Terms and Conditions | KisdobronyDonations

Terms and Conditions, Privacy Policy

Information on data management for the donors, supporters and beneficiaries of the Magyar Református Szeretetszolgálat, visitors to its website and business and press relations.

The Magyar Református Szeretetszolgált Alapítvány (MRSZ), as a data controller, recognizes the content of this data management information as binding for itself, and undertakes to ensure that the data management related to its activities complies with the relevant European Union and domestic legislation. Our foundation is committed to protecting the personal data of its customers and respects its customers' right to self-determination of information. Furthermore, it treats personal data confidentially and takes all necessary security, technical and organizational measures to guarantee the protection of personal data.

With this document, the Magyar Református Szeretetszolgálat Alapítvány wishes to ensure, in accordance with the provisions of the EU's General Data Protection Regulation (EU Regulation 2016/679, hereinafter: GDPR), that natural persons who come into contact with our foundation are informed about the most important rules that form the basis of data management, as well as the rights of the concerned natural person.

During the development and application of this information, we have acted in the spirit of the principle of accountability contained in Article 5 (2) of the GDPR, taking into account the findings contained in the recommendation of the National Data Protection and Freedom of Information Authority on the data protection requirements of prior information, as well as Article 5 of the GDPR.

The data protection information is continuously available here, at www.jobbadni.hu/adatvedelem. At the same time, our foundation reserves the right to change the provisions of the data protection information at any time within the legal framework, subject to timely prior notification of the affected parties.

1. Data of the data controller

Data management is carried out by the Hungarian Reformed Charity Service as follows:

Name: Hungarian Reformed Charity Foundation

Headquarters: 1146 Budapest, Hungária krt. 200.

Registration number: 01-01-0010538

Tax number: 18196913-1-42

Phone number: +36 1 273-0449

E-mail address: mrsz@jobbadni.hu

2. Scope of managed data categories

2.1 Our foundation manages the following personal data of donors:

personal identification data (last name, first name),

contact details (address, telephone number, email address),

bank details (account managing bank, bank account number),

data related to the donation (identification number, amount, date).

2.2. Our foundation manages the following personal data of volunteers:

personal identification data (last name, first name),

contact details (phone number, email address),

if the volunteers' personal data is handled by our foundation in the context of casual employment, Act LXXV of 2010 on simplified employment. on the basis of Section 11 (1) of the Act (Efo Act), the volunteer's name, tax number, tax identification number and social security identification number,

during the application, the volunteer can optionally provide additional personal data: when he/she will arrive, what type of work he/she can do, in which part of the country he/she can undertake tasks as a volunteer, what kind of education he/she has, what is his/her current occupation, whether he/she has a driver's license, what foreign language he/she speaks, informal introduction conversation

2.3. Our foundation manages the following personal data of media employees:

personal identification data (last name, first name),

contact details (email address, telephone number).

2.4. Our foundation manages the following personal data of corporate partners and representatives of entrepreneurs

personal identification data (first name, last name),

contact details (phone number, email address).

2.5 Our foundation manages and may manage the following personal data of the beneficiaries:

personal identification data (name, place of birth, date of birth, mother's name),

contact details (e.g. home address, telephone number, email address),

official data (e.g. TAJ number, tax identification number),

financial data (bank account number, income data, donation data),

photo, video and audio recordings.

2.6 Our foundation manages and may manage the following personal data of beneficiaries:

personal identification data (name, place of birth, date of birth, mother's name),

contact details (e.g. home address, telephone number, email address),

official data (e.g. TAJ number, tax identification number),

financial data (bank account number, income data, donation data),

photo, video and audio recordings,

health data,

data on criminal record.

2.7. Our foundation manages and may manage the following personal data of website users:

technical data (username; password)

contact details (email address, residential address),

personal identification data (last name; first name; date of birth;).

3. Time and method of obtaining the data

3.1. Donors:

When the donation is made by the donor or when the support contract is concluded, personal data of the donors are recorded in the internal system of our foundation.

