INFORMATION ON DATA PROTECTION / PRIVACY STATEMENT
for the use of the SECCo2 Platform
The objective of the current Information on Data Protection is to determine the principles and rules relating to the data provided by the SECCo2 Platform (Platform) User during the use of the page and personal data managed by the operator of the website.
A part of the Platform material is available/public for everyone; the other part is only available after registration. On the available website, after logging in, special professional information can be accessed; connections can be made with organisations looking for, and offering cooperation; and messages, and comments (services) can be sent to the operator of the Platform about the topics raised.
I. GENERAL DATA
1.1 The owner of the Platform /Controller
Name: Central European Service for Cross-Border Initiatives (CESCI) (Controller)
Office: 1067 Budapest, Teréz krt. 13.
Mail address, handling of complaints: 1137 Budapest, Újpesti rkp. 5. 3/12.
Telephone number: 06 1 321 2345
1.2 Other administrators of the Platform
Persons entitled: on group level (the registered project partners)
administrator: Central European service for Cross-border Initiatives
…: Association of European Border Regions Balkans, Central European service for Cross-border Initiatives Balkans
1.3 Legislations taken into account for data management, in particular:
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of natural persons with regard to the management of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Regulation)
Act V of 2013. on the Civil Code (Civil Code)
Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Infoact)
Act C of 2003 on electronic communications (about cookies)
1.4 The legal basis of data management: According to the lawful data management of the Article 6 of the Regulation on the basis of the contribution of those concerned by Article 7, in accordance with Article 5 of Infoact.
1.5 The scope of those concerned: the Users of the services of the Platform
1.6 Consent to data management: the explicit consent of the User by the acceptance of the present Privacy Statement, the adoption of the declaration concerning the information and contact making in Section 1.7.
1.7 The objective of data management: to ensure that the services of the Platform are continuous and effective, and to send information via e-mail and make contacts.
1.8 The manner of data protection: it is partly an automated data processing.
The User is entitled not to be covered by the directive of the decision-making based solely on automated data management, in case it produces legal effects concerning the User or it would affect him/her significantly. In case of this method of data management, the Controller is obliged to do everything for the protection of the law of the User, and for the protection of his/her legitimate interest, including the User’s right to ask for human intervention from the Controller, and also to file a complaint concerning the decision.
The obligations of the data management are not applicable, if the decision in question:
is needed for the signing or fulfilling of the contract made between the User and the Controller;
is possible to be made by the EU or Member State law, applicable to the Controller, which also lays down measures to protect the User's rights and rightful interest; or
is based on the explicit consent of the User.
2. THE SCOPE OF HANDLED PERSONAL DATA
2.1 While using the services of the Platform, from the Users, the following information may be passed to the Controller:
a) by public browsing
personal identifier with the installation of cookies
(the cookie is an information package including letters and numbers, which is sent by the Platform to the User’s computer, to save certain settings of it, making the use of the Platform easier, and to collect some relevant, statistical information about the User; a part of the cookies contain such personal identifier - a classified, randomly generated row of numbers - which is stored by the User’s device. With this, the personal identification of the User is made – the life of these cookies is between 60 - 365 days; to place some types of cookies, previous contribution is not needed, as those are important for the proper operation of the website functions and services, these are automatically managed by the system and their life lasts until the browser is closed, or maximum 1-2 hours after it);
The setting options of the cookies can be found in the following sites by each browser:
Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies#
During the operation of the Platform, the User’s computer’s data, which are generated when the service is in use, and those, which are recorded as an automatic result of the technical processes of the system of the Controller are technically recorded. This includes the User's IP address, the type of his/her operating system and browser program, data of websites from which the User has accessed to the Controller’s website and has visited them from there, and the time and duration of the visit. The data, automatically recorded will be automatically logged, when logging in or out without the User's separate statement or action. The data can be only accessed by the Controller.
b) by registration
name of organisation, family and first name of the representative; aim: making contact, identification
family and first name of the representative; aim: making contact, identification
e-mail address; aim: making contact, sending information, sending newsletter
phone number (not obligatory); aim: to speed up the contact making.
To use these services, the following forms must be used:…
The Controller can send advertising messages to the User's email address.
3. THE DATA PROCESSING (DEALING WITH TECHNICAL TASKS RELATING TO DATA MANAGEMENT OPERATIONS / HOSTING SERVICE):
Name: Vatel Kft
Location: 1031 Bp. Vizimalom Stny 6
Mail address: 1031 Bp. Vizimalom Stny 6
Tax number: 13171087-2-41
E-Mail address: email@example.com
Telephone number: +36 (1) 706-10-92
4. THE DURATION OF DATA MANAGEMENT:
The provided data may be handled by the Controller until the withdrawal of the consent of those concerned, until the existence of the Platform, or for a period of time according to the Civil Code.
