Privacy Policy

Please read the Privacy Policy for GiLE Oktatási Alapítvány (GiLE Foundation). The provisions included herein are aligned with the European Union’s (EU’s) General Data Protection Regulation (GDPR).

 

Last updated: 8 July 2021.

The GiLE Oktatási Alapítvány (registered seat: 1072 Budapest, Klauzál tér 16. III. emelet 18/A; registration number: 01-01-0012919; tax ID: 19239998-1-42; hereinafter: “Foundation”) shall guarantee the right of the data subjects to privacy by establishing and publishing this privacy policy (hereinafter: “Policy), as provided for by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: “GDPR) and Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: “Privacy Act).

 

The material scope of this Policy shall apply to any and all processing of personal data carried out by the Foundation and its organizational units.

 

The temporal scope of the Policy shall apply until its withdrawal. The Foundation reserves the right to amend the Policy. Notification of the amendment shall be done by publishing the amended Policy on the website of the Foundation.

1.    Data controller

 

Data controller: GiLE Oktatási Alapítvány

Registered seat: 1072 Budapest, Klauzál tér 16. III. emelet 18/A

Registration number: 01-01-0012919

Tax number: 19239998-1-42

Email address: [email protected]

2.    Definitions

 

a) Data subject: an identified or identifiable natural person (who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person);

 

b) Personal data: any information relating to an identified or identifiable natural person (such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person);

 

c) Special categories of personal data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;

 

d) Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

 

e) Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

 

f) Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

 

g) Data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

3. Data processing carried out by the Foundation

 

3.1. Visiting the website

 

No personal data is necessary to browse the content made publicly available on the websites of the Foundation at: www.gile-edu.org. The Foundation uses Google Analytics cookies in order to analyse the preferences of the visitors, so that website may be visitor friendly (e.g. number of visitors, duration of the visit, sequence of sub-pages viewed, search-words used to reach the website, type of browser, geological location of the computer, etc.). You can visit https://support.google.com/analytics/answer/6004245?hl=en for more details on Google Analytics use of cookies.

 

Visitors will be asked to consent to the use cookies when first visiting the website. Cookie preferences can be changed at any time by clicking on the “Privacy & Cookies Policy” button (hereinafter: “Cookie Policy”) at the bottom of the Foundation’s website.

 

For more information on the usage of cookies please visit the Cookie Policy subpage/pop-up window on the website.

3.2. Volunteers, contributors and members of the Board of Trustees

 

The Foundation processes the data of the volunteers, contributors (members of the Editorial Board, Advisory Board, Reviewers, Proof-readers and members of the Board of Trustees (for the purpose of this Section 3.2. hereinafter collectively as: “Contributors”) which are necessary for the contract between the Contributors and the Foundation.

 

  • The data of the Contributor processed: name, place and date of birth, address, education, contact information, short written bio and photograph for the website and any correspondence (either in writing, via e-mail, or any other channel) or other information (e.g. reimbursement provided, if applicable) pertaining to the activity conducted by the individual in relation to their Contributors work.

 

  • Purpose of processing personal data: The purpose for the processing of the above personal information of Contributors is to exercise the rights and perform the obligations of the Foundation arising out the agreement entered into with its Contributors.

 

  • The legal basis of processing personal data is the performance of contract between the data subject and the Foundation [as per Art. 6. Sect. (1) Par. b) of the GDPR].

 

In certain cases, the Foundation processes the personal data of its Contributors based on their consent [as per Art. 6. Sect. (1) Par. a) of the GDPR].

 

  • Duration of processing personal data: The foundation will process the personal data of its Contributors for the term of the corresponding agreement. In some cases (such as when providing reimbursement to Contributors) the duration of the processing of some data is eight (8) years after the performance of the contract pursuant to the preservation obligation of the bills issued by the Foundation under Act C of 2000 on Accounting (hereinafter: “Accounting Act”).

3.3. Job, volunteer and member applications

 

The Foundation processes the personal data provided to the Foundation in the solicited and unsolicited CV-s and other documents attached to the job application.

