The purpose of the present Policy is to lay down, the principles of data protection and data management applied by Századvég Foundation and its institutional units, Századvég Publisher, Századvég Alumni Club and Budapest Civil Community Service Centre (hereinafter referred together as: Foundation), as well as the Századvég Konjunktúrakutató Zrt. (hereinafter referred to as “Konjunktúrakutató”) (the Foundation and Konjunktúrakutató together referred to as “Controllers”) furthermore the data protection and data management policy of the Controllers which is acknowledged by the Controllers as obligatory and self-binding.
At the drafting of the present document the Controllers have taken into consideration in particular the Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Infotv.), furthermore the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) and the Act V. of 2013. on the Civil Code.
Personal data: data that might be related to a determined natural person (hereinafter: Data Subject) – especially the Data Subject’s name, tax number, one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject -, furthermore a conclusion which is deducted from the data concerning to the Data Subject. In the course of data processing, the data in question shall be treated as Personal as long as the Data Subject remains identifiable through it;
Data Subject: a natural person who grants its Personal data to the Controllers – such as especially: a participant of any research, a registered user of the Századvég Publisher’s webshop (hereinafter: webshop), the user of the Budapest Civil Community Service Centre’s service sor a person who can be related to it, or a member of Századvég Alumni Club (hereinafter: Alumni);
Data Set: shall mean all data contained in a filing system;
Processing of data: shall mean any operation or set of operations that is performed upon data, whether or not by automatic means, such as in particular collection, recording, organization, storage, adaptation or alteration, use, retrieval, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and blocking them from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images);
Controllers (Data Controllers): the natural or legal person, or organisation having no legal personality, which, within the framework laid down in an Act or in a binding legal act of the European Union, alone or jointly with others, determines the purposes of data processing, makes decisions concerning data processing (including the means used) and implements such decisions or has them implemented by a data processor;
In the cases covered by this Policy, the Controllers are the Foundation and the Researcher, as follows:
Name
Századvég Foundation
Registered seat
1037 Budapest, Hidegkuti Nándor street 8-10.
Registration number
Fővárosi Törvényszék, 01-01-0012878
Tax number
19228053-2-41
Phone number
+36 1 479 5280
szazadveg [at] szazadveg.hu
Complaints handling
the contact details indicated in the “Contact” section of the website
Name
Századvég Konjunktúrakutató Zrt.
Registered seat
1037 Budapest, Hidegkuti Nándor street 8-10.
Registration number
Fővárosi Törvényszék Cégbírósága, 01-10-140538
Tax number
27094974-2-41
Phone number
+36 1 479 5280
szazadveg [at] szazadveg.hu
Complaints handling
the contact details indicated in the “Contact” section of the website
Destruction of data: shall mean the complete physical destruction of the medium containing data;
Disclosure by transmission: shall mean making Personal data available to a specific third party;
Public disclosure: shall mean making Personal data available to the general public;
Erasure of data: shall mean the destruction or elimination of data sufficient to make them irretrievable;
Data processing: shall mean the fulfillment of technical tasks related to data processing operations;
Data processor: shall mean natural or legal person, or an organisation not having legal personality which, within the framework and under the conditions laid down in an Act or in a binding legal act of the European Union, acting according to a mandate or instructions given by the controller, processes personal data;
Automated data set: shall mean stream of data that will be the subject of automated data processing;
Mechanical processing: contains the following operations, in case of these are done partially of fully by automated tools: storage of data, logical or arithmetical operations with the data, alteration, cancellation, retrieval and distribution of data;
Pseudonymization: shall mean the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
Consent: means any freely given, specific, informed and unambiguous indication of the data subject’s wishes, by which he, by a statement or a clear affirmative action, signifies agreement to the processing of personal data relating to him;
Personal data breach: shall mean a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised transfer or disclosure of, or unauthorised access to, personal data transferred, stored or otherwise processed;
3.1. The Data Subject may disclose based upon its decision the following data:
3.1.1. During the research: during the research the data determined in the declaration signed by the Data Subject. The Controllers process the Personal data handed over to them relating to the research activity merely for the purpose of facilitating the research activity and the Controllers are entitled to disclose these data to third persons only in case of the approval of the Data Subject is granted. The answers given by the Data Subject in course of the research will be processed and as a result of this they loose their personal aspects hence they might not be related to the Data Subject anymore. The Personal Data are not shared between the Controllers and remain the sole property of the Controller conducting the research.
