PRIVACY POLICY of the 13th International Olympiad on Astronomy and Astrophysics

The role of this Privacy Policy is to consider your attention to the data management process of the 13th International Olympiad on Astronomy and Astrophysics – hereafter: event.

Data management parties:

By the contribution of professional and technical organizers we perform common data management during the event. Your data may be managed by the following controllers.

Controllers assigned Hungarian Astronomical Non-profit Ltd. as main contact organisation. Please inquire from the controllers in any case of data management questions at the following contacts:

DIAMOND CONGRESS Ltd.
Headquarters: H-1012 Budapest, Vérmező út 8., Hungary
Office: H-1015 Budapest, Csalogány utca 28., Hungary
Contact person: Attila Varga, executive
Contact: diamond@diamond-congress.hu, phone:+3612250210, www.diamond-congress.hu.

Hungarian Astronomical Non-profit Ltd. hereafter: HAN Ltd
contact person: Dr. Áron Keve Kiss, executive
Post address: H-1121 Budapest, Konkoly Thege Miklós út 15-17., Hungary
Headquarters: H-9400 Sopron, Csatkai Endre u. 6-8., Hungary
E-mail: magyarcsillagaszat@gmail.com
Phone: +36 30 358 5120

University of Szeged, Bajai Observatory
contact person: dr. Tibor Hegedűs, director
Post address: H-6500 Baja, Szegedi út III/70., Hungary
Phone.: +36 79 424 027
E-mail: hege@electra.bajaobs.hu
Website: http://www.bajaobs.hu

We inform, that subcontractors participate in the implementation of the event. Following subcontractors may manage your data, as processors:

Vízió Budapest Communication Kft.
Address: H-1027 Budapest, Bem József u. 6. fszt., Hungary
Processed data: data of registration forms, photos, videos, contest results.

Borsai Eszter self-employed
Address: H-1037 Budapest, Aranyvölgy u. 18., Hungary
Processed data: contest results, data of guides and contest inspectors.

We inform, that we make data management contracts with our sub-contractors, in which we oblige them to follow this Privacy Policy. We control their data processing as well.

Main attended legal instructions:

We inform that controllers manage your data according to the following legal provisions:

regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and
the directions of the Hungarian 2011. year CXII. law on right to informational self-determination and freedom of information.

Own Privacy Policy of controllers:

Privacy Policy of Diamond Congress Ltd.:
Hungarian: http://www.diamond-congress.hu/hu/adatvedelmi-nyilatkozat/
English: http://www.diamond-congress.hu/privacy-policy/
Privacy Policy of Hungarian Astronomical Non-profit Ltd. is available on the www.ioaa2019.hu
website, at Privacy Policy subpage.
Privacy Policy of University of Szeged is available: http://www.u-szeged.hu/szabalyzatok

Data management during the event:

4.1. Our data management activity:

We perform the following data management activities:

You record your data in our system. To provide the services of the event we get the data, systematize, store, get insight to them and use them. Data transfer, restriction, and destruction will be performed as detailed bellow. Your personal data are available between the opening and closing times of the registration period, thus you can change them.

4.2. Types of managed data, purpose and claim of management:

The purposeof data management is to provide professional, technical and administrative services during the event, so you can participate in the event and resort the services. In the case of the organising staff purpose of data management is the performance of fluent organisation and logistics.

The claimof data management is the contract between you and the organisers for the participation and related services in the event (See: General terms and conditions).

The claim of food and allergy data is to protect your health. Claim of data management is your free-will contribution to the data management by giving these data to us.

The purpose of publishing contest results is the documentation of the contest, regarding its implementation and clearness. This claim is the legitimate interest of the controller to the contest goal.

Managed personal data:

Adults (leader, observer):

Name
Citizenship
Mother’s name
Place of birth, date
Email address
Institute
Passport number (if not Hungarian)
Your food and allergy information, given by free-will

Students:

Name
Citizenship
Mother’s name
Place of birth, date
Institute
Passport number (if not Hungarian)
Contest results
Your food and allergy information, given by free-will
Swimming competence (swims safely/not)
Sex (because of rooming)

Organising staff:

Name
Birth name
Mother’s name
Tax number
Citizenship
Sex:
Social insurance number (TAJ)
Place of birth, date
Permanent address
Post address
Pension disbursement
Type of pension
Start of pension entitlement
Having full time job? Full time of part time?
Email address
Phone number

Data management with subcontractors:

Company name
Contact person
Headquarters
VAT number
Bank account
Phone
Email address

Managing contest data:

competitor
country and country code
partial and total scores of rounds and total competition, percentage results
total scores of countries and teams

Visa support:

Name
Place of Birth, date
sending country
citizenship
Passport number
flight number, arrival and departure time

4.3. Photos and videos:

We inform, that we may make photos and videos in the event from legitimate interest, mainly crowd scenes. We inform you that the event is opened to the media.

According to the Hungarian civil code 2013. year V. law 2:48. § (2), in case of crowd scenes and public appearance there is no necessity to ask personal compliance neither for making the photo nor for its utilization. However, as involved persons have to be informed, we inform participants from photo- and video-making beforehand hereby, and we call attention at the event with the following label: We inform that photo- and video recording may be taken here.

Meanwhile we inform that crowd scenes and public appearance recordings will be used for the public propagation and marketing of the event, via the online and offline channels of controllers.

To make individualised photos or videos we ask compliance from the involved person according to the Hungarian civil code 2013. y V. law 2:48. § (1). Free-will compliance can be given during the registration by ticking the appropriate checkbox. Persons, who did not give compliance, will be distinguished by a separate color badge in the event, so that no photos will be taken from them. Despite best providence, photos may incidentally appear from persons, who did not give compliance to publish photos. In this case, persons should immediately contact controllers, with the definite sign and identification of the media, and the photo, and controller will remove them.