 

  • Purpose of processing personal data: The purpose of data processing is to notify the applicant of any job opportunities matching their qualifications and interests, as well as making an appointment with the applicant and performing the application procedure.

 

  • Legal basis of processing personal data: The legal basis of processing personal data is the consent of the data subject [as per Art. 6. Sect. (1) Par. a) of the GDPR], the consent is provided by sending the Foundation the CV and related documents of the data subject (applicant).

 

  • Duration of processing personal data:

 

  • a) In case of a successful application the duration of the employment/volunteering/membership;

 

  • b) In case of an unsuccessful application the duration of the selection process (after that, all the documents provided by the unsuccessful candidates are destroyed).

 

The Foundation processes the personal data provided to the Foundation on its website, as part of a volunteer application, the following information:

 

  • First name
  • Last name
  • Email address
  • What is your primary status? (i.e. student, researcher, etc.)
  • What [volunteer] role(s) are you applying for?
  • Short motivation letter
  • CV/resume
  • Writing sample, if you are applying to be an article writer or proof-reader (size limit: 2mb)
  • URL link to your Video Reel/Portfolio, if you are applying for video editing/graphic design.

3.4. Business partners (natural persons)

 

The Foundation processes the data of the business partners that is necessary for the quotation and contract between the business partner and the Foundation, as well as any warranty issues. The processed data contains: the personal data provided in the quotations and contract, contact information and the data necessary for billing under the Accounting Act.

 

  • Purpose of processing personal data: The purpose of data processing is entering into and performance of the contract between the data subject and the Foundation, as well as the necessary communication.

 

  • Legal basis of processing personal data: The legal basis of processing personal data is the performance of contract between the data subject and the Foundation [as per Art. 6. Sect. (1) Par. b) of the GDPR].

 

  • Duration of processing personal data: The foundation will process the personal data of its business partners for five (5) years after the performance of the corresponding contract. The duration of data processing for some data is eight (8) years after the performance of the contract pursuant to the preservation obligation of the bills issued by the Foundation under the Accounting Act.

3.5. Business partners (organizations)

 

The Foundation processes the data provided by their business partners that is necessary for the quotation and contract between the business partner and the Foundation, as well as any warranty issues. The processed data contains: the personal data provided in the quotations and contract, contact information and the data necessary for billing under the Accounting Act.

 

  • Purpose of processing personal data: The purpose of data processing is entering into and performance of the contract between the business partner and the Foundation, as well as the necessary communication.

 

  • Legal basis of processing personal data: The legal basis of processing personal data is the legitimate interest of the Foundation [as per Art. 6. Sect. (1) Par. f) of the GDPR].

 

  • Duration of processing personal data: The foundation will process the personal data provided by its business partners for five (5) years after the performance of the corresponding contract. The duration of data processing for some data is eight (8) years after the performance of the contract pursuant to the preservation obligation of the bills issued by the Foundation under the Accounting Act.

3.6. Direct marketing

 

If the data subject subscribes to the newsletter of the Foundation, the Foundation may send direct marketing messages to the subscriber, however, not more than once per week. By subscribing to the newsletter, the data subjects give their explicit consent for the Foundation to process the necessary personal data. To subscribe to the newsletter, the following data is necessary: email address (mandatory), name (mandatory). This is so that the Foundation can deliver direct marketing messages. The Foundation provides a direct link to unsubscribe at the bottom of every newsletter.

 

  • Purpose of processing personal data: The purpose of data processing is to send direct marketing messages to the subscribers, to inform them about services provided by the Foundation, and events organized by and any other news/information pertaining to the Foundation.

 

  • Legal basis of processing personal data: The legal basis of processing personal data is the consent of the data subject [GDPR Art. 6. Sect. (1) Par. a)].

 

  • Duration of processing personal data: The duration of data processing is until the revocation of consent or the request for erasure from the data subject.