3.2. Volunteers:

When submitting the online application as a volunteer or when starting casual employment, volunteers' personal data is recorded in our foundation's internal system.

3.3. Media colleagues:

When applying as a journalist, personal data of media employees are recorded in the internal system of our foundation.

3.4. Representatives of corporate partners and entrepreneurs:

At the beginning of a business relationship (when contacting), representatives' personal data are recorded in our foundation's internal system.

3.5. Donees:

When reporting the donees’ request for support or during the fulfillment of the donation granted to the donees, when reporting the request for support, the beneficiary must provide the data on the basis of which the assessment of the request for support and the provision of the support can be completed, as well as the data that our foundation is required to handle by law; in the absence of this data, the MRSZ would not be able to accept or provide support.

3.6. Beneficiaries:

When reporting the beneficiary's claim for benefits or during the fulfillment of social or child protection benefits provided to the beneficiary, the beneficiary is obliged to provide the data on the basis of which the assessment of the demand for care and the provision of the care can be carried out, as well as the data that our foundation is required to handle by law; in the absence of this data, the MRSZ would not be able to provide social or child protection care, beneficiary has the right to the protection of his personal data, as well as the protection of confidentiality related to his private life. During the application procedure, special attention must be paid to ensuring that only authorized persons have access to the data of the person requesting care. The head of the institution is also obliged to ensure that, during the institutional placement, information related to the patient's health, personal circumstances, and income conditions cannot be obtained by other care recipients or unauthorized persons, with particular attention to the social need of the care recipient.

3.7. Website users:

when entering personal data (subscribing to a newsletter, registering, applying).

3.8. Making pictures and sound recordings

In order to enforce the legitimate interests of our foundation, you can make video and audio recordings for the purpose of documenting your public benefit activities and making them known to the public. In view of the fact that - if this is possible - natural persons visiting the location of the video and audio recordings are informed in advance in writing, or verbally or in the form of short information posted on the site, about the video and audio recordings, and we try to make the video and audio recordings in such a way, so that a natural person cannot be directly identified on the basis of them, the data subject's right to self-determination of information and the protection of their privacy are not unreasonably restricted. The data subject has the right to object to this data processing as described in point 9 of this information. We regulate the making of pictures and sound recordings as described in our communication policy.

3.9. Data management based on automated decision-making

In order to make a decision, our foundation does not use purely automated data management or specific measures for the purpose of profiling in accordance with Article 4, point 4 of the GDPR.

4. Legal basis for data management

4.1. Donors:

Data management is necessary to fulfill a contract, the subject of which is the donor and our foundation (GDPR Article 6 (1) point b).

The legitimate interest of our foundation is the successful conduct of support campaigns and the maintenance of the circle of donors (GDPR Article 6 (1) point (f)). The donor visits the Hungarian Reformed Charity Foundation to provide financial support to others. This is subject to you providing your personal data for this purpose; our foundation takes all the necessary measures to ensure that the protection of the personal data provided to us is fully ensured, and we continuously enable the exercise of the rights of the data subject. In view of the fact that the donor is aware of this and provides us with his personal data, his right to informational self-determination and his right to privacy - in view of the guarantees described above - we do not limit our data processing unreasonably. The data subject has the right to object to this data processing as described in point 9 of this information.

4.2. Volunteers:

Consent of the volunteer (GDPR Article 6(1)(a)). Consent can be withdrawn at any time. In the case of volunteers acting as casual employees, data management is based on legislation (with regard to point c) of Article 6 (1) of the GDPR, Efo tv. Section 11 (1)).

4.3. Media employees:

Consent of the media employee (GDPR Article 6 (1) point a)). Consent can be withdrawn at any time.

