that meet the requirements of data security; the program ensures that access to the data is restricted, is under controlled conditions, and for the specific purpose, of those persons who need it for the performance of their tasks;
• with the help of appropriate technical means ensures that the data stored in the records cannot be directly linked and attributed to the data subject.

9. Cookies

The managed websites use so-called ‘cookies’ for operation, development, and advertising, in which no personal data is stored, only anonymized internal identifiers and technical information. Such as the type of browser, links followed, the visitors’ activity on the websites, social media shares, etc.

The basic services of the websites can be fully used even if cookies are disabled in the browser. For information on how to delete cookies from your mobile phone, please refer to the description of your device.

10. Data subjects’ rights regarding the processing of their data

The data subject, namely you, has the right to request access to personal data concerning him or her, for their rectification, erasure, or restriction and to object to the processing of such personal data, as well as the right to data portability.

Right to transparent information: At your request, the Data Controller shall provide you with detailed information about the data processed, the purposes and duration of the processing, as well as who is receiving your data and for what purposes. The information shall be sent by the Data Controller in a written, easily understandable, electronic form to the e-mail address provided by the data subject, as soon as possible after the request has been made, but not later than 30 days after the request has been made.

Right of access: You have the right to receive feedback from the Data Controller on whether your data are being processed and, if so, you have the right to access your data processed by the Data Controller. Upon request, a copy of the personal data that are subject to processing should be provided to you. This will enable you to check if your data is processed following data protection legislation.

Right of rectification: You have the right to request the rectification or integration of inaccurate or incomplete personal data.

Right to erasure/ right to be forgotten: The right to erasure, also known as the ‘right to be forgotten’, ensures that you may request the erasure of your data when the processing is no longer strictly necessary for the purposes for which it was processed or collected by the Data Controller or in other cases. However, this does not imply an obligation to erasure. The Data Controller may refuse erasure in case, for example, the processing of the data is required by law or in case there is another legal ground for processing the data or a legitimate aim for processing the data.

Right to restriction of data processing: You have the right to restrict further processing of your data in certain situations. In case of restricted data processing, we may restrict the processing of your data.

Right to object: You have the right to object to certain data processing. The Data Controller shall examine the objection, with a simultaneous suspension of processing, within the shortest possible time from receiving the request, but not later than 15 days, and shall inform the subject of the outcome in a written electronic form. If the Data Controller considers the data subject’s objection to be justified, it shall terminate the processing and block the data and notify the objection and the action taken based on the objection to all those to whom the data subject has previously disclosed the data subject of the objection and who are obliged to take action to enforce the right to object.

Right to data portability: You have the right to request a copy of certain personal data processed by the Data Controller and to have it transferred to another data controller.

Withdrawal of consent, unsubscription: You can unsubscribe from the newsletter at any time by using the ‘unsubscribe’ function or by making a written electronic declaration using the link at the end of the newsletter or by making the declaration via e-mail, which leads to the withdrawal of your consent. In this case, all of the unsubscriber’s data will be deleted immediately.

11. Judicial remedy

1. The data subject may lay a complaint with the Data Controller at any time regarding the processing of his or her person at the following contact detail: agi@evaduda.net
2. In case the data subject does not agree with the Data Controller’s decision on the objection, or if the Controller does not make a statement within the time limit, the data subject may take the matter to court within 30 days of the notification or the last day of the time limit. The court shall deal with the case as a matter of priority. The data subject may bring the lawsuit to the court of his or her domicile or residence.
3. The data subject may lay a complaint with the supervisory authority (National Authority for Data Protection and Freedom of Information; 1055 Budapest, Falk Miksa Street 9-11. (mailing address 1363 Budapest, post office box 9).; ugyfelszolgalat@naih.hu; +36 1 391 1400) and may initiate an investigation by filing a complaint alleging that there has been or is an imminent threat of the violation of rights concerning the processing of his or her data.

The Data Controller shall provide information on its website about any changes to its data processing activities and reserves the right and undertakes to amend this Privacy Policy and Notice at any time without prior notice under the applicable legal provisions and practices. Any modification shall apply only to personal data processed after the publication of the modified version.