the Hungarian Reformed Rescue Service Rescue Dogs, Volunteer Search and Rescue Team and Firefighters Association

PRIVACY NOTICE

A Hungarian Reformed Charity Service Rescue Dog, Volunteer Search and Rescue and Firefighting Association, as data controller (hereinafter referred to as: Association or Data Controller) - Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR) - provides the following information in relation to its processing activities indicated in point 2.

The processing of data under this Notice is primarily governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as "Regulation (EU) 2016/679"): GDPR), and Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.) shall apply.

For the purposes of this Privacy Notice, the main terms are set out in Annex 1 to this Privacy Notice.

1. Data of the controller and its representative

• Name and contact details of the Data Controller: Hungarian Reformed Charity Service Rescue Dogs, Volunteer Search and Rescue Team and Firefighters Association, registered office/postal address: 4225 Debrecen, Monostorerdő utca 101., e-mail: mrszkmcs@jobbadni.hu
• Name and e-mail address of the Data Controller's representative: Gábor Hegedűs President, e-mail: hegedus.gabor@jobbadni.hu

2. Data processing covered by the Privacy Notice

This Privacy Notice applies to the following processing activities of the Data Controller:

• the processing of natural personal data of individuals who contact the Data Controller with an interest in the activities of the Data Controller
• a https://sar-hungary.org/ the processing of personal data of applicants for inclusion in the database of volunteers to the Data Controller via the website
• the processing of personal data of those who support the work of the Research and Rescue Team maintained by the Data Controller by means of a financial donation by bank transfer
• a https://sar-hungary.org/ the management of data relating to cookies used by the website.

3. data subjects, scope of data processed, purpose, legal basis and envisaged duration of processing

The Controller processes personal data of data subjects in the context of its processing activities as set out above (point 2) for the purposes, on the legal bases and for the envisaged duration set out below.

• For those interested the processing of your personal data in connection with the CONTACT:

The Data Controller provides the opportunity for those interested in its activities to contact it via the e-mail and telephone contact details on its website. The data subject shall be solely responsible for the truth and accuracy of the information provided during the contact.

• The processing of personal data of those who request access to our database:

In order to participate in the work of the Research and Rescue Team maintained by the Data Controller, the Data Controller keeps an electronic register (database) of volunteer applicants in order to regularly inform the persons included in the database about the volunteer opportunities available at the Data Controller and to establish the employment of the person concerned as a volunteer in the public interest.

• PROCESSING OF PERSONAL DATA OF PERSONAL DONORS:

 A monetary donation may be made to the Data Controller by bank transfer to the bank account of the Data Controller. The processing of donations concerns natural persons (donors) who make a financial donation to the Controller by bank transfer.

• The COOKIES used by the website (COOKIES)

The website uses cookies, convenience, analytical and marketing cookies necessary for its operation, about which visitors can find more information in the Cookie newsletter you can find.

The use of convenience, analytical and marketing cookies used by the website can be accepted or refused by the website visitor in the pop-up window when visiting the site. The data subject can also set his/her browser to disable or enable cookies, so that he/she can prevent all cookie-related activities and delete cookies placed during previous visits. As each browser is different, it is possible to set preferences for cookies, including their deletion, individually using the browser toolbar. For more information about the settings for disabling or enabling cookies, please refer to the Help section of the browser of the person concerned or you can find out more directly via the links below:

• Google Chrome:
•  
•  

If the cookie is deleted, the function (purpose) associated with the cookie is not implemented, as a result of which certain content and functions of the website are not available to the visitor.

4. Staff of the controller involved in the processing of personal data: the processing of personal data by the Data Controller sOnly staff involved in the performance of the task (activity) concerned by the data processing activity (e.g. staff responsible for receiving and responding to enquiries received by the Data Controller, handling volunteer applications, website operation and donation coordination) are authorised to use the data within the organisation. For information on the external service providers/trustees (outside the Controller's organisation) used by the Controller in the course of the processing, the data subject is referred to point 5 of this Notice.
5. The recipients of personal data (the persons to whom/which the controller discloses the personal data outside the organisation)

• A https://sar-hungary.org/website hosting provider: the data published on the website describing the operation and activities of the Data Controller are stored on the storage space of the following service provider used by the Data Controller:

Title: Hostinger International Ltd.

