The purpose of this policy is to determine the legal order of the records led by Budapest Bridge Association, to ensure that the Association complies with the constitutional principles of data protection and data security requirements and to prevent unauthorized access, alteration and unauthorized disclosure of data. For these it sets out the rules and procedures that during the operation of the Association for the treatment of personal data must be respected.
The present policy shall be governing for each person (private and legal persons), which handles personal data on behalf of the Association.
This regulation shall apply to all paper and electronic data control, data processing and any data-transaction involving any personal data carried out by the Association or any persons acting on behalf of the Association.
The present policy comes into force on the date of signing and shall be in force until further notice.
The terms of the present policy meets the terms defined in Section 3 of Act CXII of 2011 on Informational Self-determination and Freedom of Information (hereinafter referred to as. Info Act). Therefore the terms defined hereunder shall have the following meaning:
- Data subject: any natural person identified or directly or indirectly identifiable on the basis of personal data.
- Personal data: data relating to the data subject, in particular the name and identification number of the data subject, as well as one or more factors specific to his physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the data subject
- Consent: any freely given specific and informed indication of the will of the data subject, by which he signifies his agreement to personal data relating to him being controlled fully or to the extent of specific operations.
- Objection: declaration made by the data subject objecting to the control of his personal data to request the termination of data control, as well as the deletion of the data controlled.
- Controller: natural or legal person, or organisation without legal personality which alone or jointly with others determines the purposes and means of the control of the data; makes and executes decisions concerning data control (including the means used) or contracts a data processor to execute it
- Data control: any operation or the totality of operations performed on the data, regardless of the procedure applied; in particular, data collecting, recording, registrating, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing, as well as preventing the further use of the data, taking photos, making audio or visual recordings, as well as registrating physical characteristics suitable for personal identification (such as, fingerprints or palm prints, DNA samples, iris scans).
- Data transfer: ensuring access to the data for a third party.
- Disclosure: ensuring open access to the data.
- Data deletion: making data unrecognisable in a way that it can never again be restored.
- Data destruction: complete physical destruction of the data carrier recording the data.
The Association may only control any personal data in accordance with the Deed of the Association for purposes defined therein in order to exercise its rights or fulfil its obligations. The data control at each stage shall comply with the original purpose of the data control. The Association during the data record and data control shall act fairly, with regard to the relevant legislation.
With respect to this the Association only controls personal data if it is essential for achieving the original purpose of the data control. Therefore the term and the extent of the data control carried out by the Association only takes until it is necessary.
During the data control the Association ensures the data accuracy, completeness and – if it is necessary with respect to the purpose of the data control – is up to date, and that the data subject may only be identifiable as long as it is necessary with regard to the original purpose of the data control.
The Association is only entitled to control any personal data if the data control is based on the authorization of an act or the written approval of the data subject, in compliance with the requirements of applicable law.
The Association controls such personal data according to the consent of the data subject, which is essential in order to perform the purposes defined in the Deed of Association and the public tasks undertaken by the Association.
The Association duly informs the data subject prior to start of the data control, therefore the Association informs the person concerned of the purpose of the data control and whether the data provision is compulsory or voluntary. The information may be made by providing information on the details of the data control of the Association published on its website, and draws the attention of the person concerned.
In case of mandatory data provision of the Association notifies the parties of the relevant legal regulations ordering the data control as well.
The Association only publishes or to transfers the personal data, they became aware of, if the data transfer or publishing is essential for achieving the objectives of the Association and the concerned party has previously approved to that.
The Association, or persons acting on behalf of the Association control the personal data, they became aware of, according to the regulations of the present policy.
The person concerned is entitled to request the rectification of the Association’s register if the register contains false data.
The data subject is entitled to request the deletion of his personal data with the exception of that data control, which is ordered by law. The Association may refuse the deletion of the registered personal data, by informing the data subject and appointing the reasons, if the data control is required by the law, and the data control is essential for exercising the Association’s rights.
The data subject may contest against the data control according to the regulations of the Info Act.
In case of infringement of his right to protect his personal data the data subject is entitled to facilitate legal redress in court and contact the National Authority for Data Protection and Freedom of Information (hereinafter Authority) to seek help.
The Association holds liability for damages, administrative and criminal responsibility for the lawful data control.
At the request of the data subject the Association provides him with detailed information on remedies for infringement of privacy rights.
The Association is exempt from liability if he proves that the damage was caused by such unavoidable cause, which is beyond his data control activity.
Such damage, which comes from the claimant’s intentional or grossly negligent behaviour shall not to be compensated for.
For the general civil liability of the Association the Hungarian Code Civil shall apply.
Information of the data control
Controller: Bridge Budapest Association
Contact details of the Controller: 1051 Budapest, Vörösmarty tér 4. IV/417.; https://bridgebudapest.org; firstname.lastname@example.org
Legal ground of the data control: Act CXII of 2011 on Informational Self-determination and Freedom of Information
The type and purpose of the data control: The Association controls the personal data of its members and the applicants for the Association’s fellowship programme in order to ensure the regular operation of the Association handle its own registers and organize the scholarship programs. The data control is based on the voluntary, informed, expressive written consent of the data subjects.
Data that are controlled by the Association: The Association controls the following data of the members: family name, first name, date and place of birth, address, mother’s name, phone no., email address.
The Association controls the following data of the applicants for the fellowship programs: family name, first name, date of birth, phone no., email address; their higher education institutions; their professional field and other information provided by the applicants in their video presentations.
Term of the data control: The data subjects’ personal data is controlled in accordance with the relevant legal regulations and their approval.
The Association controls the personal data of the applicants for the fellowship program until the announcement of the awarded persons. The awarded applicant’s personal data is controlled without time limitation, but until the termination of the Association.
Data Transfer, disclosure: The Association is entitled to transfer the scholarship applicants’
personal data to the representatives of those companies, which support the fellowship programs (NNG, LogMeIn, Prezi, and Usteram) in order to choose the awarded applicants. The Association is entitled to disclose the summaries and other reports of the awarded applicants (may it be in any form) – which may contain personal data as well – in order to promote the fellowship programs and to publicize the activity of the Association.