3.7. GiLE Journal of Skills Development

 

The personal information provided when registering on the Journal’s website (https://gjsd.gile-edu.org/index.php/home/login) is collected and processed by the GiLE Foundation. The Foundation processes the manuscripts and abstracts (intellectual property) received from the Authors.

 

The Authors give their consent to the GiLE Journal’s Policies which includes but is not limited to GiLE’s Copyright and Licencing Policy which sets out the distribution of intellectual property rights. For more information you can visit the following websites:

 

 

 

  • Purpose of processing personal data: The purpose of data processing is to make the day-to-day communication possible between the Authors and the persons involved in the production process.

 

  • Legal basis of processing personal data: The legal basis of processing personal data is the consent of the data subject [GDPR Art. 6. Sect. (1) Par. a)], as well as the legitimate interest of the Foundation [GDPR Art. 6. Sect. (1) Par. f)].

 

  • Duration of processing personal data: The duration of data processing is until the revocation of consent or the request for erasure from the data subject.

3.8. Donations paid through the website

 

The Foundation processes the data of the donors who made payments through PayPal:

 

  • First name
  • Last name (optional)
  • Email address
  • Other financial information pertaining to the donation (e.g. date, amount etc.).

 

  • Purpose of processing personal data: The purpose of data processing is to conduct proper administration of the monetary donation received.

 

  • Legal basis of processing personal data: The legal basis of processing personal data is the need for the Foundation to comply with the data retention obligations set forth by various financial regulations [GDPR Art. 6. Sect. (1) Par. c)].

 

  • Duration of processing personal data: The duration of data processing is eight (8) years after the receipt of the donation for the preservation obligation of the bills issued by the Foundation under the Accounting Act.

3.9. Participants of events, workshops, training sessions and conferences (in-person and online)

 

The Foundation processes the personal data provided to the Foundation on its website, as part of an application or registration form for an event, workshop and/or training session, both in-person and online, the following information:

 

  • First name.
  • Last name.
  • Email address.
  • What is your primary status? (i.e. student, researcher, post-doc, lecturer, professor, etc.).
  • What are your expectations? (when applicable).
  • CV/resume (when applicable).
  • Short motivation letter
  • Affiliation (when applicable).
  • Address of institution/university (when applicable).
  • Billing address of the relevant individual, company, institution or organisation (when applicable).
  • VAT number of the relevant company, institution or organisation (when applicable).
  • Abstract (when applicable).
  • Photograph and short bio (when applicable).
  • Full-paper and/or recorded or ppt presentation (when applicable).

 

Purpose of processing personal data: The purpose of data processing is to conduct a screening and selection process of the applicants, for general administration and communication related to the event that they applied/registered for, as well as feedback surveys. In the event that it is necessary for the tax authority in Hungary or our partners require information about the participants, we will share only relevant data with them.

 

Legal basis of processing personal data: The legal basis of processing personal data is the consent of the data subject [GDPR Art. 6. Sect. (1) Par. a)].

 

  • Duration of processing personal data: The duration of data processing is twelve (12) months after the event, workshop or training session, for both successful and unsuccessful candidates. However, the duration of data processing is eight (8) years for all issued invoices, billing data and other information that’s required by any authority, such as the tax authority, in Hungary.

3.10. Image, video and voice recording on the Foundation’s events

 

The Foundation may process images, videos and voice that is captured during our official events, workshops, training sessions and conferences. This can take place in-person or online, including via live-stream events, podcast interviews and webinars.

 

  • Purpose of processing personal data: The Foundation processes personal data for promotional purposes pertaining to the goal of the Foundation. Such activity includes the creation of promotional material, both printed and for the Foundation’s digital marketing platforms, as well as the making of promotional videos.

 

  • Legal basis of processing personal data: The legal basis of processing personal data is the consent of the data subject [GDPR Art. 6. Sect. (1) Par. a)].

