Last updated: 16 December 2020.
The material scope of this Policy shall apply to any and all processing of personal data carried out by the Foundation and its organizational units.
The temporal scope of the Policy shall apply until its withdrawal. The Foundation reserves the right to amend the Policy. Notification of the amendment shall be done by publishing the amended Policy on the website of the Foundation.
Data controller: GiLE Oktatási Alapítvány
Registered seat: 4/15, Andrássy út 122, H-1063 Budapest
Registration number: 01-01-0012919
Tax number: 19239998-1-42
Email address: firstname.lastname@example.org
a) Data subject: an identified or identifiable natural person (who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person);
b) Personal data: any information relating to an identified or identifiable natural person (such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person);
c) Special categories of personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
d) Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
e) Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
f) Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
g) Data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
3.1. Visiting the website
3.2. Volunteers, contributors and members of the Board of Trustees
The Foundation processes the data of the volunteers, contributors (members of the Editorial Board, Advisory Board, Reviewers, Proof-readers and members of the Board of Trustees (for the purpose of this Section 3.2. hereinafter collectively as: “Contributors”) which are necessary for the contract between the Contributors and the Foundation.
In certain cases, the Foundation processes the personal data of its Contributors based on their consent [as per Art. 6. Sect. (1) Par. a) of the GDPR].
3.3. Job, volunteer and member applications
The Foundation processes the personal data provided to the Foundation in the solicited and unsolicited CV-s and other documents attached to the job application.
The Foundation processes the personal data provided to the Foundation on its website, as part of a volunteer application, the following information:
3.4. Business partners (natural persons)
The Foundation processes the data of the business partners that is necessary for the quotation and contract between the business partner and the Foundation, as well as any warranty issues. The processed data contains: the personal data provided in the quotations and contract, contact information and the data necessary for billing under the Accounting Act.
3.5. Business partners (organizations)
The Foundation processes the data provided by their business partners that is necessary for the quotation and contract between the business partner and the Foundation, as well as any warranty issues. The processed data contains: the personal data provided in the quotations and contract, contact information and the data necessary for billing under the Accounting Act.
3.6. Direct marketing
If the data subject subscribes to the newsletter of the Foundation, the Foundation may send direct marketing messages to the subscriber, however, not more than once per week. By subscribing to the newsletter, the data subjects give their explicit consent for the Foundation to process the necessary personal data. To subscribe to the newsletter, the following data is necessary: email address (mandatory), name (mandatory). This is so that the Foundation can deliver direct marketing messages. The Foundation provides a direct link to unsubscribe at the bottom of every newsletter.
3.7. GiLE Journal of Skills Development
The personal information provided when registering on the Journal’s website (https://gjsd.gile-edu.org/index.php/home/login) is collected and processed by the GiLE Foundation. The Foundation processes the manuscripts and abstracts (intellectual property) received from the Authors.
The Authors give their consent to the GiLE Journal’s Policies which includes but is not limited to GiLE’s Copyright and Licencing Policy which sets out the distribution of intellectual property rights. For more information you can visit the following websites:
3.8. Donations paid through the website
The Foundation processes the data of the donors who made payments through PayPal:
3.9. Participants of events, workshops, training sessions and conferences (in-person and online)
The Foundation processes the personal data provided to the Foundation on its website, as part of an application or registration form for an event, workshop and/or training session, both in-person and online, the following information:
Purpose of processing personal data: The purpose of data processing is to conduct a screening and selection process of the applicants, for general administration and communication related to the event that they applied/registered for, as well as feedback surveys. In the event that it is necessary or when our partners require information about the participants, we will share only relevant data with them.
Legal basis of processing personal data: The legal basis of processing personal data is the consent of the data subject [GDPR Art. 6. Sect. (1) Par. a)].
3.10. Image, video and voice recording on the Foundation’s events
The Foundation may process images, videos and voice that is captured during our official events, workshops, training sessions and conferences. This can take place in-person or online, including via live-stream events, podcast interviews and webinars.
The Foundation will explicitly notify data subjects if during the event it wishes to capture image, video and/or voice of the participants.
By attending the event, the data subject, in accordance with § 2:48(1) of Act V of 2013 on the Civil Code, consents to the recording of their image and/or voice by the Foundation or the agent authorized by it. The Foundation may use the captured recording for the purposes set forth in this Section without any temporal, geographical or any other limitations.
The personal data processed by the Foundation is made accessible to only the individuals within the organizational structure of the Foundation with the relevant roles and responsibilities, as well as service providers performing data processing on behalf of the Foundation based on data processing agreements and solely in the scope that is necessary to perform the data processing activities.
