Privacy Policy

on the collection and processing of personal data on the website www.mozaikhub.hu

 Introduction

The purpose of this Privacy Policy (hereinafter referred to as “Policy“) is to provide information to people interested in, using or intending to use the activities and services of JDC Hungary Foundation (hereinafter collectively: “Data Subjects“) should be informed – in accordance with the applicable legal requirements – about the processing of their personal data collected on the website, the purpose(s) and legal basis(s) of the data processing, the identity and contact details of the controller and basic information about the data processing.

The purpose of the Policy is also to inform the Data Subjects:

• about their rights in relation to data processing concerning them,
• about who and how they can contact with their requests and questions concerning the data processing of their personal data, from whom they can obtain the requested information and how long will it take to obtain the information requested,
• if they consider that their rights have been infringed in connection with data processing, for example, if they have not been adequately informed about or do not agree with the data processing or if they consider that the processing of their personal data is unlawful, in this case, to whom they can turn with their complaint and from which body they can seek legal protection.

We endeavour to summarise the above in this Policy in an understandable and clear format so that Data Subjects can understand how the collection, storage and other processing of their personal data when visiting our website, contacting us and other data processing operations may affect their right to information self-determination and privacy.

1.     Controller and identification of this website

1.1.  Controller:

JDC Hungary Foundation
Registration number: 01-01-0012517
Tax identification number: 18942408-2-42
Registered seat: H-1075 Budapest, Síp u. 12.
Website: https://jdchungary.hu/
E-mail: info@jdchungary.hu

Contact details of the Data Protection Officer:
Data Protection Office Kft.
e-mail: contact@dataprotectionoffice.hu

 1.2.  Website:

The website at https://www.mozaikhub.hu, and the webpage and subpages accessible from it

2.     Basic provisions governing data processing

2.1.

The service provided by the controller (hereinafter referred to as the “Controller“), which operates the website (hereinafter referred to as the “Website“) available at the Internet address specified in subsection 1.2, is directed to and provided from Hungary, with its sole place of business in Hungary. Accordingly, the provision of the service and the users are governed by Hungarian law (also in relation to data processing) during the use of the service.

2.2.

The scope of this information applies to data processing that qualifies as personal data processing during the use of the Website interface, viewing electronic content made available there, and using services.

2.3.

For the purposes of this Policy:

• User: any natural person browsing the Website, regardless of the pages or sub-pages of the Website visited;
• Personal data: any information relating to an identified or identifiable natural person (“Data Subject“), such as any information about You or any other natural person, such as name, email address;
• Controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (See point 1.1);
• Processor: the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the Foundation; (they are specifically identified for each purpose of data processing)

2.4.

The Controller is responsible for compliance with the following principles when processing your personal data:

• process personal data lawfully, fairly and transparently in relation to the Data Subject („lawfulness, fairness and transparency”);
• collect personal data only for specified, explicit and legitimate purposes and does not process them in a way incompatible with those purposes. („purpose limitation”)
• the personal data processed are adequate, relevant and limited to what is necessary for the purposes for which they are processed („data minimisation”);
• keep the personal data accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay („accuracy”);
• store the personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; („storage limitation”);
• a process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures („integrity and confidentiality”).

2.5.

Our data management activities are carried out in accordance with the applicable European Union and national legislation in force, in particular:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); (The EU General Data Protection Regulation), (hereinafter referred to as: GDPR),
• Act CVIII of 2001 on certain aspects of electronic commerce and other information society services (Electronic Commerce Act) (hereinafter referred to as: Ekertv.)

3.     Certain data processing on the Website

3.1.  Registration for training organised by the Controller

3.1.1.     Data Subjects concerned

Any user who wishes to participate in a training course organised by the Foundation and who registers for such purpose by providing his/her personal data on the sub-page of the Website https://mozaikhub.hu/event/ for the training course offered there.

Consent can be given by clicking on the “Subscribe” button on the Website, after voluntarily providing the personal data required for registration.

3.1.2.      The purpose of data processing

The purpose of data processing is to obtain the data necessary for the efficient and effective organisation and implementation of free training courses organised by the Foundation.

3.1.3.     Legal basis for data processing

The legal basis for data processing is your explicit consent (Article 6 (1) a) GDPR).

You may provide your personal data by filling in the electronic form, by clicking on the “register” button after accepting the Privacy Policy, thereby giving your prior, voluntary, explicit consent to the data processing.

If you do not provide or consent to the processing of your personal data, your registration will not be recorded and accepted and you will not be able to participate in the advertised training.

3.1.4.     Duration for data processing

Your personal data will be processed until your consent is withdrawn, but no later than the last day of the 3rd year following the year in which your consent was given.

