Home

Privacy policy

Privacy Policy

 

PRIVACY NOTICE

Pursuant to Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.) and the European General Data Protection Regulation (hereinafter: GDPR), Neumann János University hereby informs data subjects about the processing of personal and special category data recorded and processed by the higher education institution.

1. What do we use your data for?

In accordance with Annex 3, Section I/A of Act CCIV of 2011 on National Higher Education (Nftv.), for ensuring the proper operation of the University, the exercise of employees’ rights and fulfillment of obligations, and the maintenance of records required by law.

2. Which of your data will be processed?

See Annex 3 of the Nftv. at the end of this notice.

3. On what legal basis do we process your data?

a) Because you have given your consent
b) Because it is necessary for the performance of a contract concluded with you
c) Because it is required for the legitimate interests of the University
d) Because the University is legally obliged to process your data (Annex 3 of the Nftv.)

4. Who is authorized to process your data?

Data Controller:
Neumann János University
Registered seat: 10 Izsáki Street, 6000 Kecskemét, Hungary

Represented by: Dr. habil. Tamás Fülöp, Rector; Dr. Zoltán Nagy, President-CEO

Data Processor:
SDA Informatika Zrt.
Registered seat: 59 Budafoki Street, 1111 Budapest, Hungary
Company registration number: 01-10-140314
Representative: István Fehér

5. How long do we process your data?

In accordance with the applicable legal requirements at all times, noting that under the University’s Records Management Policy certain types of data may not be destroyed.

 

6. Your rights (detailed explanation is included in the annex to this notice)

  1. Right to transparent information – you may request information at any time about the processing of your personal data;
  2. Right of access – you may access your personal data processed by us at any time;
  3. Right to rectification, erasure (“right to be forgotten”) and restriction of processing – if your data are processed inaccurately, please notify us and we will correct or delete them, etc.;
  4. Information about recipients – we must inform you if your data have been disclosed to anyone;
  5. Right to data portability (only for data processed based on consent or contract and by automated means) – upon request, we will provide your personal data to you;
  6. Right to object – you may object at any time to processing based on legitimate interest;
  7. Rights related to automated decision-making – the right not to be subject to a decision based solely on automated processing. Please notify us if you experience this;
  8. Right to legal remedy – in case of violation of your rights, you may contact the data protection officer, the National Authority for Data Protection and Freedom of Information, or a court.

 

7. Where can you turn for remedies or questions?

  1. a) To the University’s Data Protection Officer
  2. Data Protection Officer of Neumann János University: Dr. Orsolya Krix
  3. Neumann János University
    Directorate of Legal and Administrative Affairs
    Head of Legal and Administrative Office
    Email: jogiigazgatosag@nje.hu
  4. To the National Authority for Data Protection and Freedom of Information (NAIH):
    Postal address: 1363 Budapest, P.O. Box 9, Hungary
    Website: www.naih.hu
    Tel.: +36-1-391-1400

b) To a court
In Hungary, you may initiate legal proceedings—at your choice—before the competent court based on your place of residence or habitual residence.

 

ANNEX

 

Detailed information on the data protection rights of data subjects and available remedies

Knowledge of the rights and remedies related to data processing of the data subject (hereinafter: data subject) is important because the data controller processes personal data. Personal data means any information on the basis of which the data subject can be identified. Thus, personal data includes not only the data subject’s name or identification number, but also information relating to their physical, mental, etc. identity.

Personal data: GDPR Article 4(1): any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Under the provisions and conditions set out in Chapter III of the GDPR (Rights of the data subject), the data subject is entitled to:

As a general rule, every data subject may request from the given data controller:

  • access to their personal data,
  • rectification of their personal data,
  • erasure of their personal data,
  • restriction of processing,
  • data portability,
  • object to the processing of their personal data,
  • in the case of automated decision-making, the right not to be subject to such decisions,
  • the right to a remedy: in case of violation of their rights, the data subject may turn to the data protection officer, the National Authority for Data Protection and Freedom of Information, or a court.

Right of access to personal data

Under this right, you are entitled to receive feedback from the data controller as to whether your personal data are being processed and, if such processing is ongoing, you are entitled to access your personal data and the information listed in the GDPR (e.g. purposes and legal basis of processing, recipients or categories of recipients, information on transfers to third countries or international organizations, duration of processing or criteria for determining it, rights of the data subject, remedies, consequences of failure to provide data).