 

  • Duration of processing personal data: When it comes to processing images, video and voice, the foundation will process the data indefinitely, until such a time that the data subject withdraws their consent. However, if a data subject features in a promotional video as a result of them giving their initial consent, and then they subsequently withdraw their consent after the promotional video has been finalised and publicly published, the foundation will make any reasonable effort to remove the data subject from the published promotional video. The foundation will evaluate such a situation on a case-by-case basis, and we will consider aspects such as financial implications and the time that’s lapsed since they publicly published the promotional video, among other things.

 

The Foundation will explicitly notify data subjects if during the event it wishes to capture image, video and/or voice of the participants.

 

By attending the event, the data subject, in accordance with § 2:48(1) of Act V of 2013 on the Civil Code, consents to the recording of their image and/or voice by the Foundation or the agent authorized by it. The Foundation may use the captured recording for the purposes set forth in this Section without any temporal, geographical or any other limitations.

4.    Data processors of the Foundation

 

The personal data processed by the Foundation is made accessible to only the individuals within the organizational structure of the Foundation with the relevant roles and responsibilities, as well as service providers performing data processing on behalf of the Foundation based on data processing agreements and solely in the scope that is necessary to perform the data processing activities.

 

The Foundation engages the data processing services of the following service providers based on data processing agreements:

 

  • Kerti REVI Kft. (registered seat: Rákoskert sugárút 55, H-1171 Budapest; company registration number: 01-06-119380) – This processor provides accounting services for the Foundation;

 

  • Revi Bt. (registered seat: Rákoskert sugárút 55, H-1171 Budapest; company registration number: 01-09-687687) – This processor provides accounting services for the Foundation; and

 

  • Magyar Hosting Kft. (registered seat: Victor Hugo utca 18-22, H-1132 Budapest; company registration number: 01-09-968314) – This processor provides the maintenance and support regarding the website and the information technology architecture of the Foundation and thereby performs electronic data processing activities for the Foundation.

 

The foundation reserves the right to amend the list of data processors employed by it at any time.

5.    Data security (data protection by design and by default)

 

The Foundation utilizes strict internal authorizations, as well as organizational and technological solutions to ensure that the personal data of the data subject cannot be accessed, stolen, or modified. In the event of a data breach the Foundation will take all the necessary measures as well as inform the data subjects if the GDPR and the Privacy Acts requires to do so.

 

The Foundation undertakes the following basic measures:

 

  • Any personal laptop that has personal information on any member, volunteer as well as partners of the Foundation, all have appropriate access control (e.g. strong passwords) and anti-virus protection.

 

  • The Foundation does regular backups of data (at least once a month) to avoid data loss. The backup is stored on an external drive in a locked room, where there is restricted We do not permanently store data on pendrives.

 

  • We place reliance on Magyar Hosting Kft. when it comes to data protection and preventing unauthorised access to any our email server. More information about their data handling is available here: https://www.mhosting.hu/adatvedelem#cookie

 

  • We place reliance on Dropbox when it comes to storing only certain information on that platform. More information about their data handling is available here: https://www.dropbox.com/security/GDPR

 

  • Any hard copy document with personal information is also safely stored with restricted access.

 

  • We highlight the importance of protecting personal data in the agreements that we have with volunteers who agree to comply with maintaining the confidentiality of information and data security.

6.    Rights of the data subjects

 

6.1. Information and access to personal data

 

The data subject may request the Foundation in writing to provide information as to:

 

a) the personal data processed by the Foundation regarding the data subject, as well as

b) the legal basis of the processing,

c) the purpose of the processing,

d) from which source the personal data originate,

e) the duration of the processing,

f) to whom the Foundation forwards the personal data and its legal basis.

 

The Foundation shall comply with the request of the data subject within 15 (fifteen) days by electronic or postal mail to the address provided by the data subject. Prior to complying with the request, the Foundation may request the data subject to further specify the request or the data processing activities.

 

If the data subject’s right to obtain information as described above adversely affects the rights and freedoms of others (especially regarding trade secrets and intellectual property rights) the Foundation is entitled to refuse to comply with the request in the necessary and proportionate amount.

 

In the event the data subject requests the above information in multiple copies the Foundation is entitled to bill a proportionate and reasonable amount of money in connection with the administrative costs of fulfilling the request.