5. DATA TRANSFERING ABROAD: It may occur during the contact making of registered Users.
6. USERS’ RIGHTS:
During the time of data management the User has the following rights laid down by the Regulation:
the right to withdraw consent = in which case the provided data will be deleted from the system.
the access to personal data and information in connection with data management = the establishment and verification of the lawfulness of the data management is done by e-mail or in case of registration by logging in to the User account;
the right to correction = the Controller promptly corrects inaccurate personal information of the User.
the limitation of data management = its cases: (1) if the accuracy of the personal data is disputed or (2) the User is against the deletion of the data, although they are illegal or (3) these personal data are no longer required, but the User requests them or (4) the User objects to data management, but the Controller has a legitimate interest in managing the data.
the right to deletion = its cases: if personal data is no longer needed; the consent has been withdrawn and has no other legal basis; there is a protest against legitimate data management and there is no legitimate interest in data management; the personal data was unlawfully managed and this was found; the data should be deleted in order to fulfil the legal obligation provided by the law of the Union or the law of the Member State, but in some cases deletion is not applicable.
the right to protest = protesting against the management of personal data based on legitimate interest.
the right to portability = the Controller gives the data to the User in xml, json, or csv format or, if technically feasible, the data are forwarded to another Controller in one of these formats.
7. ACCESS TO PERSONAL DATA
7.1 During the public use of the Platform, in compliance with the rules, no other organisation than the Controller can have access to the User's personal data. However, it can occur that a technically-related service provider of the Controller may perform data management activities without informing the Controller. Such activity does not belong to the data management process of the Controller and the Controller will do its utmost to eliminate such unauthorised data managing.
7.2 The personal data of the registered User on the Platform (registered name of the organisation, its e-mail address) can be accessed by other Users registered on the Platform, including third country recipients or international organisations (third countries). Third countries are essentially countries other than those of the Member States of the European Economic Area.
The rules on the lawfulness of data transferring to third countries are building on each other.
1. step: Data transferring based on the adequacy decision (the adequacy decision of the European Commission can be found on the website: https://ec.europa.eu/info/law/law-topic/data-protection_en).
2. step: If the European Commission has not adopted an adequacy decision for the country of destination, the recipient Controller or data processor must provide adequate guarantees regarding the management of personal data (its cases: binding corporate rules; general data protection clauses adopted/approved by the European Commission; approved Code of Conduct and a certification mechanism with a binding and enforceable commitment by the third country Controller or data processor).
3. step: In the absence of a adequacy decision or in the absence of appropriate guarantees, the Regulation provides the possibility of derogations for specific situations. This includes the explicit consent of the User as an option that can be applied to the Platform.
By taking into account the above mentioned and accepting this Privacy Statement, the registering User declares that he/she has understood the risk of personal data transmission – because of the absence of adequacy decision and of the absence of appropriate guarantees – to a third country, but he/she still explicitly consents to the transfer of his/her personal data to a third country.
The unauthorised data management activity described in Section 7.1 may also exist in the case of registered Users.
8. DISPUTE SETTLEMENT, LEGAL REMEDY, COMPENSATION
8.1 In the case of any question related to the data management contact the following colleague of the Controller:
Hüse-Nyerges Enikő (mobil: +36_20_4260_808, e-mail: firstname.lastname@example.org)
Office: Budapest, 1137 Budapest XIII., Újpesti rkp. 5. III./12A
8.2 The User can also contact the Hungarian National Authority for Data Protection and Freedom of Information directly with his/her data management complaint (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; telephone number: +36-1-391-1400; e-mail: email@example.com; website: www.naih.hu).
8.3 In the case the User’s rights are violated, he/she may turn to the court. The lawsuit – according to the decision of the User - may be initiated before the court of domicile or residence of the person concerned; otherwise it may be initiated before a court that is entitled to act according to the location of the Controller.
8.4 If the Controller causes damage to others with the unlawful management of the User’s data or with the violation of the requirements of data security, he/she is obliged to reimburse it. In the case of violating the right of personality, the User may claim compensation from the Controller. The Controller shall be exempt from liability and obligation to pay compensation for the damages, if he/she proves that the damage or the violation of the right of personality has been caused by an unavoidable cause outside the scope of the data management, and the damage, the violation of the injured or the right of personality originates from the User's intentional or seriously negligent behaviour.
9. THE MODIFICATION OF THE PRIVACY STATEMENT
The Controller reserves the right to modify this Privacy Statement in a way that does not affect the purpose and legal basis of the data management. After the modified Platform enters into force, the User accepts the modified Privacy Statement with the usage of the Platform.
If the Controller intends to perform additional data management for purposes other than the purpose of collecting the data, he/she will inform the User prior to further processing about the purpose of the further data management and about the content of the rights of the User, or if this is not possible, about the aspects of determining the duration;
10. DECLARATION ON DATA SECURITY
The Controller declares that, in accordance with this Privacy Statement, he/she has taken appropriate security measures to protect the User's personal data against unauthorised access, alteration, transmission, disclosure, deletion or annulment, as well as accidental annulment and damage, as well as due to the unavailability of it because of the change of technology.
11. THE DATA MANAGEMENT ENTERING INTO FORCE
The data management can only begin after the User has access to the content of the information on data management and has explicitly consented to the management of the data.