PRIVACY POLICY AND PROCESS DESCRIPTION
FOR THE DATA MANAGEMENT RELATED TO 8. DEBRECEN AIRPORT RUN RACE
DEBRECEN INTERNATIONAL AIRPORT Ltd. (hereinafter referred to as the Data Controller), in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter GDPR), hereby informs the participants of the race and those registering through its registration system, with this notice and process description, about all the facts related to the processing of your personal data. By participating in the process, you, as the data subject, become involved in the data processing according to this process description.
EXACT NAME AND CONTACT DETAILS OF THE DATA CONTROLLER:
Name: DEBRECEN INTERNATIONAL AIRPORT Ltd.
Registered office: 4030 Debrecen, Repülőtéri út 12.
Central email address: @
Central phone number: +36-/52-521-192 CONTACT
DETAILS OF THE DATA PROTECTION OFFICER: @
The purpose of this Notice is to provide data subjects with appropriate information about the personal data processed by the Data Controller, their sources, the purpose and legal basis of the data processing, the duration of the processing, and the activities related to the data processing, as well as, in the case of data transfer of the data subject's personal data, the legal basis and recipient of such transfer.
The Data Controller only processes personal data that are necessary for the specific purposes of the data processing (conducting the race and potential further marketing communications). Under no circumstances does the Data Controller collect special categories of personal data relating to racial or ethnic origin, political opinions or party affiliations, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, or data relating to criminal convictions and offenses.
Anonymous information that is collected and cannot be linked to an identified or identifiable natural person, as well as demographic data collected without linking them to identifiable individuals, shall not be considered as personal data.
The purpose of the data processing is to identify and keep records of participants in the race, record registrations, and send future marketing communications on behalf of the Company. The data can be accessed by the Managing Director of the company and employees authorized by the Managing Director for the purpose of providing the service.
If any authority contacts the Company to provide information, disclose data, or make documents available, the Company shall provide the necessary personal data to the requesting authority if the authority has specified the exact purpose and scope of the data in order to achieve the purpose of the request.
We will send emails to all applicants:
- confirming successful registration in the online registration system,
- confirming successful registration excluding personal attendance (confirmation email),
- providing information about the race,
- sharing the results,
- for necessary communication, data reconciliation, and for marketing purposes.
Data stored about the participants:
The listed data is collected to identify the participants (e.g., to differentiate between participants with similar names), for communication purposes, to provide the service (e.g., sending race-related notifications), to organize the race (e.g., assigning race numbers, allocating starting zones, creating categories, determining results by category, verifying registrations, problem-solving), and for marketing purposes to promote future events.
We request the t-shirt size in order to order the appropriate t-shirts for the specific race and estimate the quantity needed based on the size range.
Basic data:
- full name,
- gender,
- place and date of birth,
- postal code,
- email address,
- phone number.
Registration data specific to each race:
- planned and actual completion time of the race (or the fixed distance covered in timed races), category, placement, and in some cases, intermediate times,
- paid registration fee, type of discount, payment method and date,
- race pack collection, confirmation, withdrawal, and dates,
- t-shirt size,
- company name (if the registration is sponsored by a company or if participating in races specifically for companies),
- student registration (for statistical purposes and to verify eligibility),
- name to be printed on the race number (not mandatory, only if requested by the participant, and only for specified races),
- whether it is the participant's first time completing this race/distance (not mandatory – for statistical and marketing purposes),
- other comments related to customer service (e.g., name change, clarifying payment issues, transferring registration, etc.).
Data processing related to registration for the race
PURPOSE OF THE DATA PROCESSING:
To enable registration for the race, form teams, and create race numbers. Informing the participants of the race about changes
LEGAL BASIS FOR THE DATA PROCESSING:
The data subject has given consent to the processing of their personal data for one or more specific purposes (Article 6(1)(a) of the GDPR).
SCOPE OF PROCESSED DATA:
Participant's name, gender, place and date of birth, postal code, email address, phone number, t-shirt size.
DATA PROCESSORS INVOLVED IN THE DATA PROCESSING AND IDENTIFICATION OF DATA PROCESSING OPERATION: Registration for the race is carried out on behalf of the Data Controller by PW Studió Ltd. (4026 Debrecen, Múzeum u. 4., 2nd floor 1.), the registration process required for collecting race packs is carried out by Debreceni Sportcentrum Közhasznú Nonprofit Ltd. (4032 Debrecen, Oláh Gábor u. 5.), and the creation of race numbers is done by EvoChip Hungary Ltd. (3232 Gyöngyös, Hegyalja u. 24/a) as a Data Processor.
