The Eötvös Károly Policy Institute as the organization operating the International PET Portal and Blog hereby informs the visitors of the website about its data processing practice, the organizational and technical measures taken for the security of the data, and about the users’ legal remedies.
1. Data Controller
The controller of personal data is the Eötvös Károly Policy Institute, seat: 1113 Budapest, Ulászló u. 43., Hungary, e-mail: email@example.com, telephone: +36 1 212-4800.
2. Processed data
a) The Data Controller does not process personal data of the visitors of the website beyond the automated data processing necessary for the technical operation of the internet connections. When visiting the website the starting and closing time of the visit, and – depending on the settings of the visitor’s computer – data about the visitor’s browser and operating system, and the visitor’s IP address will be recorded automatically. The system automatically generates statistics from these data. The site places short text files (cookies) on the visitor’s computer, with the purpose of recording the visitor’s settings during navigation. One part of these cookies will expire when closing the browser, the other part will expire after two hours of their creation, however, visitors can also delete cookies manually.
3. Legal grounds of data processing
a) As stipulated by Act No. CVIII of 2001 on certain issues of electronic commerce services and information society services (Hungary), the Data Controller is entitled to process personal data indispensable for providing the service for technical reasons. The Data Controller processes data suitable and sufficient for providing the service, and only to the necessary extent and duration. Further legal grounds for retaining the data are the provisions of Section 159/A of Act No. C of 2003 on electronic communication (Hungary), which oblige service providers to retain such data for one year.
b) Data relating to registration and to contents uploaded by the users during their visiting of the portal are processed on grounds of the voluntary, express and informed consent of the users.
4. Purpose of data processing
a) Recording and storing the date of visiting the website, IP address and the data of the browser and the operating system is an inherent characteristic of the operation of the system, it is technically indispensable, it serves solely statistical purposes and ensures the availability of the service.
b) The processing of any further personal data is the result of the appropriate use of the portal and blog.
The Data Controller does not process personal data for purposes other than those indicated above.
5. Duration of data processing
a) Logged data are retained for one year.
b) The Data Controller retains registration data until the person concerned asks for deletion of such data.
6. Access to data, data processors
The data processor commissioned by the Data Controller may have access to the personal data provided by the users and those automatically collected for the technical operation. The Data Processor commissioned by the Data Controller is Gábor Gulyás, Sole Proprietorship, firstname.lastname@example.org
The Data Controller does not forward personal data to third persons. This does not apply to obligatory forwarding of data stipulated by law. Before acceding to the request of an authority the Data Controller shall examine, with respect to each piece of personal data, whether there are legal grounds for forwarding the data.
In case if the Data Controller transfers the right to operate the portal, in whole or in part, to a third person, it is entitled to lawfully transfer the data without special authorization.
7. Rights of users regarding the processing of their data, deletion of data
Every visitor is entitled to request information of a general character about the processing of his/her data. Upon request the Data Controller shall inform the person concerned of the data processed by the Data Controller, of the purpose of the data processing, of its legal basis and duration, of the name, address (seat) and activity of the technical data processor in connection with the data processing, as well as of those who received or will receive data and for what purpose. Information can be requested by telephone or at the mailing address of the Data Controller, or at the email@example.com e-mail address, however, the Data Controller shall inform the person concerned in writing about data which can be related to the person concerned only by replying to a written request sent by ordinary mail and signed by the person concerned.
The users may object to the processing of their personal data and may request the rectification or deletion of their personal data at the mailing and e-mail addresses of the Data Controller and also at the e-mail address of the Data Processor, firstname.lastname@example.org If data of a user have been changed, he/she can modify these data only through login at the web interface of the portal, we cannot modify data through the telephone. Users may delete their personal profiles themselves by electronic means. Deleted data are not stored anymore by the Data Controller, so we are unable to give information about deleted data even upon request by the user. We however call the users’ attention that upon request by the authorities the operator of the server may retrieve or forward the data from the backup archive for one year.
Forgotten passwords can only be modified, or new password requested, on the web interface by the user; we do not generate new passwords or give information about passwords in the system manually.
8. Legal remedies
If you assume that the Eötvös Károly Policy Institute has infringed your rights to the protection of your personal data, please contact us in order to redress the possible infringement. We inform you that you can enforce your claims at civil courts, or you can request the help of the Parliamentary Commissioner for Data Protection and Freedom of Information. Detailed information about these possibilities, as well as about the duties of the data controller can be found in Act No. LXIII of 1992 on the protection of personal data and public access to data of public interest (Hungary).