The processing and the protection of personal data at Semmelweis University (Semmelweis Egyetem in Hungarian) are in compliance with the relevant legislation and safety regulations. Legislation and safety regulations governing data processing and the protection of data are comprised at the website of Semmelweis University: https://semmelweis.hu/english/data-protection/

I.         Introduction

The TEHDAS Joint Action project develops European principles for the secondary use of health data. TEHDAS is being carried out by 25 European countries and co-ordinated by the Finnish Innovation Fund, Sitra. The project started in February 2021. It is based on the European Commission’s Health Programme 2020. Work Package 8 (WP8) of TEHDAS focuses on citizens’ participation and data altruism. The National Directorate General for Hospitals (in Hungarian Országos Kórházi Főigazgatóság – OKFŐ) and Semmelweis University are responsible for the deliverable D8.2 “Recommendations on lessons learned and recommendations for data altruism practices in national and European health data spaces”. As part of D8.2, OKFŐ and Semmelweis University organise a workshop with national and EU stakeholders, including the WP8 Advisory Group (WPAG8) to discuss the proposed recommendations for data altruism practices. Semmelweis University is responsible the technical organisation of the workshop. Semmelweis University (hereinafter referred to as “Data Controller”), abiding by the provisions of the European Union and Hungarian regulations, provides the following information regarding the processing of personal data acquired during online registration for the following event:

Recommendations for data altruism practices TEHDAS WP8 WORKSHOP

27th April 2023, 15.00-17.00

Brussels, 1040, Rue de Trèves 92-98.

The provision of your data takes place via a web application on the Internet. The registration form for the event is available at the following website: https://forms.gle/FuscsmKcqqrpBAZb9

The confidentiality, the integrity (inviolability), the authenticity and the availability of personal data can be guaranteed at this website as it is available and stated in its FAQ, Support, Privacy statement and Terms of Service.

II.       The laws creating the framework of data processing policy

Legislation:

1“The REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR),

2 Hungarian national legislation: Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as “Information Act”)

Further legal guidance:

3 The guidelines set by the European Data Protection Board created based on Article 68 of GDPR and the former Article 29 Working Party

4 The recommendations of the Hungarian National Authority for Data Protection and Freedom of Information

III.      Guidelines and definitions

The definitions related to the data processing activities of the Data Controller and the guidelines of data processing are to be understood and applied as defined by GDPR.

IV.     Name and contact information of the Data Controller
V.       Legal basis of data processing

The legal basis of data processing is the consent of the persons concerned. Consenting to data procession is voluntary. Consent is given on the registration page.

The personal data of the registered person are processed on the legal basis of and in line with Art. 6 (1) of the General Data Protection Regulation (GDPR).

The personal data are collected from the data subject on the legal basis of and in line with Art. 13 of the General Data Protection Regulation (GDPR).

VI.     Purpose of data processing and the types of processed data

Personal data of registering persons is necessary to organize the event, and communicate with the registered person about the event. During registration, information is collected for statistical purposes under the legitimate interest of consent, including mandatory information such as first name, last name, email, country, and organization. Additionally, non-mandatory information such as sector and position may be provided. It should be noted that aggregated statistics will not contain personal data and will be used for TEHDAS reports, as well as for communication and dissemination on the TEHDAS website and other online media platforms.

Furthermore, the event will be recorded in the form of audio and video for the purpose of creating summaries. This recording is based on the consent of the participants, who agree to the recording by joining the event.

VII.   Transmission of data

The personal data acquired during registration are not transmitted to third countries or international organisation by the Data Controller, they are only used for the purposes as defined by Section VI. and Section VII. of this Data Processing Information document.

If the registered person wishes to receive the TEHDAS newsletter, the subscription page is available at:

https://www.sitra.fi/en/projects/joint-action-towards-the-european-health-data-space-tehdas/#newsletter

If the registered person wishes to receive further information about the activities and results of TEHDAS, and ask to add her/his name, e-mail and organisation to the stakeholder list of TEHDAS, requests can be sent to: becze.orsolya@okfo.gov.hu and bencze.laszlo@partner.okfo.hu .

VIII.  The duration of data processing

The duration necessary and reasonable for realising the purposes of data processing is a period of 1 year counted from the day of the event. Consents may be revoked any time, however, revocation of consent will not affect the validity of data processing prior to revocation.