1. Purpose and scope of the information

The purpose of this information is to present the data protection and management principles and methods used by Ozone Skiing, which the company, as a data controller, recognizes as binding on itself.
This information sheet applies to the handling of the personal data of those interested in the programs organized by Ozone Skiing, the applicants for the programs, the participants in the programs, and the instructors.
When creating this information, Ozone Skiing took into account the provisions of Regulation 2016/679 of the European Parliament and Council ("General Data Protection Regulation" or "GDPR"), CXII of 2011 on the right to self-determination of information and freedom of information. the provisions of the Act ("Info Act").

2. Definitions

Data subject: any natural person identified or - directly or indirectly identifiable on the basis of specific personal data;

Personal data: any information relating to an identified or identifiable natural person ("data subject").

Data management: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as the collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying;

Data controller: the natural or legal person, public authority, agency, or any other body that determines the purposes and means of personal data management independently or together with others, if the purposes and means of data management are determined by EU or member state law, the data controller, or special aspects regarding the designation of the data controller may also be determined by EU or member state law

Data processor: the natural or legal person, public authority, agency, or any other body that processes personal data on behalf of the data controller.
Consent of the data subject: a voluntary, concrete and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates through an unmistakably expressive act of declaration or confirmation that he/she consents to the processing of personal data concerning him/her;

Third party: the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data manager, the data processor or the persons who have been authorized to process personal data under the direct control of the data manager or data processor.

Data protection incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data transmitted, stored, or otherwise handled;

Special data: personal data on racial origin, belonging to a nationality, political opinion or party affiliation, religious or other worldview beliefs, interest-representation organization membership, sexual life, personal data on health status, pathological passion, and the criminal
personal data; the concepts of genetic data, biometric data and health data defined by the GDPR are included in this category.

Data transfer: making the data available to a specific third party;

Disclosure: making the data available to anyone;

Data deletion: rendering the data unrecognizable in such a way that its recovery is no longer possible;

Data processing: performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data.

3. Basic principles of data management

3.1. Legality, fairness and transparency:

Personal data must be handled legally and fairly, as well as in a transparent manner for the data subject.

3.2. Purposefulness:

Personal data may only be collected for specific, clear and legitimate purposes, and they may not be handled in a way that is incompatible with the purposes. Archiving in the public interest and data management for statistical purposes do not qualify as data management incompatible with the purpose.

3.3. Data saving:

Personal data must be appropriate and relevant for the purposes of data management, and must be limited to what is necessary.

3.4. Accuracy:

Personal data must be accurate and, if necessary, up-to-date; all reasonable measures must be taken to immediately delete or correct inaccurate personal data for the purposes of data management.

3.5. Limited storage capacity:

The storage must take place in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management. Personal data may be stored for a longer period of time only if the personal data is stored for archiving or statistical purposes in the public interest.

3.6. Integrity and Confidentiality:

Personal data must be handled in such a way that appropriate technical and organizational measures are used to ensure adequate security of personal data, including protection against unauthorized or illegal processing, accidental loss, destruction or damage.

3.7. Accountability:

The controller is responsible for compliance with the principles governing the handling of personal data and must be able to demonstrate compliance.

4. Purpose and legal basis of data management

The purpose of data management is to inform interested parties about Ozone Skiing's programs, useful and interesting news and information.
The scope of the managed data is determined on a purpose-bound basis, with data economy in mind and legal obligations taken into account.
Accordingly, the legal basis for processing personal data is:

• the data subject's consent to the processing of their personal data;

• data management is necessary for the performance of a contract in which the data subject is one of the parties, or for taking steps at the request of the data subject prior to the conclusion of the contract;

• data management is necessary to fulfill the legal obligation of the data controller.

The data subject can withdraw his consent to the processing of his data, but this does not affect the legality of the data processing until then. If the data subject does not agree or withdraw his consent to the processing of his data, he is not entitled to use the services provided under the contract.
Ozone Skiing ensures that the managed data is always handled and used only for the specified purpose.

5. Scope and storage period of personal data handled

Ozone Skiing typically processes the following personal data for the parties defined in point 1: name, e-mail address, phone number, skiing skills, postal address, and the specified interest.
We keep the data provided by interested parties until withdrawn. The data of interested parties is typically handled electronically. 

6. Rights of data subjects

Ozone Skiing provides the data subjects with the rights related to the protection of their personal data:

6.1. Access right

The data subject may request that the data controller informs him about the personal data of the data subject, the purpose of the processing, its planned duration, and his rights related to his personal data.

6.2. Right to rectification

The data subject has the right to have the data controller correct inaccurate personal data concerning him or her, as well as to request the addition of incomplete personal data.

6.3. Right to erasure (right to be forgotten)

The data subject has the right to have the personal data deleted by the data controller upon request and in justified cases. The data manager decides on the execution of the deletion based on the examination of the reasons and the examination of the legal basis of the data management. Due to legal regulations, there is no way to delete data related to completed courses and exams.

6.4. Right to restriction of data processing

The data subject has the right to have the data controller restrict data processing at his request, in justified cases. Restricted data can only be released if there are legal requirements, and the data subject must be informed of this.

6.5. Right to data portability

The data subject has the right to receive the personal data provided by him and forward it to another data controller.

6.6. Right to protest

The data subject has the right to object at any time to the processing of his personal data for business purposes for reasons related to his own situation.

7. Validation of the rights of those concerned

7.1. Management of questions, comments, requests and complaints

In order to enforce their rights, the data subjects can contact the data controller, primarily at the following contact details:

Miklós Ozsváth
2461 Tárnok, Kossuth Lajos utca 2.
Tel.: +36-30-9210850,

Evelin Szommer

2092 Budakeszi, Erkel Ferenc u. 94.

Phone: +36-30-8448644

​

Email:  ozoneskiing@gmail.com


7.2. Legal remedy

In case of disputed questions, in data protection matters, the competent authority:

National Data Protection and Freedom of Information Authority
1125 Budapest, Szilágyi Erzsébet fasor 22/c
Tel: +36 (1) 391-1400, Fax: +36 (1) 391-1410, E-mail:  ugyfelszolgalat@naih.hu
Website:  www.naih.hu

8. Data protection and data management information

As a data controller, Ozone Skiing reserves the right to modify this information unilaterally at any time.