Personal data fixed for the purpose of scientific research shall be used only for the purpose of scientific research. The verifiability of the relation between the personal data and the Data Subject – as soon as the purpose of research makes it possible – shall be made impossible irrecoverably. In the interim those data, which are suitable for the identification of a determined or possibly determinable natural person, shall be kept separately. These data may be associated with further data only in case of it is necessary for the purpose of the research.
The Controllers may disclose personal data to the public only in the event of
a) the Data Subject gave its consent to it, or
b)it is necessary for the presentation of research results concerning to historical events.
3.1.2. In case of the webshop (concerning to a natural person): Delivery and invoice data: name; postal code; settlement; street; house number. Contacts of the orderer: name; phone number; e-mail address; product cathegory purchased by the orders of the User, the type of payment and takeover applied by the User, the item amount of the purchases made by the User.
During the use of the webshop (in particular during the payment phase), additional data may be processed in connection to the above data, or processed by a person other than the Controller. For more information on such cases, please refer to the General Terms and Conditions of the website
3.1.3. In case of the Alumni: name, address and e-mail address of the proposant.
3.1.4. In case of the Budapest Civil Community Service Centre: names of Data Subjects listed as participants on the attendance registers of events (in case of a legal person the name of the legal person and its representative), and their e-mail address; by application for a newsletter the e-mail address of the Data Subject; furthermore the contacts required for the fulfillment of legal duties of the Centre, which contacts stam, from authority registrars that are available for the public or, from the result of the perfomance of services (name, phone number, e-mail address).
3.2. Data to be recorded technically during the operation of Controllers’ website: those login data of the Data Subject’s computer, which are generated during the use of service and which are recorded as the authomatic result of technical courses by the Controllers’ system. The data to be recorded authomatically are logged by the system authomatically at entry and exit without the additional declaration or action of the Data Subject. These data may not be related – except for mandatory cases ordered by the law – to further Personal user data. Exclusively the Controllers have access to the data (requirement of Data safety).
3.3. Controllers place through their website for the purpose of individualised service a small data package (so-called ’cookie’) on the computer of the Data Subject. The purpose of the cookie is to ensure the utmost high quality operation to improve user experience. The Data Subject is able to cancel the cookie from its own computer, and it is also possible for the Data Subject to fix settings regarding the browser so the cookies will be prohibited. By prohibiting the use of cookies Data Subject aknowledges and accepts that the website does not operate on highest possible level without cookies.
3.4. During the events of the Controllers – accordig to the regulations of crowd scene and public performance – video and audio records are made of the participants. The Controllers inform about this also specifically the participants of its events.
3.5 In certain cases, in particular during an epidemic situation, the Controllers’ events may be held online, with participants taking part via the Internet, through an audiovisual link. In this case, the scope of the personal data processed may include, in addition to the images and audio recordings of the participants, other data of the participants necessary for the establishment of the link (name, telephone number, e-mail address, IP address, etc.), which will be communicated to the Data Subjects separately.
3.6 During registration, ordering from the webshop and subscribing to newsletters, the IT system stores the IT data relating to the consent (date of consent and IP address of the Data Subject) for later evidential purposes.
4.1. Data management takes place based upon a voluntary, specific and definite expression based upon sufficient information ensured to the Data Subject individually or for the users of the internet website www.szazadveg.hu available on the website, whereby they give their consent to the use of their Personal data disclosed, while in exceptional cases it is based upon statutory regulation. The legal basis of Processing of data is accordingly the voluntary consent of the Data Subject based upon Infotv. 5. § (1) point a), or in certain cases a mandatory data management based upon Infotv. 5. § (1) point b).
With regard to the data provided via the website, the Controllers are obliged to confirm the consent of the Data Subject in accordance with the legal provisions, and therefore the legal basis for the storage of the data is the obligation of the Data Controllers to confirm the consent pursuant to Article 7 (1) GDPR.
4.2. The purpose of the Processing of data is to ensure the above activities of the Controllers, furthermore to fulfill the legal duties related to these.
4.3. The purpose of authomatically recorded data (see article 3.2.) is to ensure the providing of services available though the internet site of the Controllers, to view the customized contents and advertisements, to make statistics, to technically develop the informatical system, and to protect the rights of users. The data made available by the Data subject during the use of services may be used by the Controllers to form user groups and to display purposeful contents and/or advertisements on the websites of the Controllers towards the user groups.
