Privacy Policy - Regarding data processing for the sending of newsletters and information
- Name of the Data Controller
Széchenyi István University (hereinafter: the University)
address: 9026 Győr, Egyetem square 1.
email: sze@sze.hu
phone number: +36(96) 503-400
website: uni.sze.hu
- Applicable legislation of data processing:
- Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);
- Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Privacy Act);
- Act CCIV of 2011 on National Higher Education (Nftv.)
- Data subjects and subject matter of data processing:
- Subject matter of data processing: sending newsletters and information
- Data subjects: natural persons who subscribe to the newsletter, who have a student status at the data controller, who have concluded a study contract with the data controller and its legal predecessor institutions, who have completed their studies and passed the final or exit exam (alumni).
- Scope of processed data, purpose, duration and legal basis of data processing, data transfer
|
Scope of processed data |
Purpose of the data processing |
Legal basis of the data processing |
Duration of the data processing |
Source of the data |
|
Personal identification data (name) |
Personalised information: news, further education opportunities, alumni discounts, programmes, applications, event organisation, peer-to-peer searches, professional career support, certificate/diploma issuance, statistics and newsletters.
|
GDPR Article 6(1)(a): consent of the data subject.
|
until withdrawal of consent |
Neptun, voluntary data provision by the data subject |
|
Contact details (email address, telephone number, language of communication) |
Personalised information: news, further education opportunities, alumni discounts, programmes, applications, event organisation, peer-to-peer searches, professional career support and newsletters.
|
GDPR Article 6(1)(a): consent of the data subject.
|
until withdrawal of consent |
Neptun, voluntary data provision by the data subject |
|
Study data (degree, diploma data, professional internship data, family register data, dates related to these, language of training, training data) |
Personalised information: news, further education opportunities, alumni discounts, programmes, applications, event organisation, peer-to-peer searches, professional career support and newsletters.
|
GDPR Article 6(1)(a): consent of the data subject.
|
until withdrawal of consent |
Neptun |
- Data transfer and processing
The University shall only transfer personal data to third parties on the basis of legal authorisation or the consent of the data subject, and only in exceptional cases. The University does not currently use a data processor for data processing.
- Data security measures
The university will ensure adequate security for personal data by implementing appropriate technical and organisational measures to protect against unauthorised or unlawful processing, and against accidental loss or destruction.
7.Your rights regarding data management:
Your data protection rights and remedies, as well as the limitations thereof, are set out in the GDPR, particularly in Articles 15, 16, 17, 18, 19, 21, 22, 77, 78, 79 and 82. You can request information about your data at any time and request that your data be corrected, deleted or restricted. You can also object to data processing based on legitimate interests.
To exercise these rights, please send an email to adatvedelem@sze.hu.
Data Protection Officer: Dr Péter Pőcze
-Right to request information:
You may request information about the processing of your personal information at any time in written form, such as:
-what personal information is being processed
-the legal basis on which we process your personal data
-the purpose for which we process your personal data
-the source from which we process your personal data
-how long we process your personal data
-what data management rights apply to you
-whether we will pass on your personal data and to whom
-Right to rectification:
You have the right to have inaccurate personal data about you rectified by the University upon request.
-Right to erasure
You have the right to request that the University erases your personal data. This right does not apply if the processing of personal data is necessary for compliance with a legal obligation under EU or Member State law, or for the establishment, exercise or defence of legal claims.
-Right to restriction:
At the written request of the Data Subject
- a) the Data Subject debates the accuracy of the personal data, in which case the restriction shall apply for a period which allows the Data Controller to verify the accuracy of the personal data;
- b) the processing is unlawful and the Data Subject opposes the deletion of the data and instead requests that their use be restricted;
- c) the data controller no longer needs the personal data for thepurpose of data processing, but the Data Subject requests them in order to submit, enforce or protect legal claims
Your request for a restriction on data processing must lso indicate the reason for requesting the restriction.
-Right to protest:
You have the right to object to data processing based on a legitimate interest for reasons related to your own situation. In this case, the University will investigate your personal data processing on the basis of a balance of interests and, if your request is found to be well-founded, we will delete your personal data. We will inform you of the result of the investigation in every case.
-Right to withdraw voluntary consent:
You may withdraw your consent to data processing at any time. You may also request the deletion of your uploaded data if you withdraw your consent. However, withdrawal of consent does not affect the lawfulness of data processing based on consent prior to withdrawal.
-Common rules for exercising rights:
The university must provide written information in a publicly accessible form within one month of receiving the request. This information must detail the action taken on the request or its rejection, along with the reasons for it, and must be provided without undue delay. If necessary, taking into account the complexity of the request and the number of requests received, this deadline may be extended by a further two months.
- Your law enforcement options:
If you consider that the data processing is unlawful, you can apply to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) or a court as follows:
-Notification of the competent authority
If you consider that the processing of your personal data – or the exercise of your rights to access public data or data of public interest – has been infringed or is in danger, you may initiate an investigation with the supervisory authority:
Contact information of NAIH:
|
address: |
1055 Budapest, Falk Miksa street 9-11 |
|
phone number: |
+36 (1) 391-1400 |
|
fax: |
+36 (1) 391-1400 |
-Initiation of an official procedure
If you find the processing of your personal data illegal, you can initiate a civil lawsuit against the Data Controller. In Hungary, such a lawsuit falls within the the jurisdiction of the regional courts. You can find out about the jurisdiction and contact information of the courts on the following website: www.birosag.hu