Free-will compliance can be withdrawn at any times. For this, please search Diamond Congress Ltd. (registration and hospitality desk) to ask a distinctive color badge. After the event you may ask contact persons of controllers to delete particular photos after identification.

We inform that photos will be published in the photo gallery of the event website and social media sites, and may appear in public media, as well as printed and online publications.

Abstracts, posters, email addresses:

The printed programme guide may contain the name, email address and institute of participants. Abstracts, posters and programme guides will be preserved for 5 years. We inform that the above data in the programme book will be published publicly, thus they cannot be deleted after publishing.

Data transfer and accessibility to external parties.

Generally we do not perform the transfer of data related to the event, neither inland, nor to foreign countries. We transfer headcounts to subcontractor providers of the services (hotels, board, programs), no personal data are transferred in these cases. Your data are managed solely by the controllers listed in point 1, and only those persons access these data, who are assigned by the organisers, and whose accessibility is necessary to provide the event services.

We transfer data to other parties only if you give specific compliance in the registration form to approve that your data may be transferred to the organiser of the next Olympiad.

Are personal data collected from external parties?

No. Your personal data are given solely by you, we do not collect personal data from other sources. We ask a Parent Declaration form the parents of foreign competitors, in which the parent or legal representative declares in the name of the student.

Is there automatic decision making during the data management?

No.

Method and time of data storage:

Data are collected and stored mainly electronically. In some cases (e.g. bills) paper form storage may appear. Paper based data are stored in the headquarters or offices of controllers, in folders. Data are managed only by authorized persons, external persons does not have access to the documents (stored in closed wardrobes and rooms).

Employees are informed that paper-basis data can be accessed only by authorized persons, others can not access the data (keys are stored secretly, opened wardrobe is not let without personal surveillance).

Electronic data are stored and protected according to the followings:

Electronic data are stored on the server of controller. Multi-level firewall system protects the informatics network.

Databases are protected generally by two-level access protection. Database cannot be directly reached from external computer. In database level, data can be reached directly only by the administrator (or other full-authority user), other persons can reach stored data only via applications connected to the database. These applications use separated user identification system.

For request, data are deleted by data manager colleague. In other case, continuously, but at least one time per year data are reviewed by authorized colleague, and in case of no storing necessity, they are deleted. Data related to the event are deleted completely within 5 years.

If data are managed by your free-will compliance (e.g. photos and videos), and other claim is not present (e.g. contract), data are managed as long as you do not withdraw your compliance, or there is no reason of further management and you agree to data destruction.

If your data are managed in the grounds of a contract, then data are managed to the contract compliance, and 5 years after that. Documents supporting financial accounts are stored for 8 years, and destructed after that.

If legitimate interest is present according to data management, data are managed as long as we can prove the existence of the legitimate interest. Data are stored 5 years after the termination of the legitimate interest.

Electronic data are destroyed completely, without the ability of restoring. Paper data are destroyed in paper destroyers, or by approved data destroying company.

What rights do you have related to the event?

Regarding your personal data you have the right to:

right to information – you can ask information from the management of your personal data.

Please ask the contact person of the controller, who is obliged to reply and inform without undue delay, but at least 15 days later after receiving your request.

right to access – you can access to your managed data. Your data are freely available and changeable until the end of the registration period. After that, please ask the contact person of the controller, who will give you access to your data.
right to rectification – if you observe inaccuracy in your personal data, you have the right to ask for correction. After the registration period you can ask the contact person of the controller to correct your data, who is obliged to do this without undue delay.
right to cancel – if we manage your data in the basis of free-will compliance, you can ask the deletion of your data along with the approval of your involved status, in writing, from the contact person of the controller.
right to protest – you have the right to protest against data management based on legitimate interest.
right to restriction – you can ask the restriction of your data, for instance if you argue the accuracy of your managed data, as long as controller does not verify their accuracy.
right to legal remedy – in case of injuria you have the right to ask for legal remedy.

How can I apply legal remedy?

10.1. You can directly appeal to controllers:

Hungarian Astronomical Non-profit Ltd.
Contact person: Dr. Áron Keve Kiss, executive
Post address: H-1121 Budapest, Konkoly Thege Miklós út 15-17., Hungary
Headquarters: H-9400 Sopron, Csatkai Endre u. 6-8., Hungary
E-mail: magyarcsillagaszat@gmail.com
Phone: +36 30 358 5120

You may reach the data protection officer of University of Szeged, at the following contact:

Dr. Dóra Lajkó
Address: Szegedi Tudományegyetem, József Attila Tanulmányi és Információs Központ
H-6722 Szeged, Ady tér 10., Hungary
Phone: +36 62 342-376, +36 62 544-000/2376
E-mail: dpo@gmf.u-szeged.hu

10.2.You may reach Hungarian National Authority for Data Protection and Freedom of Information at the following contact:

Nemzeti Adatvédelmi és Információszabadság Hatóság
Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C., Hungary
Phone: +36 1 391-1400
E-mail: ugyfelszolgalat@naih.hu

10.3.You may appeal to court:

If you notice illicit data management, you may initiate a lawsuit, even against the National Authority. You may be informed about the possibilities, methods and forums of lawsuit initiation here: https://birosag.hu/birosagi-szervezetek

Is there a data protection officer of the controller?

Diamond Congress Ltd. and HAN Ltd. does not have a data protection officer, you may contact the persons mentioned in 10.1 point. You can find the data protection officer of University of Szeged at 10.1 point.