4.4. Representatives of corporate partners and entrepreneurs:

The legal basis for processing the above personal data of the contact person of the corporate partner/legal entity entrepreneur is the legitimate interest of our foundation and the corporate partner/legal entity entrepreneur (GDPR Article 6 (1) point f)). It is in the legitimate interest of both parties that business communication takes place effectively during the cooperation and that we are able to provide information to each other's designated representative about any material circumstances affecting the contract concluded between us. The right of informational self-determination of the contact person of the corporate partner/legal person cannot be established, because it is his job duty to facilitate communication between the parties and to provide his personal data for this purpose. The data subject has the right to object to this data processing as described in point 9 of this information.

4.5. Supported by:

Data management is necessary to protect the vital interests of the beneficiaries (GDPR Article 6 (1) point (d)).

According to Article 9 (1) of the GDPR, personal data referring to racial or ethnic origin, political opinion, religious or worldview beliefs or trade union membership, as well as genetic and biometric data aimed at the unique identification of natural persons, health data and sexual information of natural persons the processing of personal data concerning your life or sexual orientation (hereinafter: special categories of personal data) is prohibited. This rule does not apply if the data management is necessary for the provision of health or social care or treatment, or for the management of health or social systems and services (GDPR Article 9 (2) point h)).

4.6. Equipped with:

Data management is necessary to protect the vital interests of the beneficiaries (GDPR Article 6(1)(d)). In addition, our foundation has a legitimate interest in storing the personal data of the beneficiaries, since the III of 1993 on social administration and social care. Act 92/K. According to § (7) point a), in order to verify the personal and material conditions of the operation, the legality of the operation, the establishment of entitlement to social services, as well as the observance of the rules regarding the institutional legal relationship, the body that authorizes the operation of the institution may, to the extent necessary for this, know and handle the provided , the legal representative, the person obliged to maintain the beneficiary based on legislation, contract or court decision, the person paying the reimbursement fee, the one-time contribution and the person who undertakes to pay the entry contribution, as well as the personal data of the employee of the service provider or institution (GDPR Article 6 (1) paragraph f)). Our foundation wishes to comply with the legal requirements for its operation in this area as well. XXXI of 1997 in our institution under the scope of the law, the GYVT. § 134. (1) * State and non-state bodies exercising tasks and powers to ensure the protection of children (hereinafter: data management body) shall, in order to perform their duties regulated in this Act, comply with Articles 135-136. In the scope of data listed in §, you can manage personal data that is absolutely necessary for the fulfillment of the purposes defined there.

4.7. Website users:

Consent of website users (GDPR Article 6 (1) point a)). Consent can be withdrawn at any time.

5. Purposes of data management

5.1. Donors:

Receiving donations from the donor, as well as fulfilling the legal obligations related to the legal relationship, as well as successfully conducting support campaigns and maintaining a circle of donors.

5.2. Volunteers:

Recording in a voluntary register, maintaining contact. In the case of volunteers employed in the framework of casual employment, fulfillment of the statutory notification obligation.

5.3. Press colleagues:

Keeping in touch, sending newsletters.

5.4. Representatives of corporate partners and entrepreneurs:

Maintaining contact and asserting the legitimate interests of our foundation and the company/enterprise.

5.5. Donees

Fulfillment of the donation for the donees, as well as enforcement of the rights and obligations arising from this donation relationship, as well as the fulfillment of legal obligations related to the legal relationship.

5.6. Beneficiaries:

Provision of social and child protection benefits to the recipient, as well as enforcement of the rights and obligations arising from this legal relationship, as well as the fulfillment of legal obligations related to the legal relationship.

5.7. Website users:

Recording user registrations, storing them and sending newsletters.

6. Data retention period

For the purposes of our foundation, you no longer need it (e.g. support/care will not be provided; for example, if the natural person submitting the support application does not meet the conditions of the support, we will no longer process the personal data provided during the support application after the decision has been communicated ). However, after the completion of the donation/end of care, our foundation will continue to store the personal data that it is obliged to preserve based on legal provisions. This usually stems from the registration and preservation obligations and limitation periods prescribed in the above-referenced laws. Based on this, the retention period of personal data can be up to 10 years. Our foundation also keeps personal data for as long as any claim can be asserted against it.