4.4. The Controllers are not entitled to use the disclosed Personal data to purposes other than determined in the present articles. The handover of Personal data to any third person or authority – except any Act orders distinctly with mandatory force – is only possible by the preliminary and expressed consent of the Data Subject.
4.5. Controllers do not verify the Personal data disclosed to them. Exclusively the Data Subject is liable for the appropriacy of the data disclosed by the Data Subject. By diclosing its e-mail address any Data Subject undertakes simultanously a liability that exclusively the former Data Subject uses the services under the given e-mail address. Considering this liability undertaking all liability in relationship with the entries under a given e-mail address burdens that Data Subject who registered the e-mail address.
4.6. The Controllers may, on the basis of a separate agreement, use Data Processors – e.g. payment service providers, couriers, postal services, etc. – to perform some of their tasks under this Policy. Provided the Processing of data is made by another person on behalf of the Controllers, then the Controllers may exclusively hire such Data processors who or which grant adequate guaranties to keep the legal regulations of data management and to implement the sufficient technical and management measures that ensures the protection of Data Subject’s rights.
5.1. The processing of Personal data may happen only lawfully and fair, furthermore in a way that is transparent for the Data Subject (’lawfullness, fair process and transparency’).
A személyes adatok kezelése jogszerű, amennyiben legalább az alábbiak egyike teljesül:
The processing of personal data is lawful provided at least one of the below conditions is fulfilled:
a) the Data Subject gave its consent to the processing of its personal data for one or more concrete purposes;
b) the processing of data is requires for the performance of such an agreement inwhich the Data Subject is one of the contraing parties or it is needed to make steps required by the Data Subject before concluding the contract;
c) the processing of data is required for the fulfillment of a legal duty concerning to the Data Subject;
d) the processing of data is needed to protect the essential interests of the Data Subject or of another natural person;
e) the processing of data is of public interest or it is required for the fulfillment of a task within the frames of exercising the power of the state delegated to the Controllers;
f) the processing of data is needed for the enforcement of the Controllers’ or a third person’s lawful interests, except for the case when the Controller’s such interests of fundamental rights and freedoms have priority which require the protection of Personal data, especially if the Data Subject is a child.
5.2. Personal data shall be stored merely for determined, unambiguous, and legal purposes, and may not be used for an alternate purpose. The further processing of data for the purpose of research or statistics (’assignment of purpose’) shall not be considered as inconsistent with the original purpose.
5.3. The Personal data shall be adequate and relevant considering the purposes of data processing and shall be limited to the necessary minimum (’data sparing’).
5.4. The Personal data shall be accurate and up to date in case of necessary; all reasonable measures shall be done for the purpose of the cancellation or correction of those Personal data which are inaccurate considering the purposes of processing of data (’accuracy’).
5.5. The method through Personal data are kept shall enable the identification of the Data Subject merely until the period which is necessary for the purpose of storage (’limited possibility of storage’).
5.6. Adequate security measures shall be taken for the protection of Personal data kept in automated data sets to hinder accidental or illegal destruction, accidental loss, furthoremore the illegal access, change or distribution (’integrity and privacy’).
5.7. The Controllers are liable for the compliance of the above furthermore it shall be able to verify the compliance (’accountability’).
5.8. Processing of Personal data for the purpose of research or statistics shall be made under the adequate guarantee of protecting the rights and freedoms of the Data Subject. These guarantees shall ensure technical and organizational measures being in force which secure especially to keep the principle of data sparing. To such measures may belong the Pseudonymization, provided the mentioned purposes can be fulfilled in such a way. In case of these purposes are reachable through such further processing of data which does not or already does not make possible the identification of the data subjects, then the purposes shall be achieved in such a way.
6.1. The Controllers use the Personal data which are indispensably required to perform the Controllers’ activities based upon the consent of the Data Subjects and exclusively for the concrete purpose.
6.2. Controllers undertake to manage the Personal data possessed considering the regulations of Infotv. and GDPR according to the data protection principles determined in the present document, and do not hand over these to a third party without the approval of the Data Subject or without the permission of the law.
