PRIVACY NOTICE

PRIVACY NOTICE In this Privacy Notice, the Mária Kopp Institute for Demography and Families (hereinafter referred to as the “Data Controller”) provides information on the scope of personal data processed in the course of its activities, its practices in the processing of personal data, its organisational and technical measures taken to protect personal data, as well as the rights of data subjects, the ways and means of exercising them.

In all cases, the Data Controller shall process  the personal data provided to it in compliance with the Data Controller’s privacy policy  and the applicable Hungarian and European data protection and data management legislation and ethical standard s, and shall in all cases take the technical and organizational measures necessary for proper secure data management.By providing personal data, the data subject accepts the terms and conditions set out in this privacy notice  and consents to the processing of his or her personal data. Any changes to this privacy  notice will automatically apply to the processing of personal data provided by the data subject, even if a previous privacy  notice was in force at the time the personal data was provided.This privacy statement applies only to the personal data of natural persons.

The Data Controller may not disclose any data during the application process that is subject to the provisions of the Directive of 27 April 2016 Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 and Act CXII of 2011 on the right to information self-determination and freedom of information, or which is considered personal data or a business secret under Act LIV of 2018 on the protection of business secrets, or the disclosure of which the Candidate has not previously consented to.

  1. Data of the data controller

    name: Mária Kopp Institute for Demography  and Families
    head office: 1016 Budapest, Sánc u. 3 / b
    e-mail: info@koppmariaintezet.hu
    tax number: 15838492-2-41
  2. Purpose, scope, legal basis and duration of the data processed

Purpose of data processing:

The purpose of the data processing during the event is to enable the Data Controller to process the data provided by the registrants after completing the registration form on the KINCS Smart Family Festival website (www.smartfamily.hu) during the event.

Scope of the processed data:

The Data Controller handles the provided personal data (name, e-mail address and other personal data) in compliance with the applicable legislation.

Legal basis of the data processing:

The legal basis for data processing is the consent of the data subject [Article 6 (1) (a) GDPR]. Withdrawal of consent shall not affect the lawfulness of data processing based on consent prior to its  withdrawal. Duration of data processing:

The controller will process the personal data until the application is closed or the statement of consent of the data subject is withdrawn.

  1. Data management relating to the organization, management  and accounting of events

Purpose of data processing:

The purpose of data management is to identify and record  the participants  of the events and workshops organized by the Data Controller (in particular events related to the application), to document the event by means of  images and videos as promotional activities(sharinge the images and videos publicly ) and to fulfil the accounting obligations related to the organisation of the event. Scope of the processed data:

The names and signatures of the persons registering for the events, their e-mail addresses in the case of invited persons, and in case of photo and video recordings, their identifiable image  on the recordings.Legal basis of the data processing:

The management of data related to the organization and conduct of events is based on the consent of the participants (Article 6 (1) (a) GDPR). Event-related accounting  obligations are based on law, and the processing of data in this context  is necessary for the fulfillment of a legal obligation (Article 6(1)(c) GDPR, including Act C of 2000 on Accounting, Act CL of 2017 on the Rules of Taxation, and specific legislation applicable to the project). . In the case of mass recordings, the legal basis for data processing is the Data Controller’s legitimate interest in documenting the events (Article 6 (1) (f) GDPR).Duration of data processing:

  1. In connection with data processing based on consent, the Data Controller shall process the personal data until the data subject’s consent is revoked. In order to fulfill the accounting  obligations, the data controller handles the relevant personal data for a period of time specified in legislation (including Act C of 2000 on Accounting, Act CL of 2017 on the Taxation System, and a specific  applicable to the given project).Data management relating  to visit to  the data controller’s website

The  website www.smartfamily.hu (hereinafter: Website) operated by the data controller uses cookies, which files provide information about the user’s browsing  habits, but do not store personal information. Cookies allow the data controller to improve its services and enhance the user experience.The use of cookies can be deleted from the data subject’s computer or can be prevented by default in the browser. The information  collected by cookies will not be sold, rented or otherwise distributed to third parties by the data controller, except to the extent necessary to provide the services for which the data subject has previously and voluntarily provided the information.The Website may contain links to independent sites  controlled and maintained by third parties. The Controller does not control the use of the information by such third parties, in all cases the provisions of the third party data protection directive apply, for which the controller does not accept responsibility and cannot be held legally liable.The Data Controller reserves the right, at its sole discretion, to amend any part of this Policy at any time. Please check the Website regularly for any changes. The  continued  use of the Website following the posting of changes to this Privacy Notice will constitute acceptance of those changes and the current policy.

