Data Privacy
1. PURPOSE OF THE DATA PROCESSING INFORMATION
The FRONTIERS Top Research and Talent Development Foundation (registered office: 1093 Budapest, Czuczor utca 2-10., registration number: 01-01-0013872, tax number: 19427953-2-43, hereinafter referred to as the service provider, data controller) as data controller, acknowledges the content of this legal notice as binding upon itself and declares that all data processing related to its activities complies with this policy, the applicable national legislation, in particular Act CXII of 2011 on the right to self-determination in relation to information and freedom of information (hereinafter: Infotv.) and its implementing regulations, and in the legal acts of the European Union, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR) (hereinafter: GDPR).
This privacy policy applies to the following domains and their subdomains: www.frontiers.hu
Data protection guidelines relating to the data controller's data processing activities are available at all times at https://frontiers.hu/data-privacy/.
The data controller reserves the right to amend this notice at any time. Those affected will be informed of any changes in a timely manner. If you have any questions regarding this notice, please write to us and we will answer your questions.
The Data Controller is committed to protecting the personal data of users of its websites and considers it extremely important to respect its customers' right to informational self-determination. The Data Controller treats personal data as confidential and takes all security, technical, and organizational measures necessary to guarantee the security of the data.
The data controller describes its data processing practices below.
2. DATA CONTROLLER'S DETAILS
If you wish to contact the Data Controller, you can do so at info@frontiers.hu.
Data controller details:
Name: FRONTIERS Foundation for Excellence in Research and Talent Development
Headquarters: 1093 Budapest, Czuczor Street 2-10.
Tax number: 19427953-2-43
Registration number: 01-01-0013872
E-mail: info@frontiers.hu
3. SCOPE OF PERSONAL DATA PROCESSED
3.1. TECHNICAL DATA
The data controller selects and operates the IT tools used for the processing of personal data in the course of providing the service in such a way that the data processed:
- accessible to authorized persons (availability);
- authenticity and authentication ensured (authenticity of data processing);
- verifiable consistency (data integrity);
- protected against unauthorized access (data confidentiality).
The data controller shall protect the data by appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction.
The Data Controller shall take technical, organizational, and organizational measures to ensure the security of data processing, providing a level of protection appropriate to the risks associated with data processing.
The Data Controller shall maintain confidentiality during data processing: it shall protect the information so that only those who are authorized to do so may access it; integrity: it protects the accuracy and completeness of the information and the processing method; availability: it ensures that when an authorized user needs it, they can actually access the desired information and that the related tools are available.
4. GENERAL DATA PROCESSING POLICY, NAME OF DATA PROCESSING, USE, LEGAL BASIS AND RETENTION PERIOD
The data processing activities of the data controller are based on voluntary consent or legal authorization. In the case of data processing based on voluntary consent, data subjects may withdraw their consent at any stage of the data processing.
In certain cases, the processing, storage, and transfer of certain data is required by law, of which we will notify users of our websites separately. We draw the attention of data providers to the Data Controller that if they do not provide their own personal data, it is the data provider's responsibility to obtain the consent of the data subject. Our data processing principles are in line with the current data protection laws, especially the Infotv., the GDPR, Act V of 2013 on the Civil Code, Act C of 2000 on Accounting, Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing, Act LXVI of 2011 on the State Audit Office, Government Decree 355/2011. (XII. 30.) on the Government Control Office, Act CXXII of 2009 on the more economical operation of publicly owned companies.
The data controller has prepared a data map, on the basis of which the scope of the data processed, their use, legal basis and retention period have been determined.
4.1 DATA RELATED TO ONLINE CONTACT
Personal data requested during contact:
Name (optional)
Email address (required for contact purposes)
Phone number (optional, for callback purposes)
Purpose of data processing intended use of processed data: The data will be used for the purpose of establishing contact.
The legal basis for data processing is voluntary consent.
Retention period: duration of contact or request for deletion.
4.2 DATA RELATED TO CONTACTING US BY PHONE
Personal data requested during contact:
Name (optional)
Phone number (optional, for callback purposes)
Purpose of data processing intended use of processed data: The data will be used for the purpose of establishing contact.
The legal basis for data processing is voluntary consent.
Retention period: duration of contact or request for deletion.