7. Place of data storage, security measures

Our foundation stores data in electronic form on the server and computers located at its headquarters, and paper-based data in archives located at its headquarters, locations and warehouses.

Our foundation chooses the IT systems used to manage personal data in such a way that they are accessible to those authorized to do so, their authenticity is ensured, the immutability of the handled personal data can be verified, and the systems are protected against unauthorized access, and the developer of the IT system verifies the system GDPR compliance.

Paper-based data is stored in lockers/rooms that can be locked.

Management of personal data European Parliament and Council Regulation 2016/679/EU of 17 April 2016 on the protection of natural persons with regard to the management of personal data and on the free flow of such data, as well as on the repeal of Regulation 95/46/EC ( general data protection decree), and CXII of 2011 on the right to information self-determination and freedom of information. based on the Act (Infotv.).

The legal basis for data processing is the execution of the employment contract concluded with the employee as a data subject, the fulfillment of the employer's legal obligations, the employer's legitimate interest in limiting the employee's work to work-related behavior, without violating the employee's human dignity and without resulting in the control of the employee's private life - check, or with regard to the health data provided by the employee as part of the verification of health fitness for work and entitlement to sick pay, the data management is necessary to fulfill the obligations of the data controller arising from the legal regulations governing employment and social security and social protection. By signing this contract, the employee acknowledges the above and gives his express consent to the processing of his personal data as indicated above.

8. The circle of those familiar with the data, data processing, data transmission

8.1 At our foundation, the personal data of the natural person concerned can only be accessed by those persons who, by virtue of their job, are responsible for facilitating the fulfillment of our foundation's contractual and legal obligations, as well as have undertaken an obligation of confidentiality and received appropriate information about the provisions of the GDPR.

8.2 In addition, in order to fulfill its contractual and legal obligations, our foundation uses third-party service providers (accounting firm, law firm, camera system operating company, CRM system operating company, website operating company) who are also subject to confidentiality obligations and are also obliged to fully comply with the provisions of the GDPR . Service providers currently used by our foundation:

Entrepreneur / company responsible for the operation of the Református Public Employment Database (reka.jobbadni.hu).

WizuálBér Payroll program Maxoft Kft.

Win ECO (Golden Kft.)

CIB

OTP Simple

Serpentarius Kft.

Kálmán Visontai e.v. (onkentes.jobbadni.hu)

8.3 In addition to the above, our foundation may forward the processed personal data to additional recipients if this is necessary to fulfill its contractual or statutory obligations.

These can be:

– organizations issuing tenders

– state bodies

– authorities, courts, prosecution

8.4 Our foundation is entitled to publish photographs, videos and audio recordings of the donees in the scope and manner specified in the donees’ express consent. As defined in our communication policy.

8.5 Our foundation does not transfer personal data outside the European Economic Area.

9. Rights of the person affected by data management

The person concerned may request free information about the details of the processing of his personal data, and in cases defined by law, may request their correction, deletion, blocking or restriction of processing, and may object to the processing of such personal data. Requests for information and requests in this point can be addressed to the following contact details of our relevant foundation:

Postal address: 1146 Budapest, Hungária krt. 200.

Phone number: +36 1 273-0449

Email address: mrsz@jobbadni.hu

Right of access and information (GDPR Article 15)

In addition to what is contained in this information, the person concerned has the right to request information about what kind of data our foundation manages.

Right to rectification (Article 16 GDPR)

The data subject may request that our foundation correct inaccurate personal data without delay.

Right to erasure and oblivion (GDPR Article 17)

The data subject may request the deletion of his/her personal data if the personal data is no longer needed for the purpose for which it was processed, in the case of consent-based data management, he/she has withdrawn his/her consent, or if his/her personal data is being processed illegally by our foundation.

Right to restriction of data processing (Article 18 GDPR)

The data subject may request the restriction of data processing in the case of inaccurate data until it is corrected, or in the case of illegal data processing, if he does not wish to delete the data, or the purpose of the data processing has ceased, but our foundation needs the data for the purpose of asserting a claim, or until the submitted protest is evaluated.

