I. Contents of the Privacy Policy

The purpose of this Privacy Policy is to provide information about what personal data the below named data controller use, how, for what purpose, on what legal basis, and with what data processing systems.

The Policy also informs about laws and rights the users of this website have, and what rights they have.

 

Information about the data controller („Association”)

Association

Freeszfe association

Headquarters and postal address:

2015 Szigetmonostor, Táncsics utca 1.

Registration authority:

Budapest District Court

Company registration number:

13-02-0007949

Tax number:

19294052-1-13

E-mail address:

kapcsolat@freeszfe.hu

Website:

https://www.freeszfe.hu/

Name of data protection manager:

The data controller does not perform a public task, so it is not an obligation to appoint a data protection manager

II. The purpose of each data processing step and the duration of the data processing

1. DATA MANAGEMENT RELATED TO EDUCATION

  1. a) The Association manages the personal data in connection with the membership list of those people who are included on the membership list.

The purpose of the data management is to create the membership list in the appropriate format, so that the data stored in it complies with the member list template published in the 4/2017. (IV.3.) IM decree. The legal title of data management is the Association’s legitimate interest in meeting the requirements of the Hungarian legislations. (Regulation of the European Parliament (EU) 2016/679 (27. April 2016) on the protection of natural persons in regards to the processing of personal data and on the free flow of these data, and also of the overruled Regulation 95/46/EC (General Data Protection Regulation), hereinafter: “GDPR” Article 6. (1) Paragraph f) point.

 

Data managed by the Association: Name, address. The association manages this data for 6 years after the termination of the membership. (The statue of limitations for any legal disputes related to memberships is 5 years, the duration of data management exceeds this period by one year subject to § 6:24 (2) of Act V of 2013 on the Civil Code).

If, during the retention period, the Association becomes aware that the limitation period has been interrupted during the retention period, or that the limitation period has expired beyond this period, and that a legal dispute is in progress in relation to the processed data or in relation to the data subject of the processed data at the end of the retention period , in which you need the processed data in order to protect the interests of the Association,

  1. b) In connection with the activities of the educational organization, the Association manages the following personal data of the natural persons for whom the Association carries out educational, research and education-related activities defined in its purpose.

Data processed: Name, address, place of birth, date of birth, mother’s name, ID number, phone number, e-mail address, data related to the language tests. The Association manages the data for a period of 2 years after the end of the activity carried out by the Association.

The purpose of the data management activity is to record the data subjects in the Association’s internal system in a way that they can be clearly distinguished from one another, and this way the internal system can further support the work and activities of the Association. Recording an e-mail address and phone number is necessary in order to facilitate contact. The processing of the data thus serves a legitimate interest related to the fulfilment of the purpose of the Association (GDPR Article 6 (1) point (f)). In addition, any subsequent claims can only be asserted in possession of these data. It is necessary to manage the language test data of the persons concerned, because the Association carries out its activities in close cooperation with foreign universities, with whom they communicate in English.

 

  1. c) In connection with the activities of the educational organization, the Association manages the following personal data of natural persons who provide the Association with educational activity free of charge.

Data processed: Name, address, place of birth, date of birth, mother’s name, ID number, telephone number, e-mail address. The Association manages the data for a period of 2 years after the end of the activity performed by the Data Subject.

The purpose of the data management activity is to facilitate the logging of pro bono educational organization activities through the Association’s internal system. Recording an e-mail address and phone number is necessary to facilitate contact with the Association and the participants in the educational activities. The data management activity thus serves a legitimate interest related to the fulfilment of the purpose of the Association (GDPR Article 6 (1) point (f)). In addition, any subsequent claims can only be asserted in possession of these data.

 

            6 d) The Association signs a contract with certain data subjects for the purpose of the Association’s educational activities. In connection with the organization of education, the association manages the following personal data of the natural persons with whom it has a contractual legal relationship (GDPR Article 6 (1) point b). The purpose of the data management is to establish and maintain the contractual relationship, as well as to log educational organisation activities through the Association’s internal system.

