The processing and the protection of personal and sensitive data at Semmelweis University are in compliance with the relevant legislation and safety regulations. Legislation and safety regulations governing data processing and the protection of sensitive data are comprised in Semmelweis University’s Data Protection Policy (available only in Hungarian).
DATA PROTECTION INFORMATION
I Introduction
Semmelweis University (hereinafter referred to as “Data Controller”), abiding by the provisions of the European Union and Hungarian regulations, provides the following information regarding the processing of personal data acquired during online registration on the university’s website.
II The laws creating the framework of data processing policy
-
“The REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR),
-
Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as “Information Act”)
-
the guidelines set by the European Data Protection Board created based on Article 29 of GDPR
-
the recommendations of the National Authority for Data Protection and Freedom of Information
III Guidelines and definitions
The definitions related to the data processing activities of the Data Controller and the guidelines of data processing are to be understood and applied as defined by GDPR.
IV Name and contact information of the Data Controller
Name: Semmelweis University
Address: 1085 Budapest, Üllői út 26.
Mailing address: 1428 Budapest, Pf.2.
Data protection officer: dr. Sára Trócsányi
E-mail: adatvedelem@semmelweis-univ.hu
V Purpose of data processing
The purpose is defined on the specific department’s website at the form where data is to be provided.
VI Legal basis of data processing
The consent of the person concerned and the legitimate interest of the Data Controller. Consenting to data procession is voluntary.
VII The types of processed data
The data defined by the specific department on its website at the form.
VIII Transmission of data
The personal data acquired during registration are not transmitted to third countries or international organisation by the Data Controller, they are only used for the purposes as defined by Section V of this Data Processing Information leaflet.
IX The duration of data processing
A duration necessary and reasonable for realising the purposes of data processing (consent may be revoked any time, however, revocation of consent will not affect the validity of data processing prior to revocation).
X Rights of data subjects
The data subject has the right to request information from the Data Controller regarding his/her personal data processed by the Data Controller and may request to correct, complement, limit the processing and delete the data.
Personal data to be processed for events organised via the website
The processing of personal data is regulated by the
-
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)
and
-
the Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as “Information Act”).
In addition, special rules require the processing of the following data:
data | purpose | legitimate interest |
newsletter | ||
e-mail address | information, contact | consent |
event | ||
name | identification, preparing invoice | Act C of 2000 |
address | ||
workplace | (if necessary) | |
e-mail address | information, contact | consent |
telephone number | ||
courses of continuing professional development (documented event) | ||
name, place and date of birth | identification, preparing invoice | Act LXXVII of 2013 törvény; Act C of 2000 |
mother’s name | ||
mailing address | ||
address/residence | ||
sex | ||
nationality | ||
in case of non-Hungarian nationals the title of staying in Hungary and the title and number of the document permitting the stay | ||
operation number or in the absence thereof, the basic registration number | identification | 63/2011. (XI. 29.) NEFMI r. |
qualification | ||
professional group | ||
e-mail address | information, contact | consent |
telephone number | ||
complaints, notifications of public interest Note: The personal data of the complainant or the notifier may only be transferred to the body competent to deal with the complaint or the notification if that body is legally authorised to deal with thereof or if the complainant or the notifier has specifically consented to the data transfer. |
||
name | information, contact | Act CLXV of 2013 |
address | ||
e-mail address | ||
telephone number |