Information on data protection, data processing and the use of the website (“Information Notice”)
I. The purpose of the Information Notice
The purpose of the Information Notice is to provide information about the regime under which data processing operations are carried out by ERFO Közhasznú Nonprofit Kft. (registered office: 1076 Budapest, Dózsa György út 48.; company registration number: 01-09-919716), as data controller (“Controller”) in relation to this website, the relevant rights and possible legal remedies concerning such data processing as well as data security measures taken when contacting the Company through the website (“Website”).
The Information Notice has been prepared in accordance with the prevailing data protection regulations, including in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, GDPR) and Act CXII of 2011 on Informational Self-Determination and Freedom of Information.
II. Principles on the processing of personal data
The Controller shall process personal data of visitors of its website (“Visitors” or “Data Subjects”) in line with the principles of good faith, integrity and transparency, as well as in accordance with the effective and applicable statutory regulations and the rules and provisions laid down in this Information Notice.
The Controller shall process personal data obtained while operating this Website only for the purposes specified herein. The scope of the personal data to be processed shall be in proportion to, and not exceed, the purpose of processing. Whenever the Controller wishes to use personal data for any purpose other than those for which the data were recorded in the first place, it shall inform the Data Subject about such purpose(s), obtain their prior express consent and make it possible for them to prohibit such use.
The Controller shall not verify personal data given by the Visitor; responsibility for the veracity or adequacy of such data shall lie solely with the person entering such data.
The Controller shall provide for the security of the personal data concerned and take such technical and organisational measures, and introduce procedural rules that will ensure that the data so recorded, stored and processed are adequately protected, prevent their accidental loss or unlawful destruction, and their being accessed, used, altered or distributed without authorisation.
III. Use of the Website, the personal data concerned
Communication through our Website is conditional upon Visitors’ providing personal data on a voluntary basis. Such data shall include their username and e-mail address, and for the purposes of more personal communication, they may also enter their telephone number. For the purposes of job application, the system enables the attachment of CVs containing the data subject’s special data (e.g. educational attainment, career data, etc.) as well. Please be aware that submitting data when contacting with us shall be considered as your voluntary acceptance of the terms, conditions and rules laid down in this Information Notice.
On visiting our website, the Controller’s net server automatically records the Visitor’s IP address and the type of the operating system of their computer, along with the date/time of the visit on the Website. Traffic on the Website is monitored by the Controller by checking on the server log.
Cookies are used on the Website for the following purposes:
- for storing user sessions,
- for collecting statistics,
- for storing user settings,
V. Protection of minors
The information on our website is not intended for minors. In our data processing activities, we do not collect no data of people below the age of 18. You may submit personal data in accordance with the applicable legislation on data protection and shall guarantee that you have adequate and well-informed consent to submitting them. By providing the information, you declare and warrant that your capacity to act is not restricted as regards the transfer of information. Should you qualify as “incapacitated” or as being of “diminished capacity” as regards the furnishing of information and have no authorisation to make a declaration on your own, you shall obtain consent from the third persons concerned (e.g. legal representative, guardian) concerning the transfer of information. In this regard you shall exercise judgement as to whether there is a need for any relevant third person’s consent to the provision of the information concerned. In case we find that our Website is being used by a child, using this Website without their parent’s or guardian’s permission, we shall make reasonable efforts to erase any and all details we have received from such child and make sure that no such information is transferred to any other person or used by ourselves. Please let us know immediately when you find any child having provided information on themselves through this Website without permission from their parent or guardian.
VI. The purpose of data processing
By contacting us through the Website, you have access to the following targeted opportunities at present:
- You can submit your CV to apply for our advertised vacancies.
- You can submit your questions and remarks to us.
VII. The legal basis of processing
The legal basis for the processing of personal data is the Visitor’s voluntary, prior well-informed consent. A Visitor may withdraw their consent at any time, without affecting the legality of processing prior to such withdrawal.
By entering the required data during your use of the Website, you declare that you have familiarised yourself with the version of this Information Notice in effect at the time of the submission of the data concerned and that you voluntarily and expressly consent to the use of the personal data you have entered and those generated about you.
The Controller will record the Visitor’s IP address at the Visitor’s signing in to the Website, with a view to the Controller’s legitimate interest, without the Data Subject’s specific consent. The Controller has carried out the balance of interests test as prescribed by the relevant provisions laid down in the GDPR and its result confirms that the Controller’s legitimate interest in the given Processing overrides the Data Subject’s rights and freedoms relating to Processing. At request, the Controller will provide information, as specified in this Information Notice, to the Data Subject on the content of this section.
