Joseph of Arimathea Asset Management Foundation (the “Foundation”) values your privacy and processes your data exclusively based on the General Data Protection Regulation (2016/679, "GDPR"), Hungarian Data Protection Act, other local laws and regulations and this Privacy Policy.

This Privacy Policy applies to the (https://jaamf.org/) website and processing of data by Foundation.

WHAT IS THE LEGAL BASIS AND WHY DO WE PROCESS YOUR DATA?

We use your personal data on the base of legal grounds provided by laws:

• based on your consent (e.g. Art. 6, Par. 1a GDPR);
• to fulfil contractual or pre-contractual obligations (e.g. Art. 6, Par. 1b GDPR);
• based on legal and/or regulatory requirements (e.g. Art. 6, Par. 1c GDPR);
• to protect the vital interests of the data subject or of another natural person (e.g. Art. 6, Par. 1d GDPR);
• based on public interest (e.g. Art. 6, Par. 1e GDPR);
• legitimate interest (e.g. Art. 6, Par. 1f GDPR).

We process your data in order to provide you, inter alia, with such services as management of the assets or in order to provide support for charitable projects and education of priests, monks, nuns, religious and lay missionaries and religious educators of any denomination of the Christian Churches in any country or to contact you concerning events, newsletters and other marketing material that we think may be of interest for you. We may also use personal data to develop our website and services and to measure the effectiveness of our marketing.

Our Foundation may use your personal data as part of a marketing campaign or market research. The processing of your data for this purpose is legal as long as it falls under our legitimate activity as a private asset management foundation. You may object or opt-out of receiving marketing messages at any time. Furthermore, where required by applicable law, your prior consent will be obtained before sending you direct marketing.

HOW DO WE COLLECT/KEEP/PROTECT YOUR PERSONAL DATA?

There are several ways to collect your personal information:

• you could directly send it to us either in electronic or hardcopy;
• when the relation with you starts, when you request an offer, when you receive a business proposal, when we realize a project for you or when you send your application (spontaneously or in reply to an announcement) for a role in our Foundation;
• we may receive your data from external sources, such as public databases, websites, social networks and third parties for keeping the contact details and professional information we already hold for you accurate and up to date using publicly available sources.

Personal data shall be kept in an appropriate form, allowing your identification for no longer than is necessary for the business purposes of our Foundation.

We maintain appropriate organizational, physical and technical security measures (including personnel trainings, hardware and software, storage and access controls, monitoring and logging, vulnerability and breach detection, incident response) to protect personal data against unauthorized or accidental access, disclosure or destruction.

WHAT PERSONAL DATA ARE PROCESSED?

Personal data processed by our Foundation are mainly related to your identity, but our intervention is limited to the processing of data obtained in the context of our commercial relations or work, namely for example:

• Name and surname;
• Role;
• Details (e.g., email address, telephone number, postal address);
• Tax numbers/TIN;
• Bank accounts;
• etc.

In the frame of a possible recruiting, we are equally led to collect the following personal information:

• Diplomas;
• Social security numbers;
• Tax card;
• Bank accounts.

 

WHO RECEIVES ACCESS TO YOUR DATA?

All the departments using your data to fulfill the Foundation’s contractual and legal obligations will have access to your personal data and therefore all employees at Foundation have received specific training to understand the importance of the confidentiality of your data and have signed a confidentiality clause.

Our Foundation will also be required to process your personal information for administrative or contractual scope in the frame of the contractual relationship established with you.

In this context, we may therefore be required to transmit certain information to third-party providers (e.g. with regard to the recovery of claims, the keeping of accounts or the preparation of employee pay slips), where legal provisions require that you have given your consent.

We may also share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including:

• Our professional advisers and auditors;
• Suppliers to whom we outsource certain support services ;
• Third parties involved in hosting or organising events or seminars.

For the sake of clarity, we undertake to verify that concerned third-party providers comply with the same level of confidentiality and process your personal data in accordance with the provisions of the GDPR.

It is important to specify that your personal data may be transferred inside and outside the European Union (the “EU”). The level of information protection in countries outside the EU may be less than that offered by GDPR. Where this is the case, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws. EU standard contractual clauses are in place between all companies of Foundation that share and process personal data. Where our third party service providers process personal data outside the EU in the course of providing services to us, our written agreement with them will include appropriate measures, usually standard contractual clauses.

WHO IS RESPONSIBLE FOR DATA PROCESSING AND HOW WE CAN BE CONTACTED?

You may contact the responsible for the data protection through our Foundation at the following coordinates:

Joseph of Arimathea Asset Management Foundation
H-1088 Hungary, Budapest, Muzeum utca 1-3.
Email: info@jaamf.org

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

The GDPR and local laws provide you, inter alia, the following rights regarding your personal data :

The right to access - you have the right to request our company details of your personal data and how it is processed.

The right to rectification - you have the right to request that our company correct аnу information you believe is inaccurate. You also have the right to request our company to complete information you believe is incomplete.

The right to erasure - you have the right to request that our company erase your personal data, under certain conditions.

The right to restrict processing - you have the right to request that our company restrict the processing of your personal data, under certain conditions.

The right to object to processing - you have the right to object to our company's processing of your personal data, under certain conditions.

The right to data portability - you have the right to request that our company transfer the data that we have collected to another organization, or directly to you, under certain conditions.

lf you would like to exercise any of these rights, please contact us at the address mentioned in para. 6. Note that we have one month to respond to you.

If you object or withdraw your consent to the processing of your personal information, we will respect that choice in accordance with our legal obligations. However, such withdrawal could mean that we are unable to perform the actions necessary to achieve the purposes set out above or to contact you (see para. 2).

Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.

For any complaint concerning the processing of your personal data by us, you also have the right to lodge a complaint with the relevant authority responsible for the protection of personal data under Article 77 of the GDPR. In Hungary, the authority in charge of protecting personal data is the The National Data Protection and Freedom of Information Authority.

CHANGES TO OUR PRIVACY POLICY

We will update this Privacy Policy from time to time to reflect changes to the way in which we use your personal data and comply with new requirements regarding data protection. You can always find our current Privacy Policy published on our website.  We remain at your disposal for any further information you may need.

 

Sincerely,
Your team of Joseph of Arimathea Asset Management Foundation