Please read the terms and conditions (privacy notice) for Global Institute for Lifelong Empowerment (GiLE). It is consistent with the General Data Protection Regulation (GDPR) of the European Union.
1. General provisions and contact information
This privacy notice (hereinafter: the “Notice”) applies to personal data Global Institute for Lifelong Empowerment (hereinafter: “GILE” or the “Controller”) collects and processes about you.
Official Name: GiLE Alapítvány (Translated: GiLE Foundation)
Registration Number: 01-01-0012919
Address: 1063 Budapest, Andrássy út 122
Data Protection Officer contact information: firstname.lastname@example.org
2. Underlying regulations of data processing
• Act CXII of 2011 on informational self-determination and freedom of information (hereinafter: the “Privacy Act”)
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
3. Data processing principles
Personal data must be processed lawfully and in a transparent manner, ensuring fairness in processing the personal data of natural persons (“lawfulness, fairness and transparency”).
Personal data shall be processed only for a specific lawful purpose, to exercise a right or fulfil an obligation. Data processing shall be in conformity with the purpose of data processing in each phase, the registration and processing of data must be fair and lawful (“purpose limitation”).
No personal data shall be processed unless indispensable and suitable for achieving the purpose of the data processing. Personal data shall be processed only to the extent and for the duration necessary to achieve that purpose (“principle of data minimisation” and “storage limitation”).
GILE shall ensure that personal data are accurate and up-to-date, taking care to rectify any inaccurate personal details (“accuracy”).
GILE must process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“availability, integrity and confidentiality”).
4. Basic concepts
Personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
a) personal data relating to racial, national origin, political opinion or party affiliation, religious or ideological belief, membership in any advocacy organisation, sexual life;
b) personal data relating to the state of health, pathological addictions, and criminal personal data.
Consent: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Information: the controller should inform the data subject without undue delay and at the latest within one month of a request as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
• the purposes of processing;
• the categories of personal data concerned;
• the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
Rectification: Data subjects have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Erasure: The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay if:
• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• the data subject withdraws his or her consent and there is no other legal ground for the processing;
• the data subject objects to data processing and there are no overriding legitimate grounds for the processing;
• the personal data have been unlawfully processed;
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
Erasure includes making data unrecognisable in such a way that they are not possible to restore any more.
Restriction: the data subject has the right to obtain from the controller restriction of processing – the marking of stored personal data with the aim of limiting their processing in the future.
Objection: the statement of the data subject by which he objects to the processing of his personal data and requests termination of the data processing and/or deletion of the processed data.
Data subject: natural person identified or identifiable – directly or indirectly – by reference to any specific personal data.
Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor: any natural or legal person or organisation without legal personality which processes personal data under a contract with the controller, including contract under a provision of regulations.
Third party: any natural or legal person or organisation without legal personality other than the data subject, the controller or the processor.
Processing: any operation or set of operations regardless of the procedure applied which is performed on personal data, therefore particularly collection, recording, organisation, storage, alteration, use, retrieval, consultation, use, transmission, disclosure, alignment or combination, blocking, erasure or destruction, prevention of further use of data, photo, voice or video recording, and recording physical characteristics that allow for the identification of persons (e.g. finger- or palmprint, DNS sample, iris image).
Transfer: making data accessible to a specific third party. Disclosure: making data accessible to any person.
Destruction: total physical destruction of the data carrier containing the data. Processing: the performance of technical tasks related to data processing operations, regardless of the methods or means employed or of the place of application provided that such technical tasks are performed on the data.
Pseudonymisation: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
5. Description of processing activities
5.1 GILE is collecting the requested data for administration purposes and to create an internal database on the platform. The legal basis for the processing is the data subject’s explicit consent.
If you do not wish to continue to participate in the future, you may withdraw your consent by sending an email to email@example.com
5.1.1 Term of data processing
There is no fixed term with regards to data processing and GILE shall erase your personal data upon your withdrawal of your consent.
5.2 Persons with access to your personal data, processors
GILE does not engage any external processor for data processing.
6. Rights related to personal data processing
6.1 Right to request information
You may request information from GILE in writing via the contact information specified in Section 1 about the following matters:
• which of your personal data are processed,
• what is the legal basis for processing,
• what is the purpose of processing,
• the source your personal data were obtained,
• the term of processing,
• whom, when, under which regulation and which personal data GILE provides access to, or whom your personal data GILE transferred to.
GILE will answer your information request within not more than 30 days by sending a mail to the contact you provided.
6.2 Right to rectification
You may request GILE in writing via the contact information provided in Section 1 to change any of your personal data (e.g. you may change your email address or mail address at any time). GILE will fulfil your request within not more than 30 days and informs you thereof by mail sent to the contact address you provided.
6.3 Right to erasure
You may request GILE in writing via the contact information provided in Section 1 to erase your personal data.
GILE will turn down your erasure request if obliged by a regulation or an internal policy to continue storing your personal data. Such cases include, for example, where the deadline for archiving specified by the relevant internal policy is not reached.
If, however, no such obligation exists, GILE will fulfil your request within not more than 30 days and informs you thereof mail sent to the contact address you provided.
6.4 Right to blocking
You may request GILE in writing via the contact information specified in Section 1 to block your personal data. Your personal data will be blocked as long as the reason you specified requires your personal data to be blocked.
You may request your personal data to be blocked if you deem that GILE processed your submission unlawfully, however, it is necessary for the authority or court procedure you initiated that GILE does not erase your submission. In this case, GILE continues to store your personal data (e.g. your submission) until contacted by the authority or court, then GILE erases the data.
6.5 Right to object
You may object to processing in writing via the contact information provided in Section 1 if GILE uses or transfers your personal data for the purposes of direct marketing, opinion polling or scientific research. You may, therefore, object to GILE using your personal data for the purpose of scientific research without your consent.
You may also object to processing if you believe that processing by GILE is solely required for compliance with a legal obligation of GILE or for enforcing GILE’s legitimate interest, except for cases where such processing is based on authorisation under law. Therefore, for example, you may not object to GILE transferring your submission – together with the relevant documents of the case – to the Archives based on our internal policy on archiving.
7. Data security measures
The Controller makes all efforts to ensure secure data processing and storage. The processed data are stored in a high availability, reliable server environment. Physical security is ensured through 24-hour security service.
8. Consent to process images, video and voice
By accepting GILE’s Terms and Conditions, you hereby grant:
– your voluntary and explicit consent to GILE to have your image and voice recorded, including well as to record you in any video and live-stream, during any event that is organised by GILE;
– your explicit consent to GILE to use your image and voice recorded, as well as to record you in any video and live-stream, during any event that is organised by GILE, for promotional purposes on the data controller’s platforms and in the press;
9. Opportunities to vindicate your rights regarding processing
9.1 Court procedure
You may file a civil action against GILE if you experience unlawful processing. The court will have competence to rule the case. You may also file the action with the court at your permanent or temporary residence – at your discretion – (the list and contact details of courts are available under this link: http://birosag.hu/torvenyszekek).
9.2 Report to authority
Anybody may initiate an investigation by notifying the Hungarian National Authority for Data Protection and Freedom of Information (www.naih.hu; 1530 Budapest, P.O. box (Pf.) 5.; phone: +36-1-391-1400; fax: +36-1-391-1410; email: firstname.lastname@example.org) claiming an infringement or direct risk of an infringement related to personal data processing, or to rights to have access to data of public interest or data public on the grounds of public interest.
The Controller reserves the right to change the privacy notice. This particularly includes changes enforced by regulations. No change of processing may mean processing personal data for other purposes. The Controller publishes the relevant information on its website 15 days in advance.