PRIVACY POLICY - Regarding public events organized by Széchenyi István University
We inform you that Széchenyi István University attaches great importance to the protection of personal data and wishes to ensure the right of individuals to self-determination in all circumstances.
Széchenyi István University manages any data – that came to our attention in the context of the Alumni Portrait programme and the International Alumni of the Year Award – in accordance with the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Privacy Act), Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- Name of the Data Controller
Széchenyi István University (hereinafter: the University)
address: 9026 Győr, Egyetem square 1.
email: sze@sze.hu
phone number: +36(96) 503-400
website: uni.sze.hu
- Applicable legislation of data processing:
- Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
- Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Privacy Act);
- Act V of 2013 on the Civil Code.
- Subjects of data management
- The subject of data processing is data processing related to the organization and implementation of public events organized by Széchenyi István University.
- Data subjects: Natural persons who register for and participate in events.
- The scope of the processed data, the purpose, duration, legal basis and source of the data processing:
- Data processing relating to participants
|
Scope of the processed data |
Purpose of the data processing |
Legal basis of the data processing |
Duration of the data processing |
Source of the data processing |
|
Personal details of the person registering (name, email address, phone number)
|
Organization of the event
|
GDPR Article 6(1)(b) – performance of a contract
|
Until the event takes place If you agree on the website/at the venue to receive information about upcoming events, we will process your data based on your voluntary consent until you withdraw your consent. We will process your data for the purpose of sending you information about upcoming events.
|
The voluntary provision of data by the data subject
|
|
The crowd shots taken at the event
|
Documentation and promotion of the event
|
GDPR Article 6(1)(f) – legitimate interest in documenting and promoting the event |
until the legitimate interest exists
|
Photographs and video recordings made by the organizers
|
|
Unique recordings made at the event
|
Documentation and promotion of the event
|
GDPR Article 6(1)(a) – consent
|
Until the consent is withdrawn, or at the latest until the article using the photograph or recording is stored.
|
Photographs and video recordings made by the organizers
|
4.1.1 Data processing procedure
The registration data received will be used by the University staff for event organization purposes.
By completing and signing the attendance sheet or registering for the event online, the data subject declares that they have been duly informed about the data processing related to the event. The data subject acknowledges that by consenting to data processing, the University may use the personal data provided for PR, marketing, and communication purposes in accordance with the purpose of data processing and in a manner that adequately protects the interests of the data subjects.
The recordings made at the event are used to document and promote the event, and may be published on the data controller's websites and social media platforms.
- Data transfer, data processing
Data controllers shall only transfer personal data to third parties in exceptional cases, based on legal authorization or the consent of the data subject. Data controllers may use data processors for the present data processing.
- Data security measures
The University will ensure adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, by implementing appropriate technical or organizational measures.
- Your rights regarding data management:
Your data protection rights and remedies, and their limitations are set out in detail in the GDPR (In particular Articles 15, 16, 17, 18, 19, 21, 22, 77, 78, 79 and 82). At any time, you may request information about your data, request the rectification, erasure or restriction of your personal data, or object to the processing of data based on a legitimate interest.
You may exercise your rights through the following contact details:
in person: 9026 Győr, Egyetem square 1.
by phone: +3696 503 400
on e-mail: adatvedelem@sze.hu
DPO: dr. Pőcze Péter
-Right to request information:
You may request information about the processing of your personal information at any time in written form, such as:
-what personal information is being processed
-the legal basis on which we process your personal data
-the purpose for which we process your personal data
-the source from which we process your personal data
-how long we process your personal data
-what data management rights apply to you
-whether we will pass on your personal data and to whom
-Right to rectification:
You have the right to have inaccurate personal data about you rectified by the University upon request.
-Right of cancellation:
You may request in writing that the Data Controller erase your personal data if:
(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed
(b) the data subject has withdrawn his or her consent to the processing of the personal data
(c) the data subject objects to the processing on the basis of Article 21(1) of the GDPR Regulation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing on the basis of Article 21(2)
(d) the personal data have been unlawfully processed
(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject
(f) the personal data were collected in connection with the provision of information society services referred to in Article 8(1) of the GDPR Regulation
-Right to restriction:
At the written request of the Data Subject
- a) the Data Subject debates the accuracy of the personal data, in which case the restriction shall apply for a period which allows the Data Controller to verify the accuracy of the personal data;
- b) the processing is unlawful and the Data Subject opposes the deletion of the data and instead requests that their use be restricted;
- c) the data controller no longer needs the personal data for thepurpose of data processing, but the Data Subject requests them in order to submit, enforce or protect legal claims
Your request for a restriction on data processing must lso indicate the reason for requesting the restriction.
-Right to protest:
You have the right to object to data processing based on a legitimate interest for reasons related to your own situation. In this case, the University will investigate your personal data processing on the basis of a balance of interests and, if your request is found to be well-founded, we will delete your personal data. We will inform you of the result of the investigation in every case.
-Right to withdraw voluntary consent:
Your consent to data management can be withdrawn at any time, and you can also request the deletion of your uploaded data if your consent is withdrawn. Withdrawal of consent shall not affect the legality of the data processing prior to withdrawal.
-Common rules of practice:
The University shall, without undie delay, provide information in written form, in an accessible format, within one month of the reception of the application, on the measure taken in response to the application, or on its rejection and reason.If necessary, taking into account the complexity of the application and the number of applications, this period may be enxtended by a further two months.
- Your law enforcement options:
If you consider that the data processing is unlawful, you can apply to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) or a court as follows:
-Notification of the competent authority
If you consider that the processing of your personal data – or the exercise of your rights to access public data or data of public interest – has been infringed or is in danger, you may initiate an investigation with the supervisory authority:
Contact information of NAIH:
|
address: |
1055 Budapest, Falk Miksa street 9-11 |
|
phone number: |
+36 (1) 391-1400 |
|
fax: |
+36 (1) 391-1400 |
-Initiation of an official procedure
If you find the processing of your personal data illegal, you can initiate a civil lawsuit against the Data Controller. In Hungary, such a lawsuit falls within the the jurisdiction of the regional courts. You can find out about the jurisdiction and contact information of the courts on the following website: www.birosag.hu