6.3. Controllers undertake obligation to disclose a clear, attention calling and unambiguous notification before recording, fixing, processing any of the Data Subjects’ Personal data, inwhich they are informed about the method, purpose and priciples of the data recording. Beyond these, all in those cases when the recording, processing and fixing is not mandatory by the law, the Contollers attract the Data Subject’s attention to the voluntary nature of data supplying. In case of a mandatory data supplying the law which orders it shall be determined as well. The Data Subject shall be informed about the purpose and the persons who will manage and process the Personal data. The notification about data management is fulfilled also in case of the law regulates the data recording through transmission or connecting arising from an already existing data management.
6.4. Considering the state of science and technology and the costs of implementation, futhermore the type, scope, circumstances and purposes of data management, furthermore the variable probability and severity of risk meant regarding the rights and freedoms of natural persons the Controllers implement by determining the type of data management and during data management such technical and organizational measures – e.g. pseudonymization -, and the aim of these measures is on one hand the effective implementation of data protection principles such as data sparing, on the other hand to set in guarantees into the course of data management which are necessary to fulfill the legal requirements and to protect the Data Subjects’ rights.
The Controllers carry out adequate technical and organizational mesures to ensure that in terms of default interpretation merely such Personal data are to be processed which are necessary for the current concrete purpose of data management. This duty is concerned to the amount of collected Personal data, to the extent of their processing, to the period of storage and to availability.
6.5. In all such cases, when the Controllers intend to use the Personal data provided to an alternate purpose which is different from the original purpose of data recording, then the Controllers shall inform the Data Subject about this and acquire its preliminary and expressed consent, furthermore ensures the possibility to the Data Subject to prohibit the use.
6.6. The Controllers keep the restrictions determined by the law in any and all cases during the recording, fixing and processing of the data, and inform about its activity the Data Subject on demand of the latter via electronic correspondence. The Controllers undertake obligation not to impose any sanctions towards those Data Subjects who denies ti fulfill the non-mandatory providing of data.
6.7. Controllers undertake obligation to provide the safety of Personal data, furthermore make those technical and organizational measures and develops those procedural rules which ensure that the Personal data recorded, stored or processed are protected, and prevent their distruction, illegal use and illegal amendment. Controllers undertake also obligation that all third party to whom the Controllers occurrently forward or hand over the Personal data, are requested to fulfill the above obligations.
6.8. Provided the Personal data does not comply with the truth and the true and valid Personal data are in possession of the Controllers, then the Personal data shall be corrected by the Controllers or by the Data processor based upon the order of the former one.
7.1. The Personal data provided by the Data Subject remain under procession until the Data Subject (especially in case of the newsletter of Alumni and Budapest Civil Community Service Centre) unsubscribes itself – under the concrete user name -, or until it does not apply for the termination of Personal data procession in a written form, or until the purpose of the Personal data processing is exists or the mandatory storage period expire. In the event of an illegal or misleading Personal data use or in case of a crime committed by the Data Subject or in case of an attack against the system the Controllers are entitled to cancel immediately the data of the Data Subject simultaneously with the termination of its regisration, and in case of a suspicion of a crime or civil law liability they are entitled also to keep the Personal data for the period of the procedure to be conducted.
7.2. The data, fixed automatically and technically during the operation of the website, will be stored in the system from their generation until the period of time which is reasonable to ensure the operation of the website. The Controllers ensure that these, automatically fixed data can not be associated with further Personal user data – except for the cases which are mandatory by the law-. In case of the Data Subject has terminated its consent to the processing of its Personal data, or it unsubscribed itself from the service, so after these its identity will not be determinable anymore based upon the technical data.
If the Controllers intend to carry out further processing, they shall provide prior information on the essential circumstances of the processing (legal background and legal basis of the processing, purpose of the processing, scope of the data processed, duration of the processing).
The Controllers are obliged to comply with written requests for data from public authorities based on a legal mandate. The Controllers shall keep records of their processing of Personal data, personal data breaches and measures relating to the Data Subject’s right of access pursuant to Article 25/E of the Infotv., the content of which shall be provided by the Controllers upon the Data Subject’s request, unless the provision of information is excluded by law.