You may withdraw your consent at any time by sending an e-mail to benceto@jdc.org, but the withdrawal shall not affect the lawfulness of the data processing prior to its withdrawal.

If you withdraw your consent, your registration for the training will be cancelled and you will lose your right to participate.

3.1.5.     Processors processing the data

The Foundation does not use a data processor to process personal data for registration purposes.

3.1.6.     Recipients of personal data / who can access personal data

The Foundation will ensure that the personal data of Data Subjects collected on the Website is protected at all times from disclosure to unauthorised persons.

The personal data provided for the purpose of registering for free training courses may be accessed only by employees of the Foundation whose job it is to organise, conduct and coordinate training courses, for the time and to the extent necessary for the performance of their duties. Personal data will not be disclosed to any other recipients, such as a third country addressee or an international organisation.

We may be approached by a court, prosecutor’s office, investigating authority, infringement authority, administrative authority, the National Authority for Data Protection and Freedom of Information, and other authority(ies) authorised by law to transfer or transmit personal data in connection with data processing.

In such cases, we will only disclose information that we are legally required to disclose and to the extent that it is strictly necessary to fulfil the request.

3.2.  Newsletter service

3.2.1. Data Subjects concerned

All users who register on the Website for our newsletter service.

Consent can be given by clicking on the “Subscribe” button on the Website, after voluntarily providing the personal data required for registration.

3.2.2. Purpose of data processing

Our Foundation sends direct marketing materials and newsletters containing up-to-date information to those who have voluntarily and expressly agreed to receive them in advance.

3.2.3. Legal basis for data processing

The legal basis for data processing is your explicit consent (Article 6 (1) a) GDPR).

3.2.4. Duration for data processing

Your personal data will be processed until your consent is withdrawn, but no later than the last day of the 3rd year following the year in which your consent was given.

You may withdraw your consent at any time by sending an e-mail to benceto@jdc.org, but the withdrawal shall not affect the lawfulness of the data processing prior to its withdrawal. If you withdraw your consent, you will no longer be entitled to receive the newsletter, and we will no longer be able to send you the newsletter.

3.2.5. Processors processing the data

 The Foundation does not use a data processor to process personal data for registration purposes.

3.2.6. Recipients of personal data / who can access personal data

 The Foundation will ensure that the personal data of Data Subjects collected on the Website is protected at all times from disclosure to unauthorised persons.

The personal data provided for the purpose of registering for the newsletter service may only be accessed by employees of the Foundation performing communication and marketing tasks, also in this context, for the time and to the extent necessary for the performance of their duties. Personal data will not be disclosed to any other recipients, such as a third country addressee or an international organisation.

We may be approached by a court, prosecutor’s office, investigating authority, infringement authority, administrative authority, the National Authority for Data Protection and Freedom of Information, and other authority(ies) authorised by law to transfer or transmit personal data in connection with data processing.

In such cases, we will only disclose information that we are legally required to disclose and to the extent that it is strictly necessary to fulfil the request.

4.     Processing of cookies

4. 1.  What is a cookie?

 Cookies are small data files placed by the browser on the user’s computer or device. Among other things, they collect information, remember users’ individual preferences and generally make the site easier to use. Cookies by themselves do not collect any data stored on your computer or in files. Please read the following notice carefully for more information about how we collect information when you use the Foundation’s Website.

 4. 2.  Types of cookies

 Session cookie: these cookies are temporarily activated while you browse. In other words, from the moment the user opens the browser window until the moment it closes. Once the browser is closed, all session cookies are deleted.

Persistent cookie: these cookies remain on the user’s device for the period of time specified in the cookie. They are activated each time the user visits the site.

4. 3.  What cookies do we use and why?

 Cookies used on the Website:

• Name of the cookie: _ga
  Placer of the cookie: Google Analytics
  Purpose of the cookie: this cookie is set by Google Analytics to calculate visitor, session data and track site usage for the site analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise individual visitors.
  Expiry date of the cookie: 1 year 1 month and 4 days
• Name of the cookie: _gid
  Placer of the cookie: Google Analytics
  Purpose of the cookie: Google Analytics sets this cookie to store information about how visitors use the Website, while also generating an analytics report on Website performance. The data collected includes the number of visitors, their source and the pages they visit anonymously.
  Expiry date of the cookie: 1 day
• Name of the cookie: _gat_gtag_UA_*
  Placer of the cookie: Google Analytics
  Purpose of the cookie: Google Analytics sets this cookie to store a unique user identifier.
  Expiry date of the cookie: 1 minute
• Name of the cookie: _GRECAPTCHA
  Placer of the cookie: Google
  Purpose of the cookie: Google’s Recaptcha service sets this cookie to identify bots to protect the site from malicious spam attacks.

