PRIVACY NOTICE In this Privacy Notice, the Mária Kopp Institute for Demography and Families (hereinafter referred to as the „Data Controller”) provides information on the scope of personal data processed in the course of its activities, its practices in the processing of personal data, its organisational and technical measures taken to protect personal data, as well as the rights of data subjects, the ways and means of exercising them.
The Data Controller may not disclose any data during the application process that is subject to the provisions of the Directive of 27 April 2016 Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 and Act CXII of 2011 on the right to information self-determination and freedom of information, or which is considered personal data or a business secret under Act LIV of 2018 on the protection of business secrets, or the disclosure of which the Candidate has not previously consented to.
- Data of the data controller
name: Mária Kopp Institute for Demography and Families
head office: 1016 Budapest, Sánc u. 3 / b
tax number: 15838492-2-41
- Purpose, scope, legal basis and duration of the data processed
Purpose of data processing:
The purpose of the data processing during the event is to enable the Data Controller to process the data provided by the registrants after completing the registration form on the KINCS Smart Family Festival website (www.smartfamily.hu) during the event.
Scope of the processed data:
The Data Controller handles the provided personal data (name, e-mail address and other personal data) in compliance with the applicable legislation.
Legal basis of the data processing:
The legal basis for data processing is the consent of the data subject [Article 6 (1) (a) GDPR]. Withdrawal of consent shall not affect the lawfulness of data processing based on consent prior to its withdrawal. Duration of data processing:
The controller will process the personal data until the application is closed or the statement of consent of the data subject is withdrawn.
- Data management relating to the organization, management and accounting of events
Purpose of data processing:
The purpose of data management is to identify and record the participants of the events and workshops organized by the Data Controller (in particular events related to the application), to document the event by means of images and videos as promotional activities(sharinge the images and videos publicly ) and to fulfil the accounting obligations related to the organisation of the event. Scope of the processed data:
The names and signatures of the persons registering for the events, their e-mail addresses in the case of invited persons, and in case of photo and video recordings, their identifiable image on the recordings.Legal basis of the data processing:
The management of data related to the organization and conduct of events is based on the consent of the participants (Article 6 (1) (a) GDPR). Event-related accounting obligations are based on law, and the processing of data in this context is necessary for the fulfillment of a legal obligation (Article 6(1)(c) GDPR, including Act C of 2000 on Accounting, Act CL of 2017 on the Rules of Taxation, and specific legislation applicable to the project). . In the case of mass recordings, the legal basis for data processing is the Data Controller’s legitimate interest in documenting the events (Article 6 (1) (f) GDPR).Duration of data processing:
- In connection with data processing based on consent, the Data Controller shall process the personal data until the data subject’s consent is revoked. In order to fulfill the accounting obligations, the data controller handles the relevant personal data for a period of time specified in legislation (including Act C of 2000 on Accounting, Act CL of 2017 on the Taxation System, and a specific applicable to the given project).Data management relating to visit to the data controller’s website
- Persons entitled to access the data
- Employees of the Data Controller shall process the provided data solely in accordance with the provisions of the internal data protection regulations and the applicable legislation in order to perform the tasks specified in their employment contract and job description. The jury of the semi-final and final of the competition is only entitled to access the data necessary for the professional evaluation and in influencing it to the necessary extent.Basic data security measures
- The data controller shall handle the personal data with the utmost care, taking into account the provisions of the relevant legislation and the internal data protection policy , in strict confidence, only to the extent necessary, in accordance with any provisions of the person giving consent .The Data Controller strives with special care for the secure handling of personal data, therefore it has taken the technical and organizational measures and established the procedural rules necessary for the enforcement of data management and data protection legislation.Rights of the data subject and rules for the exercise of rights
Right to request information
The data subject may request information on the personal data processed. In this case, the data controller shall inform the data subject of the personal data processed, , the purpose and duration of the data processing, the rights related to the data processing and the right to submit a complaint to the National Data Protection and Freedom of Information Authority.Right to make a copy
The data subject may request a copy of the personal data processed. In this case, the data Controller forwards a copy of the processed personal data to the contact details indicated by the data subject (e-mail address, mailing address).Right to amend
The requested controller shall, at the request of the data subject, amend or rectify the personal data or store the new personal data provided by the data subject.
Withdrawal of consent
If the data processing was based on the data subject’s consent, he or she has the right to withdraw his or her consent at any time. However, the withdrawal of consent shall not affect the lawfulness of the data processing prior to the withdrawal.Right to data erasure
In a letter sent to the data controller, the data subject may request the deletion of his or her personal data. The data controller may refuse the data subject’s request only in cases specified by the GDPR.
Right to restrict
The data subject may request the blocking of personal data if
- the processing is unlawful and opposes the deletion of personal data and calls instead for restrictions on their use;
- the controller no longer needs the personal data, but the data subject requests that the data be blocked for the establishment, exercise or defence of legal claims.
In the case of a right to a restriction, the reason for requesting the restriction must be indicated. The Data Controller shall comply with the request for restriction of data processing by storing personal data separately from all other personal data. For example, in the case of electronic data files, they are saved on an external data carrier and the paper-based documents are stored in a separate folder.Right to data portability
The data subject has the right to receive his / her personal data in a widely used format (especially in a file with a .pdf, .doc extension) and to transfer it to another data controller.The right to object
The data subject has the right to object at any time, for reasons related to his or her particular situation, to the processing of his or her personal data on the basis of legitimate interest. The Controller will then examine the data subject’s legitimate interests and may process personal data primarily if the processing is related to the establishment, exercise or defence of legal claims.The data controller shall comply with the request within one month, which may be extended by a maximum of two months.
- If the request is refused, the Controller shall, within one month of receipt of the request, inform the data subject of the reasons for the refusal and of the right to lodge a complaint with the Authority and to seek judicial remedy.If the Controller has reasonable doubts as to the identity of the person making the request, it may request the provision of information necessary to confirm the identity of the data subject. This may in particular be the case where the data subject exercises his or her right to request a copy, in which case it is reasonable for the Controller to check that the request originates from the person entitled. Enforcement options for the data subject
To exercise his or her rights in relation to the processing, the data subject may contact the Data Controller at the contact details provided in this Notice . The data subject’s claim or complaint may be submitted in writing, electronically or in person – by recording it in the minutes. The Data Controller shall examine the request or complaint on the basis of its content within 30 days.
In order to enforce his/her rights, or if the data subject considers that the data controller’s processing does not comply with the legal requirements, he/she may initiate an official procedure with the National Authority for Data Protection and Freedom of Information (Postal address: 1530 Budapest, PO Box 5, e-mail address: firstname.lastname@example.org).The data subject might directly go to court if they consider that a Data Controller is breaching the law in its data processing or is causing harm as a result of its unlawful conduct. .
- Amending the Data Processing Policy
The Data Controller reserves the right to amend this Notice at any time by unilateral decision.