The data controller must provide you with a copy of the personal data subject to processing. Please note that for additional copies requested, the data controller may charge a reasonable fee based on administrative costs, and exercising the right to obtain a copy must not adversely affect the rights and freedoms of others.

Right to rectification

Under the right to rectification, you are entitled to request that the data controller correct inaccurate personal data concerning you without undue delay and to have incomplete personal data completed.

Right to erasure and the “right to be forgotten”

As a general rule, you have the right to request that the data controller erase your personal data without undue delay, and the data controller is obliged to erase them without undue delay under certain conditions.

The “right to be forgotten” is an extension of the right to erasure to the online environment. If the data controller has made your personal data public and is obliged to erase them, they must take reasonable steps to inform other controllers processing the data that you have requested the deletion of links to, or copies or replications of, those personal data.

It is important to note that erasure and the right to be forgotten do not apply where any of the cases listed in Article 17(3) GDPR apply.

Right to restriction of processing

You are entitled to request that the data controller restrict (block) processing if one of the following applies:

  • you contest the accuracy of the personal data (for the period enabling the controller to verify accuracy);
  • the processing is unlawful and you oppose erasure and request restriction instead;
  • the controller no longer needs the data for processing purposes, but you require them for legal claims;
  • you have objected to processing, pending verification whether the controller’s legitimate grounds override yours.

Right to data portability

Under this right, you are entitled to receive the personal data concerning you that you have provided to a controller in a structured, commonly used, machine-readable format and to transmit those data to another controller without hindrance. This right applies where processing is based on consent or a contract and carried out by automated means.

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data where it is based on legitimate interests or public authority. Where personal data are processed for direct marketing, you have the right to object at any time, including profiling related to direct marketing. If you object to processing for direct marketing, the data may no longer be processed for that purpose.

Rights related to automated decision-making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This does not apply if the decision:

a) is necessary for entering into or performing a contract;
b) is authorized by Union or Member State law providing safeguards; or
c) is based on your explicit consent.

In such cases, the controller must at least ensure your right to obtain human intervention, express your point of view, and contest the decision.

Remedies (alternative options)

Data Protection Officer (DPO)

The DPO monitors compliance with the GDPR and other data protection rules, including assigning responsibilities, awareness-raising and training staff, and conducting audits.

Contact of the data controller at Neumann János University:
Neumann János University, Legal Directorate, Legal and Administrative Office
6000 Kecskemét, Izsáki út 5.

Proceedings before the National Authority for Data Protection and Freedom of Information (NAIH)

Anyone (not only you) may initiate an investigation at the Authority if a violation or its imminent risk is suspected. The complaint should not be anonymous, otherwise it may be rejected without examination. Further grounds for rejection are set out in Section 53(2) of the Info Act.

NAIH contact:
1055 Budapest, Falk Miksa utca 9-11
Website: www.naih.hu
Tel.: +36-1-391-1400

Judicial remedy

You may take legal action against the controller if you believe your GDPR rights have been infringed. Proceedings must be brought before the courts of the Member State where the controller or processor is established. In Hungary, you may also bring the case before the court of your residence or place of stay. You may claim damages/compensation.

Personal and special data recorded and processed in higher education

Act on National Higher Education, Annex 3 I/A

I/A. Data of employees

  1. Data recorded under the Act:

a) name, gender, birth name, place and date of birth, mother’s birth name, citizenship, education ID, identity document number, tax ID;
b) residence, place of stay, notification address;
c) employment-related data, including employer(s), qualifications, work history, awards, position, working hours, salary, benefits, liabilities, research and academic activities, etc.;
d) results of student evaluations of teaching;
e) result of habilitation procedures;
f) identification data of supporting documents;
g) date and reason for removal from the personal and address register.

  1. Purpose of processing: as defined in Section 18(1). Processing is limited to employment, benefits, obligations, national security, and statutory registers, in a purpose-limited manner.
  2. Duration: five years after termination of employment.
  3. Data transfers: may be made to maintainers, social security and payroll bodies, the higher education information system authority, the Hungarian Accreditation Committee, courts, police, prosecutors, bailiffs, administrative authorities, labor inspectors, national security services, and for public interest data requests under the Freedom of Information Act.
  4. For members of the economic council, Section 25(5)-(8) applies accordingly.

 

Published: 3 years ago , updated: 2 weeks ago