Data processed: Name, address, place of birth, date of birth, mother’s name, ID number, birth name, telephone number, e-mail address. The association manages the data for a period of 6 years after the termination of the contractual relationship, subject to the conditions contained in point a) above, and with the possibility of extension as described in point a).

Recording an e-mail address and phone number is necessary to facilitate contact with the Association and the participants in educational organization activities.

 

2. DATA MANAGEMENT OF THOSE IN A CONTRACTUAL RELATIONSHIP WITH THE ASSOCIATION (WITH THE EXCEPTION OF EDUCATIONAL ORGANIZATION ACCORDING TO POINT 1)

The Association enters into contracts with various data subjects for the performance of administrative activities related to the operation of the Association and for the performance of other activities (e.g. cleaning, maintenance work, etc.). The personal data of these data subjects is managed by the Association for the purpose of establishing and maintaining the contractual relationship (GDPR Article 6 (1) point b).

Managed data: Name, residential address, ID number, place of birth, date of birth, birth name. The association manages the data for a period of 6 years after the termination of the contractual relationship, subject to the conditions contained in point 1. a), and with the possibility of extension as described in point a).

3. NEWSLETTER-RELATED DATA MANAGEMENT

The association maintains a newsletter that anyone can subscribe to on a voluntary basis. In the newsletter, subscribers are regularly informed about the latest news about the Association, scholarships announced by the Association, online or personal events organized by the Association and other events related to the life of the Association. In order to subscribe to the newsletter, the person concerned must provide his e-mail address and consent to it being managed by the Association (GDPR Article 6 (1) point a)).

The association manages the e-mail addresses provided in this way until the day of unsubscribing from the newsletter. If someone wishes to unsubscribe from the newsletter, they can do so by sending an e-mail to the e-mail address support@freeszfe.hu, which unsubscribe e-mail address is also included in all e-mails sent by the Association.

4. DATA MANAGEMENT RELATED TO THE FACEBOOK PAGE

Facebook Ireland Limited (4 Grand Canal Square Grand Canal Harbor Dublin 2 Ireland) and the Association are joint data controllers for the data stored on the fan page. In accordance with the settings made on the Association’s fan page, Facebook Ireland collects personal data from people visiting the fan page using cookies, which data is passed on to the Association in the form of anonymized statements so that it can shape its events and social media content accordingly. Facebook’s data management policy is available at the following address: https://www.facebook.com/policy.php. Visitors of the Facebook page must agree to the use of cookies before visiting the fan page, regardless of whether they are Facebook users, so data may be processed for persons who do not have a Facebook login. The legal title for data management is the consent of the data subject (GDPR Article 6 (1) point a).

The range of data managed by the Association: shopping habits, place of residence, interests, age, gender, marital status, professional occupation. The Association manages the above data as long as it is available through the Facebook common data controller, the duration of which is fixed by the above Facebook conditions, currently for the maximum duration of cookies, which is a maximum of 2 years.

5. SUPPORTER DATA MANAGEMENT

The Association can be supported through the Patreon website, and through bank transfer to the Association’s bank account.

Patreon Ireland Limited (Suite 3, One Earlsfort Centre, Lower Hatch Street, Dublin 2L, Ireland) as a data controller shares personal data with the Association (as the Creator registered on its site) as a data processor in order to enable the fulfilment of the levels of support on the website, for example Patreon will only share the supporter’s address with the Creator if there is a service the Creator would like to send to the supporter through postal service. The association manages this data in order to provide the services described on the Patreon website.

Managed data: Name, e-mail address, the amount of support provided through Patreon and, in this regard, information on which support category it corresponds to, as well as the start date of the support, and aggregated anonymized data related to all supporters for statistical purposes. The Association is entitled to handle personal data as a data processor until the grant of support is cancelled, as stipulated in Patreon’s Privacy Policy, which is available at the following address: https://privacy.patreon.com/policies?name=patreon-privacy-policy. The Data Processing Agreement between Patreon and the Association is available at: https://support.patreon.com/hc/en-us/articles/360026912432-Data-Processing-Agreement-