Where the Controllers intend to carry out further processing of the collected data for purposes other than those for which they were collected, they shall inform the Data Subjects of the purposes of the processing and the following information prior to the further processing:
– the duration of the storage of Personal Data or, if this is not possible, the criteria for determining the duration;
– the Data Subject’s right to request the Controllers to access, rectify, erase or restrict the processing of his or her Personal Data and, in the case of processing based on legitimate interest, to object to the processing of Personal Data and, in the case of processing based on consent or contractual relations, to request the right to data portability;
– in the case of processing based on consent, that the Data Subject may withdraw consent at any time,
– the right to lodge a complaint with a supervisory authority;
– whether the provision of the Personal Data is based on a legal or contractual obligation or is a precondition for the conclusion of a contract, and whether the Data Subject is obliged to provide the Personal Data and the possible consequences of not providing the data;
– the fact of automated decision-making (where such a process is used), including profiling, and, at least in these cases, clear information on the logic used and the significance and likely consequences of such processing for the Data Subject.
The Controllers do not use a third party data processor. The Personal data processed by the Controllers are processed by the Controllers or its employees in charge of the data processing. The processed data are managed relating to each activity by the Data processors determined in the information chard concerning to it.
10.1. Provided the processing of data is not occasional, then the Controllers keep a registry about the data management activities belonging to their responsibility. This registry contains the following information:
a) Name and contact of the Controller concerned, furthermore the name and contact of the Controller’s representative;
b) the purposes of data processing;
c) review of the Data Subject cathegories, and the Personal data cathegories;
d) cathegories of such addressed persons or entities towhom the Personal data are or will be disclosed, including also the third country addressed persons or entities or international organizations;
e) in particular cases information concerning to the transmission of Personal data to third countries or to international organizations, including also the identification of a third country or international organiztation, or in case of a transmission according to GDPR section 49. (1) second chapter the description of the adequate guarantees;
f) if applicable, the planned deadlines for the cancellation of different data cathegories;
g) if applicable, the general description of technical and organizational measures implemented as the guarantee of data safety.
The Controllers grant access to the registry according to the law exclusively for the supervising authority based upon its request.
10.2. Considering the state of science and technology and the costs of implementation, futhermore the type, scope, circumstances and purposes of data management, furthermore the variable probability and severity of risk meant regarding the rights and freedoms of natural persons the Controllers and the Data Processor implement adequate technical and organizational measures for the purpose of data safety to be guaranteed on a level complying with the extent of the risk, including also, among others, in particular cases:
a) the pseudonymization and encryption of Personal data;
b) the ensurance of the continual privacy, integrity, availability and the capability of resistance for the systems and services used for Personal data management;
c) in the event of a physical or technical incident the capability of Personal data access and availability restoration in adequate time;
d) a process for systematical testing, examining and evaluating the effectiveness of technical and organizational measures ordered to guarantee the safety of data processing.
By determining the adequate safety level those risks arising from data management shall be expressly taken into consideration, which may occur by the accidental or illegal destruction, loss, alteration, or by illegal disclosure to public, or by illegal access to the Personal data especially when transmitted, stored or managed in any other ways.
The Controllers and the Data processor take measures to ensure that the natural persons having access to the Personal data acting according to the directions of the Controllers or Data processor have the possibility to manage the above menioned data merely according to the instruction of the Controller, except these persons are obligated to alter from such instruction by force of the law.
10.3. The Controllers shall report a personal data breach without an unjustified delay and if possible, they shall report latest within 72 hours after the personal data breach came to their knowledge, to the competent supervising authority except the personal data breach probably does not mean a risk to the rights and freedoms of the natural persons.
In the report the nature of personal data breach including also – if possible – the cathegories of Data subjects and their estimated number, the cathegories and estimated number of data affected by the breach shall be descibed; the name and availability of the contact person providing further information shall be disclosed; the potential consequences arising from the data breach shall be listed; measures done or planned by the Controllers as a remedy of the data breach, including also if necessary the measures to ease the occurrent detrimental consequences arising from the data breach. Provided the information can not be disclosed simultanously, then it can be disclosed without further unjustified delay later in parts.
The Controller keeps a record about the Personal data breaches, listing the fact, the consequences of it and the measures to remedy related to the data breach.
The Controllers are entitled and obligated to transmit all such Personal data available and stored lawfully by the Controllers to the competent authorities, towhich transmission the Controllers are obligated by the law or by final and enforceable authority decision. Controllers shall not be liable for such data transmission or for the consequences that stam from such transmission.