More information: Google Analytics Cookie Usage on Websites  |  Analytics for Web (analytics.js)  |  Google Developers (archive.org)

4. 4.  Your consent

 By browsing this Website, you consent to us placing cookies on your computer for the purpose of analysing how you use our Website.

4.5.  How can I delete/deactivate cookies?

Each browser allows you to change your cookie settings. However, it is very important to note that, as cookies are intended to facilitate the usability and processes of the Website, if cookies are prevented or deleted, our users may not be able to use the full functionality of the Website or the Website may not function as intended in their browser.

You can usually find cookie-related settings in the “Settings” menus of your browsers. For more information on setting cookies, please see the “Help” menu for each browser.

4.6.  How can I withdraw my consent?

 If you have consented to the use of cookies, your browser will store cookies on your computer or other device so that our system can recognise your preferences. Consent expires from time to time. However, if you wish to withdraw your consent, you can do so at any time in the cookie settings of your browser.

To opt-out of being tracked by Google Analytics on websites, please visit http://tools.google.com/dlpage/gaoptout.

Most browsers have a default setting to automatically accept cookies, but you can usually change your browser settings to avoid automatic acceptance, to be informed each time a cookie is sent to you, or to opt out of receiving cookies altogether. If you wish to disable cookies, please read the information for the browser you are using on your computer.

Please make sure that the instructions you choose match the type and version of your browser.

Internet Explorer
http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies

Chrome
https://support.google.com/accounts/answer/61416?hl=en

Mozilla Firefox
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Safari (Mac)
https://support.apple.com/kb/PH17191

Opera
https://help.opera.com/en/latest/web-preferences/#cookies

Microsoft Edge
https://support.microsoft.com/en-gb/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd

4.7.  More information about cookies

 For more information about cookies, please visit the following websites:

• For more information about Cookies in general and about the use, deletion and blocking of Cookies
• More information about cookies used by Google Analytics and about the deletion and blocking of them
• http://cookiepedia.co.uk/cookie-laws-across-europe

5.     Data security measures

5.1.  Ensuring basic conditions for data security

 Our Foundation fully complies with the data and confidentiality, information security and access regulations that serve the security of data, accordingly, we ensure adequate data protection by operating an IT system that meets the technical standards of the age and by taking organizational measures.

We select and operate the computing tools used for data processing in such a way that the data processed is always secure for You and other Data Subjects:

1. access (availability),
2. authenticity,
3. the integrity of the data,
4. protection against unauthorised access (confidentiality of data).

In processing the data, we ensure the information system’s:

• privacy (taking into account the potential threats to data processing),
• complete protection (all elements of the IT system are protected),
• continuity of protection (continuity of protection over time),
• proportionality to the potential risks.

6.     Persons entitled to access the data

 We ensure that your personal data is protected from unauthorised access at all times.

We may be approached by a court, prosecutor’s office, investigating authority, infringement authority, administrative authority, the National Authority for Data Protection and Freedom of Information, and other authority(ies) authorised by law to transfer or transmit personal data in connection with data processing. In such cases, we will only disclose information that we are legally required to disclose and to the extent that it is strictly necessary to fulfil the request.

7.     Your rights and means of enforcement as a Data Subject

In any case, we allow the Data Subjects, including you, to exercise the rights granted by the Regulation, subject to the limitations set out therein.

Do you, as the Data Subject, need to justify the legal basis for your request?

You do not need to justify the legal basis for your request, as data protection rights are a fundamental right of data subjects.

Do you, as a Data Subject, need to identify yourself?

Yes, lack of identification may lead to a refusal of the application.

Identification can be done by:

• when submitting the application in person (or receiving the data): by presenting an official document proving your identity / the document will not be copied /;
• if the application is submitted on-line, we will prepare the application, but the data will only be given to the applicant after identification has been completed.

(please do not send a copy of the official document proving your identity, as sending the document by electronic mail does not identify the Data Subject, but results in unnecessary data processing)

Do you, as the Data Subject, have to refer to your relationship with the data subject to the request?

Yes, you need to refer to your relationship with the data subject to the request. Without a clear and precise relationship, your request may be refused.

Place and method of application:

You, as the Data Subject, may submit your request by sending a letter to our postal address indicated in this Policy or by sending an electronic (e-mail) message to the e-mail address provided.