5. PHYSICAL STORAGE LOCATIONS OF DATA
Your personal data (i.e. data that can be linked to your person) may be processed by us in the following ways: in connection with maintaining an internet connection, technical data relating to the computer, browser, internet address and websites visited by you are automatically generated in our computer system.
The data recorded automatically is logged by the system automatically upon entry or exit, without any separate statement or action on the part of the data subject.
This data cannot be linked to other personal user data, except in cases required by law. Only the frontiers.hu domain and its subdomains have access to the data.
6. DATA TRANSFER, DATA PROCESSING, CIRCLE OF PERSONS WITH ACCESS TO DATA
The data controller uses the following data processors in the course of its business activities:
Hosting service:
Rackhost Zrt.
Address: 6722 Szeged, Tisza Lajos krt. 41.
Customer service: +36 1 445 1200
E-mail: info@rackhost.hu
Scope of data collected: content of websites located on the www.frontiers.hu domain and its subdomains, emails sent to email addresses based on these domains.
Google Analytics:
Google Inc., Mountain View, California, USA
Scope of data collected: the IP addresses of visitors to the www.frontiers.hu website – anonymized, not linked to any individual.
6.1 DATA TRANSFER TO THIRD COUNTRIES
Data is transferred to the United States, for which an adequacy decision was made on July 12, 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en).
The adequacy decision also applies to Google (https://policies.google.com/privacy/frameworks) as a data controller.
6. YOUR RIGHTS AND ENFORCEMENT OPTIONS
The data subject may request information about the processing of their personal data, as well as request the correction or, with the exception of mandatory data processing, the deletion or withdrawal of their personal data, and may exercise their right to data portability and objection as indicated at the time of data collection or via the above contact details of the data controller.
6.1 RIGHT TO INFORMATION
The data controller shall take appropriate measures to provide data subjects with all information relating to the processing of personal data referred to in Articles 13 and 14 of the GDPR and all information referred to in Articles 15 to 22 and 34 in a concise, transparent, understandable and easily accessible form, in clear and plain language.
6.2 YOUR RIGHT TO ACCESS
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- the envisaged period for which the personal data will be stored;
- the right to rectification, erasure or restriction of processing and the right to object;
- the right to lodge a complaint with a supervisory authority;
- information on the sources of the data;
- the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
The data controller shall provide the information within one month of the submission of the request.
6.3 RIGHT OF CORRECTION
The data subject may request the correction of inaccurate personal data concerning him or her processed by the Data Controller and the completion of incomplete data.
6.4 RIGHT TO ERASE
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing; the data subject objects to the processing and there are no overriding legitimate grounds for the processing; the personal data have been unlawfully processed; the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; the personal data have been collected in relation to the offer of information society services.
The erasure of data cannot be initiated if the processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health, or for archiving, scientific and historical research purposes or statistical purposes; or for the establishment, exercise or defence of legal claims.
6.5 RIGHT TO RESTRICT DATA PROCESSING
At the request of the data subject, the Data Controller shall restrict data processing if any of the following conditions are met: the data subject disputes the accuracy of the personal data, in which case the restriction shall apply for a period enabling the accuracy of the personal data to be verified; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject; in this case, the restriction applies for a period until it is determined whether the legitimate grounds of the controller override those of the data subject.
Where processing is restricted, personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
6.6 RIGHT TO DATA PORTABILITY
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
6.7 RIGHT TO OBJECT
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or to processing necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller shall no longer process the personal data unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
6.8 AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES, INCLUDING PROFILING
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
6.9 RIGHT OF WITHDRAWAL
The data subject has the right to withdraw their consent at any time.
6.10 RIGHT TO APPEAL TO THE COURT
In the event of a violation of their rights, the data subject may take legal action against the data controller. The court shall hear the case as a matter of priority. 8.11 Data protection authority proceedings Complaints may be lodged with the National Data Protection and Freedom of Information Authority:
Name: National Authority for Data Protection and Freedom of Information Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Postal address: 1530 Budapest, Pf.: 5. Telephone: 0613911400 Fax: 0613911410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
8. OTHER PROVISIONS
We will provide information about data processing not listed in this notice at the time of data collection. We inform our customers that the court, the prosecutor, the investigating authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, or other bodies authorized by law may request information, data disclosure, data transfer, or the provision of documents from the data controller. The data controller shall only disclose personal data to the authorities, provided that the authority has specified the exact purpose and scope of the data, to the extent that is strictly necessary to achieve the purpose of the request.