12.1. Data subjects are entitled to ask or inquire in a written form, via registered mail or with receipt required sent to the Controllers’ address or to the e-mail address of the Data processor appointed in the concerning information chart about the following
The Data subject shall have the right to withdraw consent at any time, in which case the data provided shall be deleted from the systems of the Controller concerned, subject to the exceptions mentioned below and those listed in the data deletion. The use of the webshop may result in the impossibility to deliver the ordered Product to the Customer in the case of an unfulfilled order, and in the case of completed purchases, the deletion of data related to invoicing is excluded by law on the basis of accounting regulations, and if the Data Subject has a debt, it is necessary to process his/her data even in the case of withdrawal of consent on the basis of a legitimate interest in the recovery of the debt.
A request for information sent in e-mail can be considered as official only if – provided it is available for the Controllers – it was sent from the registered e-mail address of the Data subject. The request for information may cover the Data subject’s data managed by the Controllers, its source, the purpose of data management, its legal basis, the period of it, the names and addresses of the possible Data processors, the activities related to the data management, furthremore in case of the transmission of Personal data who and for what purpose received or will receive the data of the Data subject.
After the fulfilment of a request concerning to the cancellation or amendment of a Personal data the former (cancelled) data can not be restored anymore.
12.2. Regarding a query on data management the Controllers shall give the information in a written form upon the request of the Data subject, in a plain form, within the shortest period of time counted from the receipt but latest within 25 days. In case of an e-mail the first working day following the sending shall be considered as the date of receipt.
12.3. About the correction, lockup and cancellation of the Personal data the Data subject furthermore all those persons shall be notified to whom the data has been previously forwarded for the purpose of data management. The notification may be ignored if it does not violate the lawful rights of the Data subject considering the purpose of data management.
12.4. The Data subject is entitled to the cancellation of its Personal data by the Contollers without unjustified delay based upon the Data subjects request, and the Controllers are obligated to cancel the Personal data concerning to the Data subject without unjustified delay – except for the alternate regulation of the law -, in case of any of the following reasons emerge:
a) the Personal data are not needed anymore for the purpose they were collected or managed any other way, or the deadline for Personal data storage determined by the law has been expired;
b) the Personal data is incomplete or wrong and this status can not be corrected in a lawful way, provided that the cancellation is not excluded by the law;
c) the Data subject revokes its permissioin as the basis of data management, and the data management has not other legal basis;
d) the Data subject objects against the data processing and there is no lawful reason having priority for the data processing;
e) the Personal data has been processed illegally;
f) the Personal data shall be cancelled to fulfill the regulations of the law (the cancellation of the Personal data has been ordered by the court or authority).
Provided the Controllers have disclosed the Personal data to public and the Controllers shall cancel such data as written above, then the Controllers shall make the reasonably requestable steps considering the costs of the available technology and implementation – including also the technical measures – to inform the controllers who manage the data that the Data subject has requested the cancellation of the links referring to the Personal data in question or the copies or duplicates of such Personal data.
The terms and conditions determined in the present article are not applicable provided the data management is necessary:
a) to exercise the right to freedom of opinion and expression, and the right to information;
b)for the purpose of fulfilling the obligation of Personal data processing ordered by the law as the obligation of the Controllers, or to execute a task which shall be done arising from public interest;
c) for the purpose of making public interest archives, for scientific or historical research or statistical purposes provided the cancellation of the data would probably make impossible or would seriously jeopardize such data management; or
d) to file legal claims, to enforce or protect such claims.
12.5. Instead of a cancellation the Controllers lock up the Personal data in case of the Data subject requires it, or if it is presumable based upon the available information that the cancellation would violate the lawful rights of the Data subject. The Personal data locked up this way may be processed merely until the purpose of data processing, which excluded the cancellation of the Personal data, exists.
12.6. The Data subject, and all those to whom the Personal data was transmitted previously for the purpose of Processing of data, shall be notified about the correction, lock-up, marking and cancellation. The notification can be skipped by the Controllers if it does not violate the lawful interest of the Data subject considering the purpose of Processing of data.
12.7. Provided the Controllers do not perform the Data subject’s request for correction, lock-up or cancellation so the Controllers shall inform the Data subject within 25 days counted from the receipt of request in a written form about the factual and legal justification why the application for correction, lock-up or cancellation has been rejected, furthermore notifies the Data subject that it may turn to the court or to the Hungarian National Authority for Data Protection and Freedom of Information over against the resolution of the Controllers.