  1. Persons entitled to access the data
  2. Employees of the Data Controller shall process the provided data solely in accordance with the provisions of the internal data protection regulations and the applicable legislation in order to perform the tasks specified in their employment contract and job description. The jury of the semi-final and final of the competition  is only entitled to access the data necessary for the professional evaluation and in influencing it to the necessary extent.Basic data security measures
  3. The data controller shall handle the personal data with the utmost care, taking into account the provisions of the relevant legislation and the internal data protection policy , in strict confidence, only to the extent necessary, in accordance with any provisions of the person giving consent .The Data Controller strives with special care for the secure handling of personal data, therefore it has taken the technical and organizational measures and established the procedural rules necessary for the enforcement of data management and data protection legislation.Rights of the data subject and rules for the exercise of rights

Right to request information

The data subject may request information on the personal data processed. In this case, the data controller shall inform the data subject of the personal data processed, , the  purpose and  duration of the data processing, the rights related to the data processing and the right to submit a complaint to the National Data Protection and Freedom of Information Authority.Right to make a copy

The data subject may request a copy of the personal data processed. In this case, the data Controller forwards a copy of the processed personal data to the contact details indicated by the data subject (e-mail address, mailing address).Right to amend

 The requested controller shall, at the request of the data subject, amend or rectify the personal data or store the new personal data provided by the data subject.

Withdrawal of consent

If the data processing was based on the data subject’s consent, he or she has the right to withdraw his or her consent at any time. However, the withdrawal of consent shall not affect the lawfulness of the data processing prior to the withdrawal.Right to data erasure

In a letter sent to the data controller, the data subject may request the deletion of his or her personal data. The data controller may refuse the data subject’s request only in cases specified by the GDPR.

Right to restrict

The data subject may request the blocking of personal data if

  • the processing is unlawful and opposes the deletion of personal data and calls instead for restrictions on their use;
  • the controller no longer needs the personal data, but the data subject requests that the data be blocked for the establishment, exercise or defence of legal claims.

In the case of a right to a restriction, the reason for requesting the restriction must be indicated. The Data Controller shall comply with  the request for  restriction of data processing by storing personal data separately from all other personal data. For example, in the case of electronic data files, they are saved on an external data carrier and the paper-based documents are stored in a separate folder.Right to data portability

The data subject has the right to receive his / her personal data in a widely used format (especially in a file with a .pdf, .doc extension) and to transfer it to another data controller.The right to object

The data subject has the right to object at any time, for reasons related to his or her particular situation, to the processing of his or her personal data on the  basis of legitimate interest. The Controller will then examine the data subject’s legitimate interests and may process personal data primarily if the processing is related to the establishment, exercise or defence of legal claims.The data controller shall comply with the request within one month, which may be extended by a maximum of two months.

  1. If the request is refused, the Controller shall, within one month of receipt of the request, inform the data subject of the reasons for the refusal and of the right to  lodge a complaint with the Authority and to seek  judicial remedy.If the Controller has reasonable doubts as to the identity of the person making the request, it may request the provision of information necessary to confirm the identity of the data subject. This may in particular be the case where the data subject exercises his or her right to request a copy, in which case it is reasonable for the Controller to check that the request originates from the person entitled. Enforcement options for the data subject

To exercise his or her rights in relation to the processing, the data subject may contact the Data Controller at the contact details provided in this Notice . The data subject’s claim or complaint may be submitted in writing, electronically or in person – by recording it in the minutes. The Data Controller shall examine the request or complaint on the basis of its content within 30 days.

In order to enforce his/her rights, or if the data subject considers that the data controller’s processing does not comply with the legal requirements, he/she may initiate an official procedure with the National Authority for Data Protection and Freedom of Information (Postal address: 1530 Budapest, PO Box 5, e-mail address: ugyfelszolgalat@naih.hu).The data subject might  directly go to court if they  consider that a Data Controller is  breaching  the law in its  data processing or is causing  harm as a result of its unlawful conduct. .

  1. Amending the Data Processing Policy

The Data Controller reserves the right to amend this Notice  at any time by unilateral decision.