6. DATA MANAGEMENT RELATED TO FOREIGN UNIVERSITIES

All universities with their registered offices outside of the territory of Hungary that have a contractual relationship with the Association (hereinafter: “University”) is considered to be a common data manager in relation to its members who have a student status there. The purpose of joint data management is for the Association to support the University in monitoring the university studies of association members. The Association manages the members’ personal data in order to fulfil the members contractual obligations towards the University and to monitor the fulfilment of these obligations. Considering that there is no contractual agreement between the Association and the member regarding this activity, the legal title of the data management is the fulfilment of the contract existing between the University and the Association, which regulates their cooperation, which, from the point of view of the member’s personal data, is considered data management based on the Association’s legitimate interest (GDPR. 6 Article (1) point (f)).

Scope of processed data: Name, e-mail address, seminar and lecture attendance catalog, grades, written evaluations. Joint data controllers manage the data until the member’s student status is terminated, with the University providing the member with information on the terms of the University’s data management.

7. DATA MANAGEMENT IN CONNECTION WITH PARTICIPATION IN AN EVENT

In order to pre-estimate the number of participants at an event organized by the Association and to plan the organization and conduct of the event in advance, the Association may make participation in events subject to prior registration. The Association manages the personal data of pre-registered persons. During registration, the data subjects give their consent to the processing of their personal data (GDPR Article 6 (1) point a)).

Range of processed data: Name, e-mail address. The data manager manages the data until the day after the event.

The association provides separate data management information for the participants about the data recorded during the event. The association may only process the personal data of the data subject for purposes related to support activities if it has informed the data subjects beforehand.

 

8. OTHER DATA MANAGEMENT

The Association does not collect data in any way on its website.

The Association provides information on data management not listed in this Privacy Policy when the data is collected.

The court, the prosecutor, the investigative authority, the infringement authority, the public administrative authority, the data protection commissioner or, based on the authorization of the law, other bodies may contact the Association for the purpose of providing information, communicating and handing over data, or making documents available. The Association will only release personal data to the authorities – if the authority has specified the exact purpose and the scope of the data – to the extent that is absolutely necessary to achieve the purpose of the request.

The Association does not check the personal data provided to it. If the User does not provide his own personal data, he is obliged to obtain the consent of the person concerned.

The employees of the Association who are employed or under contract, the employees of the courier service involved in the delivery of the products (if the delivery was requested by the customer), and the Data Processors are entitled to access the personal data.

 

III. Data protection guidelines applied by the Association

 

As a data manager, the Association takes responsibility that all data management related to its activities complies with the requirements set out in this Privacy Policy and the applicable legislation.

The Association is entitled to unilaterally modify this data management information. In the case of changes to the Privacy Policy, the Association will notify the data subject of the changes by publishing them on the website under the freeszfe.hu domain, at least eight (8) days before the change takes effect. By maintaining the membership of the association after the entry into force of the amendment, the data subject acknowledges and accepts the contents of the amended data management information.

The Association is committed to the protection of the personal data of the data subjects, and considers it of utmost importance to respect the data subject’s right to self-determination of information. The Association treats personal data confidentially and takes all security, technical and organizational measures that guarantee data security.

The data management principles of the Association are in accordance with the applicable legislation related to data protection, in particular with the following:

  • year CXII. Act on the right to informational self-determination and freedom of information (hereinafter Infotv.);

The Association agrees to publish a clear, attention-grabbing and unequivocal statement, informing them of the method, purpose and principles of the data collection, before collecting, recording, and processing any personal data of the data subjects. In addition to all of this, in all cases where the collection, handling and recording of data is not required by law, the Association draws the attention of the data subject to the voluntary nature of data provision. In the case of mandatory data provision, the legislation ordering Data Management must also be indicated. The data subject must be informed about the purpose of Data Management and who will handle and process the Personal Data.

In all cases, if the Association intends to use the provided Personal Data for a purpose other than the purpose of the original data collection, it will inform the person concerned about this and obtain their prior express consent, or provide them with the opportunity to prohibit the use.

The Association complies with the restrictions set by law in all cases when recording and handling data, and informs the data subject of its activities by e-mail according to his/her request. The Association will not enforce any sanctions against the person concerned who refuses to provide non-mandatory data.