DURING DATA PROCESSING, DATA WILL NOT BE TRANSFERRED TO THIRD PARTIES.
Please note that the disclosure of personal data to courts and authorities may be required by law. If a court or authority requests the release, disclosure, or provision of personal data from the Data Controller in accordance with a legally prescribed procedure, the Data Controller is obligated to provide the requested data to the requesting court or authority in fulfillment of its legal obligations.
Statistical Data Processing
PURPOSE OF THE DATA PROCESSING:
Analysis of the consumer market for the race to support targeted marketing activities.
LEGAL BASIS FOR THE DATA PROCESSING:
The data subject has given consent to the processing of their personal data for one or more specific purposes (Article 6(1)(a) of the GDPR).
SCOPE OF PROCESSED DATA:
Participant's date of birth, postal code, t-shirt size, selected race distance.
DATA PROCESSORS INVOLVED IN THE DATA PROCESSING AND IDENTIFICATION OF DATA PROCESSING OPERATION:
No Data Processor is involved in the statistical analysis conducted by the Data Controller.
DURING DATA PROCESSING, DATA WILL NOT BE TRANSFERRED TO THIRD PARTIES.
Please note that the disclosure of personal data to courts and authorities may be required by law. If a court or authority requests personal data during a procedure established by law, the Data Controller is obliged to provide the requested data to the requesting court or authority in fulfillment of its legal obligations.
STORAGE PERIOD OF PERSONAL DATA:
1 year from the completion of the races.
AUTOMATED DECISION-MAKING DOES NOT TAKE PLACE DURING THE DATA PROCESSING.
DESCRIPTION OF THE DATA PROCESSING:
After registering for the 8. Debrecen Airport Run race organized by the Data Controller, the necessary data for statistical analysis (participant's date of birth, postal code, selected race distance) will be selected and processed.
RIGHTS OF THE DATA SUBJECT:
The Data Controller informs you that, based on the GDPR, after verifying your identity, you have the following rights:
- request information about the processing of your personal data,
- withdraw your consent to the data processing,
- request access to your personal data,
- request rectification of your personal data,
- request erasure of your personal data if their processing is unlawful or no longer necessary for the purposes of the Data Controller,
- request data portability of your personal data,
- request restriction of the processing of your personal data.
Data Processing Related to the Capture and Use of Photos and Videos
PURPOSE OF DATA PROCESSING:
Capturing and using photos and videos to commemorate events and moments at the event, promoting them, informing the public, and utilizing them for marketing purposes.
LEGAL BASIS OF DATA PROCESSING:
Data processing is necessary for the legitimate interests of the data controller or a third party (Article 6(1)(f) of the GDPR).
TYPES OF DATA PROCESSED:
Images of individuals who have registered for or attended the event, as well as other data that can be associated with the individuals (location, duration of stay).
DATA PROCESSORS INVOLVED AND DESCRIPTION OF DATA PROCESSING OPERATIONS:
Photos are taken by the Data Controller and, on their behalf, by HA Digital Ltd. (Hatvan utca 37, Debrecen, 4025) as a data processor. Videos are produced by ATOMICMEDIA Ltd. (Bajcsy-Zsilinszky u. 22, Debrecen, 4024) as a data processor.
DATA DISCLOSURE FOR THE PURPOSE OF PUBLICITY IS MADE TO THE FOLLOWING ENTITY:
Debrecen Municipality (Press Office)
DATA RETENTION PERIOD:
The Data Controller retains the photos on their internal platform and on social media platforms as long as they generate interest and are relevant. Afterward, the photos are deleted.
AUTOMATED DECISION-MAKING DOES NOT TAKE PLACE DURING DATA PROCESSING.
DESCRIPTION OF DATA PROCESSING:
At the 8. Debrecen Airport Run event, the Data Controller, as the event organizer, captures photos in which attendees of the event may be recognizable. The photos are taken to commemorate the event, promote it, and inform the public based on the legitimate interests of the Data Controller. They are published on their internal social platform and on social media.
Please note that, according to Section 2:48(2) of the Civil Code (Act V of 2013), "Consent is not required for taking and using photos in the case of group photos and photos taken in the public sphere."
You have the right to object to this data processing, even before the photos are taken. You can express your objection to the photographer before the photo is taken or to the Data Controller using the contact information provided. If the photo primarily focuses on a smaller group of individuals, the photographer will explicitly ask for their consent before taking and publishing the photo.