As a Data Subject, you are entitled to:

 

• prior information, and you may request information about the processing of your personal data and/or access to your data – in which case you will be informed whether a controller is processing personal data concerning you and, if so, the exact purposes, legal basis, scope of the data processed and the main rules of the processing (as set out in this Notice) and, upon request, we will provide you with a copy of the personal data processed;
  If your request is manifestly unfounded or excessive, in particular because of its repetitive nature, having regard to the administrative costs of providing the information or information or of taking the action requested: a reasonable fee may be charged or the act on the request may be refused.
  The burden of proving that the request is manifestly unfounded or excessive lies with our Foundation as Controller.
• rectification of your data, i.e. the correction or rectification of inaccurate personal data relating to you, or the completion of incomplete data;
• deletion of your data, i.e. making the data unrecognisable in such a way that it is no longer possible to recover it;

A request for cancellation may be granted if one of the following grounds applies:

• • the personal data are no longer necessary for the purposes for which they are processed;
  • You withdraw your consent on which the processing is based and there is no other legal basis for the processing;
  • You object to the processing of your data and there are no overriding legitimate grounds for the data processing, or you object to the processing of your data for commercial purposes;
  • your personal data is unlawfully processed;
  • the personal data must be erased in order to comply with a legal obligation under EU or Member State law applicable to us;
  • the personal data have been collected in connection with the provision of information society services referred to in Article 8 (1) of the Regulation.

The data may not be deleted if the processing is necessary for the establishment, exercise or defence of our legal claims.

• restriction of the processing of your data, on the basis of which we will restrict the data processing at your request if one of the following conditions is met:
  • if you as a Data Subject contest the accuracy of your personal data, in which case the restriction applies for the period of time that allows us to verify the accuracy of your personal data;
  • if the data processing is unlawful and you, as the Data Subject, oppose the erasure of the data and instead request the restriction of their use;
  • if the personal data are no longer necessary for the purposes of processing, but you, as the Data Subject, require them for the establishment, exercise or defence of legal claims.

If the processing is restricted, such personal data may be processed, except for storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.

If a restriction is imposed, you will be informed in advance of the lifting of the restriction on processing in accordance with the applicable regulations.

The restriction of data processing may also take place independently of your request, in particular, but not limited to, in the following cases:

• • if the supervisory authority (National Authority for Data Protection and Freedom of Information) orders so,
  • if our Foundation is ordered by the competent authority or court to comply with the restriction,
  • at our own discretion, where we consider that the deletion of the data would harm your legitimate interests as Data Subject or the legitimate interests of third parties (in particular, where it is necessary to preserve the data as evidence /e.g. pending the outcome of an investigation or proceeding/)

• in the event of a personal data breach – where it is likely to result in a high risk to your rights and freedoms – we will provide you with information about the personal data breach’s:
  • circumstances,
  • effects and
  • measures taken to prevent it.
• if the transfer is made outside the exceptions provided for by law, we will provide information on the legal basis and recipient(s) of the transfer upon request.

7.1.  Withdrawal of consent

In the case of data processing based on your consent, you may withdraw your consent at any time, but such withdrawal shall not affect the lawfulness of data processing based on consent prior to that date.

8.     Procedures for exercising rights in relation to data processing

Our Foundation, as the Controller, will inform you of the action taken on your request pursuant to Articles 15 to 22 of the GDPR within one month of receipt of your request at the latest, which may be extended by two months if necessary (taking into account the complexity of the request and the number of requests, pursuant to Article 12 (3) of the GDPR).

Any extension of the deadline will be notified within the time limit set for the procedure, stating the reason for the extension.

9.     LEGAL REMEDIES

 SUBMITTING A COMPLAINT

we recommend that you make use of the possibility to submit a request, complaint, objection (and all related consultations) directly to us before initiating any official or judicial procedure.

Our telephone number, e-mail and postal address, as well as the contact details of our Data Protection Officer, are available for the above purposes in the Introductory section of this Policy.

INITIATING A PUBLIC AUTHORITY PROCEDURE

You may, at your discretion, submit a data protection notification and initiate a public authority procedure if you believe that we have breached our obligations regarding the processing of your personal data.

 The competent authority:
National Authority for Data Protection and Freedom of Information
Address:                    1055 Budapest, Falk Miksa u. 9-11.
Postal address:                                1363 Budapest, Pf.: 9.
Telephone number:                                +36 (1) 391-1400,
E-mail address:                            ugyfelszolgalat@naih.hu,
Address of its website:                                  http://naih.hu.

INITIATING A COURT PROCEDURE

If you, as a Data Subject, do not agree with our decision regarding your request or objection, or if we fail to comply with the mandatory deadline for replying, you may turn to court within 30 days of notification of the decision or the last day of the deadline.

You – at your choice – may also bring the action before the court competent for your address or place of residence.

 

If you have any questions or comments about this Policy, please contact us at the telephone number or e-mail address indicated in the Introduction to this Policy, or by letter to our postal address. 

JDC Hungary Foundation

Controller