Privacy Policy
1. General information
1. 1. As of 25 May 2018, the European Union's General Data Protection Regulation 2016/679, i.e. the GDPR, become mandatory, extending the scope of personal data protection previously provided for by the Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information. The essence of the legal regulation is that the processing of personal data is subject to strict conditions, and in case of non-compliance the affected organization may be subject to severe sanctions, therefore the nature of the data processed in the organization, its processing and its compliance and security must be assessed. The GDPR also applies to our Foundation, so we are issuing the present policy on the rules for the processing of personal data of third parties.
1. 2. In the course of our activity, we pay special attention to the protection of the personal and sensitive data received by our c Foundation during the data management that we necessarily carry out.1. 3. Our Foundation pays special attention to the compliance with the provisions of the applicable legislation when processing personal data. Our Foundation treats personal data confidentially and takes all technical and security measures to ensure the security of the data. Our Foundation's data management principles comply with the applicable legislation on data protection, in particular the following:
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 Privacy Policy (general data protection regulation) (before and after: GDPR)
- Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (before and after: Info Act)
- Act C of 2000 on Accounting (hereinafter: Accounting Act)
- Act CVIII of 2001 on Certain Issues of Electronic Commercial Services and Services related to the Information Society Services.
- Act I of 2012 on the Labor Code.
1. 4. ‘Data processing’ means any operation or set of operations which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion, or destruction.
1.5. ‘Personal data’ means any data that can be associated with a specific natural person (identified or identifiable), and any inference that can be drawn from the data concerning the affected person. The personal data shall retain this quality for as long as its link with the data subject can be re-established during the processing. In particular, a person may be regarded as identifiable if he or she can be identified, directly or indirectly, by reference to a name, an identification mark or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
1. 6. ‘Special data’ include data revealing racial or ethnic origin, membership of national or ethnic minorities, political opinions or political parties, religious or philosophical beliefs, membership of representative associations, health, data concerning health conditions, data concerning a pathological condition or sexual life and personal data concerning criminal offences.
1. 7. Our Foundation shall not be responsible for any special data that will be provided us without our express request, so please do not provide such information unless you expressly are requested it.
2. Purpose of the information
The purpose of this data protection information is to make the data management procedures transparent after contacting us, as well as the enforcement of the principles and rules related to the protection of the personal data of natural persons, regardless of their nationality and place of residence. The fundamental goal of our Foundation is to respect the fundamental rights and freedoms of these natural persons in all cases, especially with regard to their right to the protection of their personal data.
3. Types of data management
The types of data management, the scope of the managed data, the purpose of the data management, the legal basis and duration of the data management and the scope of the persons entitled to data management are contained in the table attached to this data protection information. Its purpose is the enforcement of the principles and rules related to the protection of natural persons personal data regardless of their citizenship and place of residence. The fundamental goal of our Foundation is to respect the fundamental rights and freedoms of these natural persons in all cases, especially with regard to their right to the protection of their personal data.
4. Recipients of personal data: data transmission, data processors
4. 1. The data will be processed and forwarded to third parties located within or beyond the country's borders in accordance with the attached table.
4. 2. In case of data transfer to abroad, the third country to whose territory the personal data is transferred ensures the appropriate level of protection in connection with the management of personal data.
5. Data security
In order to ensure the security of your personal and special data, our Foundation uses technical and procedural measures to prevent unauthorized access, alteration or transmission, intentional and unintentional deletion or destruction of such data.
The collection, storage, transmission of personal and sensitive data to third parties and any other processing activities that are appropriate to the purpose of the processing are carried out in such a way that unauthorised persons do not have access to them.
6. Rights of the data subject
6. 1. Right to information
The data subject has the right to transparent information and information about the processing of his or her data and the possibilities to exercise his or her data subject rights. Our Foundation fulfils this obligation by publishing this information on its website.
6. 2. Access right
The data subject has the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access the personal data and information regarding the processing of the personal data.
6. 3. Right to rectification
If the data subject's personal data change or are incorrectly recorded, the data subject has the right to obtain, at his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her by our Foundation.
6. 4. Right to delete
In the cases provided for by law (Article 17 GDPR), the data subject may request the erasure of his/her data processed by our Foundation.
6. 5. Right to restrict processing
In the cases provided for by law (Article 18 GDPR), the data subject may request the restriction of the processing of his or her personal data by our Foundation.
6. 6. Right to object
In case of processing based on legitimate interest, the data subject may object to the processing of his/her data. In such a case, our Foundation may no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
6. 7. Right to data portability
In case of processing based on legitimate interest, the data subject may object to the processing of his/her data. In such a case, our Foundation may no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
6. 8. Right to complain
The data subject shall have the right to lodge a complaint with the supervisory authority if he or she considers that the processing of personal data concerning him or her infringes the provisions of the GDPR. See section 7 of this prospectus for further details on the possibility of enforcement.
7. Enforcement
7. 1. Before taking legal action, please contact our Foundation's Data Protection Officer at Anna Mária Steiner-Isky.
7. 2. You can enforce your right to the protection of your personal data before a civil court, or you can apply to the Office of the Commissioner for Fundamental Rights or the National Authority for Data Protection and Information.
7. 3. National Data Protection and Freedom of Information Authority (address: 1055 Budapest, Falk Miksa utca 9–11, postal address: 1363 Budapest, Pf.: 9.) anyone may initiate an investigation by filing a complaint alleging that there has been or there is an imminent threat of infringement of law relating to the processing of personal data or the exercise of their rights to becoming aware of information of public interest or which are public due to public interest.
7. 4. You can refer to the court concerned:
– the denial of information
– the rejection of the request for rectification, deletion or blocking
– the violation of your rights; and
– if you disagree with the decision on the request for objection, or if our Foundation fails to comply with the deadline for examining the request for objection, within 30 days of the date of notification of the decision or the last day of the deadline.
7. 5. The court in the place where the Foundation as the defendant is seated (Budapest Metropolitan Court) has jurisdiction to hear the case. At the choice of the data subject, the lawsuit may be initiated before the court in the place where they are domiciled.
8. Incident management
8. 1. Pursuant to the Regulation, “privacy incident” means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or unauthorized access to the personal data transferred, stored or otherwise processed.
8. 2. As soon as our Foundation becomes aware of a privacy incident, it shall report it to the competent supervisory authority without undue delay and, if possible, no later than 72 hours after becoming aware of the privacy incident.
8. 3. If you have any complaints, objection about our Foundation’s processing, please contact our Foundation for consultation before initiating any of the above procedures.