12.8. The Data subject is entitled to a restricted processing of data implemented by the Controllers based upon the request of the Data Subject, provided any of the following conditions are fulfilled:
a) if the Data Subject contests the accuracy, correctness or completeness of the Personal Data processed by the Controller concerned or by a Data Processor acting on its behalf or at its instructions, and the accuracy, correctness or completeness of the processed Personal Data cannot be established beyond reasonable doubt, for the period necessary to resolve the doubt;
b) the procession of data is illegal, and the Data subject objects the cancellation of data, instead of it requests the restriction of their use;
c) the Controller concerned does not need the Personal data anymore for processing of data, but the Data subject claims to get them for the filind, enforcement of protection of a legal claim;
d) the Data subject objected against the processing of data; in this event the restriction concerns to the period of time until it is determined whether the lawful reasons of the Controllers have priority against the lawful reasons of the Data subject or not
e) if the data should be erased but there are reasonable grounds to consider, on the basis of a written declaration by the Data Subject or on the basis of information available to the Controllers, that the erasure of the data would harm the legitimate interests of the Data Subject, for the duration of the legitimate interest not to erase the data;
f) if the data should be erased but are necessary to preserve them as evidence in investigations or proceedings, in particular criminal proceedings, carried out by or with the participation of Controllers or other public authorities, as provided for by law, pending the final or conclusive outcome of such investigations or proceedings;
g) if the data should be erased but must be kept for the purpose of complying with a documentary obligation, for ten years after the erasure of the data processed.
Provided the processing of data is under restrictions, then such Personal data – except for the storage – can be processed only with the approval of the Data subject, or for the filing, enforcement or protection of legal claims, or for the protection of rights of other natural persons or legal entities, or arising from an important public interest of the European Union or any member state.
The Controllers preliminary inform the Data subject – who requested the restrictions of data processing – about the release of data processing restrictions.
12.9. The Data subject may object against the processing of its Personal data,
a) if the procession or transmission of Personal data is necessary only for the fulfilment of the legal obligation to which the Controller is subject or for the enforcement of the Contoller’s, the Personal data recipient’s or third person’s lawful interests, except for a mandatory data processing;
b) if the use or transmission of Personal data happens for the purpose of direct business acquisition, for a survey or for a scientific research; furthermore
c) törvényben meghatározott egyéb esetben. in additional cases determined by staturory law.
The Controllers examine the objection within the shortest period from its receipt but latest within 25 days, decide on its merits and inform the Data subject about their decision in a written form.
In case of the Controllers determine the well-foundedness of the Data subject’s objection, so the Controllers terminate the processing of data – including also the further data recording and transmission -, locks up the Personal data and informs about the objection and about the measures imposed based upon it to whom the Personal data affected by the objection previously has been transmitted, and who are obligated to take measures in favour of the enforcement of the objection right. If the Data subject does not agree with the decision of the Controllers or if the Controller sfail to keep the deadline referred in the present article, then it may to turn to the court within 30 days counted from the disclosure of the decision or from the last day of the deadline.
The Data subject may exercise its right of prosecution based upon Infotv. and the Act V. of 2013 (Ptk.) at the court, furthermore in any issue related to a Personal data may apply also for the support of the competent supervisory authority, the Hungarian National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa str. 9-11; postal address: 1363 Budapest, Pf. 9.).
The Data subject may turn to the court in case of the violation of its rights, furthermore in cases determined in section 21. § of the Infotv. against the data recipient and Controllers. The court proceeds in the case out of turn. The adjudication of the lawsuit belongs to the competency of the general court.
Beyond these, the competent Data processors may be also contacted via e-mail as written in the concrete information charts concerning to questions or comments relating to processing of data.
14.1. The Controllers are entitled to amend the present Policy unilaterally at any time. The Data subjects acknowledge and accept the amended data management rules by the continual use of the services, there is no need to ask for their further consent.
©2024 SZÁZADVÉG
All rights reserved.
Informations
Contacts
Address
HU-1037 Budapest,
Hidegkuti Nándor u. 8-10.
Phone
E-mail address
Fax
+36 1 479 5290
Frissítettük feltételeinket
Javasoljuk, hogy tekintse át frissített adatvédelmi és adatkezelési tájékoztatónkat, valamint jogi nyilatkozatunkat. A folytatással elfogadja az itt felsorolt frissített feltételeket.