 

If the personal data indicated by the data subject is not processed by the Foundation, the Foundation shall nevertheless inform the data subject of this fact.

6.2 Right to rectification

 

The data subject shall have the right to obtain from the Foundation without undue delay the rectification of inaccurate, incorrect or incomplete personal data concerning him or her. The Foundation shall correct the inaccurate or inaccurate data immediately, but no later than within 5 (five) days. If it does not conflict with the purposes of the processing, the Foundation may complete the incomplete personal data by means of a supplementary statement provided by the data subject. The Foundation shall notify the data subject of the above by electronic or postal mail to the address provided by the recipient.

 

The Foundation shall be exempted from complying with the request for rectification if:

 

a) the accurate, correct and complete personal data are not available, and the data subject does not provide those to the Foundation, or

 

b) if the validity of the personal data provided by the data subject cannot be established.

6.3 Right to erasure (“right to be forgotten”)

 

The data subject shall have the right to request from the Foundation the erasure of any personal data relating to the data subject. The data subject shall make the request in writing with specifying the personal data to be erased and the reason for the erasure.

 

The fulfilment of the request shall only be denied by the Foundation in case the processing of the personal data is obligatory for the Foundation by law. Should the Foundation not be obligated by law to process the personal data then the Foundation shall comply with the request no later than within 15 (fifteen) days and inform the data subject by electronic or postal mail to the address provided by the data subject.

6.4 Right to restriction of processing

 

The data subject may request the Foundation the restriction of processing the personal data in writing. The restriction shall apply until the reasons specified by the data subject make it necessary. The data subject may request the restriction of processing if:

 

a) the accuracy of the personal data is contested by the data subject (for a period enabling the controller to verify the accuracy of the personal data); and,

 

b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

 

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

 

A data subject who has obtained restriction of processing shall be informed by the Foundation before the restriction of processing is lifted.

 

After complying with the request of restriction the Foundation shall inform of that fact any persons or legal entities to whom the Foundation has lawfully forwarded the personal data of the data subject, unless such a task is impossible or would require unproportionate effort from the Foundation.

6.5 Data portability

 

The data subject may request the Foundation as controller to provide him with their personal data in a structured, commonly used and machine-readable format or to transmit such data to another controller. The data subject has the right to data portability if the processing is based on their consent or on the performance of a contract which he is a party to, and – in both cases – if the processing is carried out by automated means (for example within the scope of a computer system).

6.6 Right to object to the processing

 

In addition to the rights specified in the previous Sections, the data subject has the right to object to the processing of their personal data, in cases specified by the GDPR (e.g., if processing is based on the legitimate interest of the Foundation). If the data subject exercises this right, the Foundation can no longer process their personal data unless the Foundation demonstrates compelling legitimate grounds for the processing which override the data subject’s interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

6.7 Right to withdraw consent

 

If the data processing is based on the data subject’s consent, the data subject may, at any time and without detriment, withdraw their consent. Please note, that the withdrawal of the consent to the data processing does not affect the lawfulness of the processing performed prior to the withdrawal.

7.    Remedies

 

7.1. Dispute resolution with the Foundation

 

The data subject may exercise their rights pertaining to the processing of their personal data by contacting the Foundation at any addresses of the Foundation provided in Section 1 of this Privacy Policy.

 

7.2. Right to complaint

 

The data subject is entitled to lodge a complaint with any supervisory authority (e.g. in Hungary the Hungarian National Authority for Data Protection and Freedom of Information). Contact information of the Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)

 

  • Registered seat: Falk Miksa utca 9-11, H-1055 Budapest,

 

7.3. Right to a court

 

The data subject – regardless of their right to complaint – may file an action with the courts if their rights under the GDPR and the Privacy Act have been violated.

 

Any action against the Foundation may only be filed with a Hungarian court. The data subject may file the action with the court of their jurisdiction. The Courts of Hungary and their jurisdiction is available at the following link: http://birosag.hu/torvenyszekek.