Registration number:196895

Registered office (postal address): 61 Lordou Vironos Street, 6023 Larnaca, Cyprus

E-mail contact: support@hostinger.com

Personal data shared on the Data Controller's website (including images published there) and data received through the website (including applications) are stored on the server of the hosting provider of the website indicated above.

• The service provider responsible for the maintenance and development of the website: the Data Controller is the https://sar-hungary.org/ has entrusted the development and maintenance of its website to the following service provider:

Title: Gulácsi Enikő e.v.

Registration number: 61172142

Registered office (postal address): 4254 Nyíradony, Kinizsi Pál u. 21.

E-mail contact: info@eniweb.eu

The service provider is responsible for the IT development and maintenance of the website, and is entitled to access and process the personal data necessary for the fulfilment of its tasks.

• Payment service provider: for the processing of bank transfer payments (donations), the Data Controller uses the services of the payment service provider MBH BANK, which manages its payment account. The purpose of the data transfers is to carry out payment transactions, to prevent and detect fraud and fraudulent use of the data, to perform any additional tasks that may be required by the payment service provider to ensure the effectiveness of the payment, and to confirm the transactions.
•  
• Accountant of the Data Controller: the Data Controller will transmit the data relating to donations to the following accountant appointed by the Data Controller in order to fulfil its legal accounting obligations:

Title: Vezendi Könyvelőiroda Kft.

Address/postal address: 4031 Debrecen, Derék u. 78. fsz. 2.

The purpose of the transfer is to fulfil the Controller's legal obligations in accounting.

• Other recipients:

Bodies or persons authorised by law to monitor the proper functioning and activities of the Data Controller may, in the course of their duties, obtain access to and process the data of the data subject necessary for the purposes of the monitoring in accordance with the rules applicable to them.

In the event of a judicial or administrative request, the Data Controller shall transmit the data necessary to comply with the judicial or administrative request to the person who made the request.

6. Data subjects' rights in relation to data processing:

Data subjects may have the following rights in relation to the processing of their personal data, as explained below:

a) Right of access

The data subject has the right to receive feedback from the Data Controller as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access the personal data and the following information:

1. a) the purposes of the processing;
2. b) the categories of personal data concerned;
3. (c) the recipients or categories of recipients to whom or which the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
4. (d) where applicable, the envisaged duration of the storage of the personal data or, where this is not possible, the criteria for determining that duration;
5. (e) the right of the data subject to obtain from the Controller the rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data;
6. (f) the right to lodge a complaint with a supervisory authority;
7. (g) where the data have not been collected from the data subject, any available information on their source;
8. (h) the fact of automated decision-making, including profiling, and, at least in those cases, the logic used and clear information on the significance of such processing and its likely consequences for the data subject.

The data subject shall also have the right to obtain from the Controller, upon request, a copy of the personal data that are the subject of the processing. The exercise of the right to request a copy shall not adversely affect the rights and freedoms of others.

For additional copies requested by the data subject, the Data Controller is entitled to charge a reasonable fee based on administrative costs, the amount of which and the way in which it will be charged, which the Data Controller will inform the data subject of in advance (before executing the request).

In order to meet data security requirements and to protect the rights of the data subject, the Data Controller is obliged to verify the identity of the data subject and of the person who wishes to exercise his or her right of access, for which purpose the provision of information and the disclosure of copies of personal data are also subject to the identification of the data subject.

b) Right to rectification

Under the right of rectification, the data subject has the right to obtain, at his or her request, the rectification of inaccurate personal data relating to him or her. Having regard to the purposes of the processing, the data subject shall have the right to obtain the rectification of incomplete personal data, including by means of a supplementary declaration.

c) Right to blocking (restriction of processing)

The data subject may request that the Controller restricts the processing of his or her personal data (by clearly indicating the limited nature of the processing and ensuring that it is kept separate from other data) where.

- contests the accuracy of your personal data (in which case the restriction applies for as long as the Controller verifies the accuracy of the personal data);

- the data processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;

- the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or

- in the case of processing based on legitimate interest (mass recording), the data subject has objected to the processing. In this case, the restriction shall apply for the period until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the data subject.

d) The right to object

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data where such processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party. In such a case, the Controller may continue to process the personal data only if he or she can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

The right to object is granted to the data subject in respect of the following processing under this Notice, in relation to the processing of cookies necessary for the technical functioning of the website and in the case of.

e) Right to erasure („right to be forgotten”)

The data subject shall have the right to obtain the erasure of personal data relating to him or her at the request of the Controller if.

• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• the processing is unlawful;
• where the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
• where the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
• where the data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the Data Controller.

The Data Controller draws the attention of the data subject to the fact that erasure is not required in the cases referred to in Article 17(3) of the GDPR, so that where processing is necessary

• for the exercise of freedom of expression or the right to information;
• to bring, enforce or defend legal claims;
• to comply with a legal obligation to which the Data Controller is subject;
• on grounds of public interest in the field of public health;
• archiving in the public interest, scientific or historical research, statistical purposes, where deletion of the data would make it impossible or seriously jeopardise the purpose of the processing.

f) Right to data portability:

Where the processing is based on the data subject's consent (Article 6(1)(a) GDPR) or on a contract with the data subject (Article 6(1)(b) GDPR) and the processing is automated, the data subject shall have the right to obtain the personal data that he or she has provided to the controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller.

(g) The right to withdraw consent:

Where the processing is based on the data subject's consent, the data subject shall have the right to withdraw his or her consent at any time by sending a statement to the postal or e-mail address of the Controller specified in subsection 1.1. With regard to the processing (prohibition, authorisation) of cookies, the provisions of subsection 3.4 of the Notice shall apply.

In case of withdrawal of consent, the data subject's data will be deleted. The withdrawal of consent shall not affect the lawfulness of previous processing based on consent.

The right to withdraw consent to the processing of the data covered by this Notice is available to the data subject in the following cases:

• those interested in the activities of the Data Controller in relation to the processing of their personal data in connection with their contact with the Data Controller,
• applicants to the volunteer database of the Data Controller,
• visitors to the website for the management of cookies used by the website for convenience, statistical and marketing purposes.

7. Submitting requests concerning the exercise of the rights of the data subject:

The data subject may send his or her request to exercise his or her rights in relation to the processing to the Data Controller by post or by electronic means (e-mail) as specified in subsection 1.1.

The Data Controller shall examine the data subject's request without undue delay, but no later than 1 (one) month from the date of its receipt, and shall inform the data subject of the decision taken in his or her case and of the measures taken or planned to be taken by the Data Controller. If necessary, taking into account the number and complexity of the requests, this time limit may be extended by a further 2 (two) months. The Data Controller shall inform the data subject of the extension of the time limit, stating the reasons for the delay, within 1 (one) month of receipt of the request. Where the data subject has submitted his or her request by electronic means, the information shall also be provided by the Controller by electronic means, unless the data subject explicitly requests otherwise. Where the request is unfounded, the Controller shall inform the data subject of the refusal of the request, the reasons for the refusal and the remedies available to the data subject, as set out in point 8 of this Notice.

8. Right to legal redress:

If the data subject considers that the Data Controller has infringed the applicable data protection requirements in the processing of his or her personal data, he or she may.

• you can lodge a complaint with the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11., postal address: 1363 Budapest, Pf. 9. E-mail: ugyfelszolgalat@naih.hu, website: www.naih.hu), or

- have the right to apply to the courts, which will rule on the matter out of turn, in order to protect your data. In this case, you are free to choose whether to bring your action before the court of the place of residence (permanent address or temporary address) or before the court competent for the place where the Data Controller is established. At the time of issuing this Information, the Debrecen Court of Law has jurisdiction for the lawsuit according to the seat of the Data Controller.

Dated: Debrecen, 2026.02.06.

1. ANNEX NO: Definitions of terms

For the purposes of this Notice, the following definitions shall apply:

personal data: any information relating to an identified or identifiable natural person („data subject”).

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.

concerned: a natural person identified or identifiable on the basis of any information.

data management: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

data transmission: making the data available to a specified third party.

addressed to: the person or body with whom or to which the Controller communicates the personal data of the data subject.

third party: a person or entity other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.

data processor: the person or entity that processes personal data on behalf of the Data Controller.

data processing: processing by a processor acting on behalf of or under the instructions of the Controller.

restriction of processing: the identification of the personal data stored in order to limit their future processing.

data deletion: rendering data unrecognisable in such a way that it is no longer possible to recover it.

profiling: any form of automated processing of personal data whereby personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with the performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that person.

consent of the data subject: a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her