VIII. The duration of Processing
The Controller will process the Data Subject’s data until the accomplishment of the above purposes or until the withdrawal of the Data Subject’s consent, or until the erasure of data at the latter’s request.
Data that will be automatically technically recorded in the system during its operation will be stored in the system for the period after their generation as required for the system’s operation. The Controller shall ensure that such automatically recorded data cannot be linked with other personal data, apart from cases in which this is a mandatory requirement by law.
Upon the court’s or authority’s legally binding decision or resolution ordering that personal data be erased, the Controller shall erase the data concerned. The Controller shall restrict the use of the personal data instead of erasing them (of which it shall notify the Data Subject) if requested so by the Data Subject or if it is concluded from the available information that erasure would violate the Data Subject’s legitimate interest. The Controller will not erase Personal Data as long as the purpose of processing which precluded the erasure of the data concerned exists.
IX. Possibility of data transfer
The Controller shall not transfer to any processor the personal data provided for the accomplishment of purposes specified in this information notice.
The Controller shall have the right and the obligation to transfer to the competent authorities any Personal Data that are available for, and properly stored by, it, and which it is obliged to transfer by law or final and binding orders of the authorities concerned. The Controller shall not be held responsible or liable for such data transfers and/or any consequence of such data transfers.
X. Data security
On our website we shall take the necessary steps to ensure protection of any and all personal and sensitive data received from your computer, particularly against unauthorised access to such data as well as their alteration, transfer, disclosure, erasure, deliberate or accidental destruction, impairment or becoming inaccessible as a consequence of any change in the technology applied.
Please be advised that we use data networks with adequate firewall and password protection, but please note that no data transmission via the world wide web can be perfectly secure or flawless. Please note that you are responsible for the security of passwords, IDs and other special access modes, unless the damage has been caused by the Controller by unlawfully processing the Data Subject’s data or by breaching the requirements of data security.
XI. The Data Subject’s rights and possible ways of exercising them
The Data Subject may ask the Company’s data protection officer for information concerning Processing by e-mail, addressed to firstname.lastname@example.org e-mail, or in a registered letter with acknowledgement of receipt requested, or by registered mail, sent to the address of the Controller, shown at the beginning of this Information Notice.
The Data Subject may ask the Controller to provide information whether it is processing the Data Subject’s personal data and if so, they may ask information on the scope of the personal data managed, their source, the purpose of processing, its legal basis and duration as well as activities relating to Processing.
The Data Subject may request rectification or modification of their personal data managed by the Controller. With a view to the purpose of processing the Data Subject may ask for supplementation of incomplete personal data.
The Data Subject may request erasure of their personal data managed by the Controller. After the erasure of personal data as requested, the earlier (erased) personal data can no longer be restored.
The Data Subject may request that the Controller restricts the processing of their personal data, in case the Data Subject contests the accuracy of the personal data being processed. Such restriction shall apply to the period during which the Controller can verify the accuracy of the personal data concerned.
The Data Subject may request that the Controller restricts the processing of their data also if Processing is unlawful, but the Data Subject does not wish to have the processed personal data erased, asking for restriction of their use instead.
Moreover, the Data Subject may also request that the Controller restricts the processing of their personal data when the Purpose of Processing has been accomplished, but the Data Subject needs their processing by the Controller for purposes of presenting, enforcing or processing legal claims.
The Data Subject may request that the Controller provides them with a copy of the personal data, furnished by the Data Subject and automatically processed by the Controller, in a structured, commonly used and machine-readable format, and/or transfers them to another controller.
The Data Subject may object to the processing of those of their personal data that are being processed by the Controller without the Data Subject’s voluntary consent. The Controller shall check the lawfulness of the Data Subject’s objection and if it finds the objection to be well-grounded, it shall terminate data processing and block the processed personal data.
In case you find data processing to be in violation of your rights or freedoms, you are kindly invited to send your comments or complaint regarding Data Processing to the Controller’s data protection officer at email@example.com before availing yourself of the possible legal remedies.
In case your rights relating to your personal data are violated, you have the right to file your claim with the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c., phone: +36 (1) 391-1400, fax: +36 (1) 391-1410, e-mail address: firstname.lastname@example.org). In case your rights are violated you shall have the right to seek remedy before the court. The court shall have competence to adjudicate the case. Such action may be instituted before the court having competence in the area in which the Controller has its registered office.