Right to data portability (Article 20 GDPR)

The data subject has the right to receive the processed personal data in a segmented, widely used, machine-readable form, and to forward them to a third-party data controller.

Right to object (Article 21 GDPR)

The data subject has the right to object to his personal data at any time for reasons related to his own situation, Article 6 (1) of the GDPR. against processing based on point e) or f), including points 3.8, 4.1 of this information. and 4.4. data processing based on legitimate interest described in point In this case, our foundation may no longer process the personal data, unless it proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are related to the submission, enforcement or defense of legal claims. The person concerned can report his objection to the following email address of our foundation: mrsz@jobbadni.hu

Based on Section 16 (1) b) of Info tv, the data controller hereby informs the data subjects that the data controller's data protection officer can be contacted at: dr. Ferenc Sándor Kerekes, email: dpo@jobbadni.hu, phone: +36 30 4503551, mailing address: 1146 Budapest, Hungária krt. 200.

Responding to requests

We will examine the application as soon as possible, but no later than 30 days, or 15 days in the event of an objection, and we will make a decision on its merits, of which we will inform the applicant in writing. If we do not fulfill the data subject's request, we will state the factual and legal reasons for rejecting the request in our decision.

Legal enforcement

The protection of personal data is important to us, at the same time we respect the right of informational self-determination of those concerned, therefore we try to respond to all requests correctly and within the deadline. In view of this, we ask the Dear Stakeholders to please contact us in order to file a complaint in order to resolve the conflicts that have arisen in a peaceful way before resorting to any official and judicial enforcement.

If the inquiry does not lead to results, the person concerned can enforce his rights in court based on Act V of 2013 on the Civil Code (the lawsuit can also be initiated before the court competent for the place of residence or residence of our Client), and according to the provisions of Infotv., the National You can contact the Data Protection and Freedom of Information Authority (1125 Budapest, Szilágyi Erzsébet fasor 22/c.;

https://www.naih.hu/panaszuegyintezes-rendje.html, hereinafter: NAIH) and file a complaint.

10. Notification and action obligation

Notification of recipients

In all cases, we will notify the recipients to whom we have disclosed the personal data of the data subject of correction, deletion, or restriction of data processing, unless this proves to be impossible or requires a disproportionately large amount of effort. At the request of the data subject, we provide information about these recipients.

Information method and deadline

We will provide information on the measures taken as a result of requests related to point 9 in electronic form within a maximum of one month from the date of receipt of the request - if the person concerned does not request otherwise. If necessary, this deadline can be extended by another two months, given the complexity of the application and the number of applications. We will inform the data subject of the extension of the deadline, indicating the reasons, within one month of receiving the request.

Verbal information can also be provided at the request of the data subject, provided that he proves his identity in another way.

If we do not act on the request, we will inform the person concerned of the reasons for this within a maximum of one month from its receipt, as well as the fact that he can file a complaint with the NAIH and exercise his right to judicial redress (point 9).

Control

In exceptional cases, if we have well-founded doubts about the identity of the natural person submitting the application, we ask for the provision of additional information necessary to confirm identity. This measure is necessary in order to promote the confidentiality of data management, i.e. to prevent unauthorized access to personal data, as specified in Article 5 (1) point f) of the GDPR.

Information and action costs

The information provided for requests related to point 9, as well as the measures taken based on them, are provided free of charge.

If the data subject's request is clearly unfounded or - especially due to its repeated nature - excessive, - taking into account the administrative costs associated with providing the requested information or taking the requested action - we will charge a reasonable fee or refuse to take action based on the request.

11. Cookies

In order for our website to function properly, in some cases we place small data files on the user's computer device, similar to most modern websites.

What is a cookie?

A cookie is a small text file that the website places on the User's computer device (including mobile phones). Thanks to this, the website can "remember" the User's settings (e.g. language used, font size, display, etc.), so you do not have to set them again every time you visit our website.