The Data Controller gives particular consideration to your objection, especially if it is expressed before the photo is taken or if the photo depicts a smaller group of individuals. In such cases, the photo is typically not taken or published if you object. However, you also have the right to object after the publication of a photo that includes you.
If you object, the Data Controller will examine whether there is a compelling legitimate interest in processing your photo and decide whether your request can be fulfilled.
It is important to note that the Data Controller always takes care not to capture or publish photos that could be embarrassing or compromising to individuals.
RIGHTS OF THE DATA SUBJECT:
The Data Controller informs you that, in accordance with the GDPR, you have the following rights, subject to verification of your identity:
- You can request information about the processing of your personal data.
- You can request access to your personal data.
- You can request the correction of your personal data.
- You can request the erasure of your personal data if its processing is unlawful or no longer necessary for the purpose it was collected.
- You can request the restriction of the processing of your personal data.
- You can object to the processing of your personal data.
Cookies
Cookies often store settings related to websites, such as default language or location. When you visit a website again, the browser sends the cookies related to the given website. This allows the website to provide personalized information. Cookies on the web can store many kinds of information, including identifiable personal information. The Company currently operates the website www.debrecenairport.com (hereinafter: Website). Using the Website without providing their data one can obtain information, and also make complaints to the Company via the Website.
Certain data and IP addresses of visitors’ computers and of other devices are logged in order to enlist the visit. The Company uses these data exclusively to create statistics, such as to determine how often the Website is visited and how much time each visitor spends there. The Company does not associate IP addresses with any other data that could be used to personally identify the visitor.
In certain cases, when certain parts of the Website are downloaded, the Company installs small data files (cookies) containing personal data as appropriate on the visitor's computer or other device for the purpose of recording data, identifying the visitor and facilitating further visits. The visitor can set the browser used for Internet access to receive a notification if the Company wants to place a cookie on their computer or other device, and they can also prohibit the sending of cookies at any time (depending on the browser, that can usually be done in the devices’ menu under settings/internet settings). However, if cookies are not accepted, some pages will not work perfectly, or the visitor may not be authorized to access certain data.
The Company uses the Google Analytics Google service of Google Inc.
The tracking cookie enables Google Inc. to identify you on other websites as well. The "Data protection guidelines" of Google Inc. are available at http://www.google.hu/intl/hu/policies/privacy/.
On the website of Google Inc., you can find more useful information about Google Inc.'s activities related to data, the blocking of cookies and the personalization of advertisements on the following website: http://www.google.com/intl/hu/policies/privacy/ads/
***
The web beacon cannot be rejected. Google uses the acquired information to evaluate and analyze the use of the website by the data subject, to compile reports on the activities performed on the website, to provide other services related to the activities performed on the website and during Internet use.
In the case of those who use the Website solely for the purpose of visiting, data processing is carried out only to provide them with information. Meanwhile the Company records the starting and ending times of their visit, as well as cookies, which are stored electronically until the purpose of data processing is achieved, but only for a period not longer than 2 years.
The Data Controller strives to ensure that the information provided to you is as concise, transparent, comprehensible, easily accessible, clear and generally understandable as possible, even complying with the rules defined by the GDPR.
You can primarily submit your written request to the data protection officer of the Data Controller, at the address indicated in this Information Notice. However, if you claim for any verbal information on the phone, after verifying your identity, an employee of the Data Controller authorized to do so may provide you with that spoken information, if they have the necessary data for the claimed information at their disposal. In all other cases, the request will be recorded by our staff member and we shall inform you about your request no later than one month from the date of receipt of the request. We can extend this deadline to a maximum of two additional months if the complexity of the claim or the number of claims being processed at the time would justify that, but we will inform you of that within one month after receiving your claim.
In case we do not act on your claim or if you do not accept our decision, you can take legal action. You can make a complaint about our data management procedure at the National Data Protection and Freedom of Information Authority or claim legal remedy at the court of your place of residence. However, we draw your attention to the fact that, based on the practice of the National Data Protection and Freedom of Information Authority (ugyfelszolgalat@naih.hu, 1363 Budapest, Pf.: 9.), the Authority will only accept your complaint if you first have contacted the Data controller, that is us, we have not taken action on your claim or you have not accepted our action. We therefore recommend you should contact our data protection officer first!
If any of our visitors feels that they have any additional questions or problems in addition to those contained by this Information Notice, or would make a comment on some details not clearly stated in the Information Notice, or would need extra explanation, please contact our colleague in charge with the personal data protection issues at the following e-mail address: dpo@debrecenairport.com
Debrecen, 2025. 05. 15.
Debrecen International Airport Kft.
Data Controller