The Foundation engages the data processing services of the following service providers based on data processing agreements:
The foundation reserves the right to amend the list of data processors employed by it at any time.
The Foundation utilizes strict internal authorizations, as well as organizational and technological solutions to ensure that the personal data of the data subject cannot be accessed, stolen, or modified. In the event of a data breach the Foundation will take all the necessary measures as well as inform the data subjects if the GDPR and the Privacy Acts requires to do so.
The Foundation undertakes the following basic measures:
6.1. Information and access to personal data
The data subject may request the Foundation in writing to provide information as to:
a) the personal data processed by the Foundation regarding the data subject, as well as
b) the legal basis of the processing,
c) the purpose of the processing,
d) from which source the personal data originate,
e) the duration of the processing,
f) to whom the Foundation forwards the personal data and its legal basis.
The Foundation shall comply with the request of the data subject within 15 (fifteen) days by electronic or postal mail to the address provided by the data subject. Prior to complying with the request, the Foundation may request the data subject to further specify the request or the data processing activities.
If the data subject’s right to obtain information as described above adversely affects the rights and freedoms of others (especially regarding trade secrets and intellectual property rights) the Foundation is entitled to refuse to comply with the request in the necessary and proportionate amount.
In the event the data subject requests the above information in multiple copies the Foundation is entitled to bill a proportionate and reasonable amount of money in connection with the administrative costs of fulfilling the request.
If the personal data indicated by the data subject is not processed by the Foundation, the Foundation shall nevertheless inform the data subject of this fact.
The data subject shall have the right to obtain from the Foundation without undue delay the rectification of inaccurate, incorrect or incomplete personal data concerning him or her. The Foundation shall correct the inaccurate or inaccurate data immediately, but no later than within 5 (five) days. If it does not conflict with the purposes of the processing, the Foundation may complete the incomplete personal data by means of a supplementary statement provided by the data subject. The Foundation shall notify the data subject of the above by electronic or postal mail to the address provided by the recipient.
The Foundation shall be exempted from complying with the request for rectification if:
a) the accurate, correct and complete personal data are not available, and the data subject does not provide those to the Foundation, or
b) if the validity of the personal data provided by the data subject cannot be established.
The data subject shall have the right to request from the Foundation the erasure of any personal data relating to the data subject. The data subject shall make the request in writing with specifying the personal data to be erased and the reason for the erasure.
The fulfilment of the request shall only be denied by the Foundation in case the processing of the personal data is obligatory for the Foundation by law. Should the Foundation not be obligated by law to process the personal data then the Foundation shall comply with the request no later than within 15 (fifteen) days and inform the data subject by electronic or postal mail to the address provided by the data subject.
The data subject may request the Foundation the restriction of processing the personal data in writing. The restriction shall apply until the reasons specified by the data subject make it necessary. The data subject may request the restriction of processing if:
a) the accuracy of the personal data is contested by the data subject (for a period enabling the controller to verify the accuracy of the personal data); and,
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
A data subject who has obtained restriction of processing shall be informed by the Foundation before the restriction of processing is lifted.
After complying with the request of restriction the Foundation shall inform of that fact any persons or legal entities to whom the Foundation has lawfully forwarded the personal data of the data subject, unless such a task is impossible or would require unproportionate effort from the Foundation.
The data subject may request the Foundation as controller to provide him with their personal data in a structured, commonly used and machine-readable format or to transmit such data to another controller. The data subject has the right to data portability if the processing is based on their consent or on the performance of a contract which he is a party to, and – in both cases – if the processing is carried out by automated means (for example within the scope of a computer system).
In addition to the rights specified in the previous Sections, the data subject has the right to object to the processing of their personal data, in cases specified by the GDPR (e.g., if processing is based on the legitimate interest of the Foundation). If the data subject exercises this right, the Foundation can no longer process their personal data unless the Foundation demonstrates compelling legitimate grounds for the processing which override the data subject’s interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If the data processing is based on the data subject’s consent, the data subject may, at any time and without detriment, withdraw their consent. Please note, that the withdrawal of the consent to the data processing does not affect the lawfulness of the processing performed prior to the withdrawal.
7.1. Dispute resolution with the Foundation
7.2. Right to complaint
The data subject is entitled to lodge a complaint with any supervisory authority (e.g. in Hungary the Hungarian National Authority for Data Protection and Freedom of Information). Contact information of the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)
7.3. Right to a court
The data subject – regardless of their right to complaint – may file an action with the courts if their rights under the GDPR and the Privacy Act have been violated.
Any action against the Foundation may only be filed with a Hungarian court. The data subject may file the action with the court of their jurisdiction. The Courts of Hungary and their jurisdiction is available at the following link: http://birosag.hu/torvenyszekek.