What do we use cookies for?

We record data about visitors to our website (IP address, browser type, etc.), on which we prepare statistical reports as an operator, exclusively in statistical formats. The final results of these statements are not suitable for linking to individual identifiers. The statistical data are necessary for the development of the website and/or services. These cookies can be deleted or blocked, but in this case the website may not function properly.

Cookies are not used to identify the visitor personally. These cookies only serve the purposes described above.

How can cookies be handled?

Cookie files can be deleted (detailed information: www.AllAboutCookies.org), or their placement can be blocked with most modern browsers. However, in this case, when using our website, certain settings must be made again each time, and certain services will not necessarily work.

Detailed information on deleting and blocking cookies can be found on the www.AllAboutCookies.org (English) page and on the following links regarding the browser used by the User:

• Firefox

• Google Chrome

• Microsoft Internet Explorer 11

• Microsoft Internet Explorer 10

• Microsoft Internet Explorer 9

• Microsoft Internet Explorer 8

• Safari 9

• Safari 8

• Safari 6/7

• Opera

12. ADOMANY.JOBBADNI.HU – Customer information in case of one-time consent

Recurring bank card payment (hereinafter: "Recurring payment") is a function belonging to the bank card acceptance provided by SimplePay, which means that new payments can be initiated in the future with the bank card data provided by the Customer during the registration transaction without re-entering the bank card data.

To use Recurring Payment, by accepting this statement, you agree that subsequent payments initiated in this webshop (https://adomany.jobbadni.hu) after a successful registration transaction will be initiated by the Merchant without re-entering the bank card details and without your consent for each transaction.

Attention(!): bank card data is handled in accordance with the rules of the card company. Neither the Merchant nor SimplePay has access to bank card data. The Merchant is directly responsible for repeated payment transactions initiated by the Merchant incorrectly or illegally, and any claims against the Merchant's payment service provider (SimplePay) are excluded.

13. Data transfer statement – ADOMANY.JOBBADNI.HU

OTP SimplePay:

I accept that the following personal data stored by the Magyar Református Szeretetszolgálat (1146 Budapest, Hungária krt. 200.) in the user database of http://jobbadni.hu will be transferred to OTP Mobil Kft. (1093 Budapest, Közraktár u. 30 -32.), as a data controller. Scope of transmitted data: last name, first name, country, telephone number, email address.

The purpose of data transmission is: customer service assistance for users, confirmation of transactions and fraud monitoring for the protection of users.

The nature and purpose of the data processing activity carried out by the data processor can be found in the SimplePay Data Management Information Sheet, at the following link: http://simplepay.hu/vasarlo-aff

14. Other provisions

Data management for different purposes

If we want to use the provided data for a purpose other than the purpose of the original data collection, we will inform the data subjects about this and obtain their prior consent, or we will provide them with the opportunity to prohibit the use.

Data security

We guarantee to take care of the security of the data, we also take the technical measures that ensure that the recorded, stored and managed data are protected, and we do everything possible to prevent their destruction, unauthorized use and unauthorized change.

Registration obligation

We keep a record of data management activities performed under our responsibility (record of data management activities) in accordance with Article 30 of the GDPR.

Data protection incident

A data protection incident is a breach of security that results in the accidental or illegal destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data. In the event of a data protection incident, we are obliged to act in accordance with Articles 33 and 34 of the GDPR. We register data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy it.

Amendment

We are entitled to unilaterally modify this information at any time. The current version of the information is always available on our website.

Dated February 26, 2020

Hungarian Reformed Charity Foundation

Data controller

Contact information of the data protection officer of the MRSZ: dr. Ferenc Sándor Kerekes, email: dpo@jobbadni.hu, phone: +36 30 4503551, mailing address: 1146 Budapest, Hungária krt. 200.

Kapcsolat

Elérhetőségünk

Köszönjük!

Thank you

TÁMOGATÓNk: Magyarországi Református Szeretetszolgálat