privacy policy

The highest-level protection of personal data is a priority for the operator of the www.hungarianyearbook.com website (Magyar Nemzetközi Jogi és Európai Jogi Társaság – Hungarian Society for International Law and European Law, registered seat: 2 Kárpát str., 1133 Budapest, Hungary, represented by Dr. Laura Gyeney as president, hereinafter referred to as ’Data Controller’).

To ensure the safety of the personal data processed by the Data Controller, it has prepared the present policy (the ’Policy’) based on the provisions of Act CXII of 2011 on the right to informational self-determination and on the freedom of information (’Privacy Act’) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, ’GDPR’).

Browsing the website at www.hungarianyearbook.com (the ’Website’) or subscribing to the newsletter (the ’Newsletter’) constitutes acceptance of this Policy.

 
1. DATA CONTROLLER

1.1. The Data Controller is the operator of the Website.
Name of Data Controller: Magyar Nemzetközi Jogi és Európai Jogi Társaság – Hungarian Society for International Law and European Law

Address of Data Controller: 2 Kárpát str., 1133 Budapest, Hungary

E-mail address of Data Controller: editors@hungarianyearbook.com 

 

2. SCOPE OF THE POLICY

2.1. The Policy enters into force on 9 January 2020. Data Controller has the right to modify the Policy. Any amendments of the Policy shall be published at the Website as soon as it was adopted by the Data Controller. 

2.2. The material scope of the Policy covers all processes of the Data Controller, during which personal data, as defined in Section 3(2) of the Privacy Act, are processed.

2.3. The material scope of the Policy covers all personal data processed by the Data Controller, regardless of their form of appearance or/and location. This Policy applies to all stages of data processing. The personal scope of this Policy covers all members, employees and representatives of the Data Controller.

 

3. GENERAL PROVISIONS

3.1. The purpose of processing is the performance of the services offered on the Website (especially, but not limited to contacting the Data Controller, and Newsletters).

3.2. Scope of processed data: personal identification data (last name, first name), contact details (e-mail address), data required for the Newsletter subscription, and other data voluntarily provided by the users.

 

4. LEGAL BASES OF PROCESSING PERSONAL DATA

4.1. The following are the legal bases for processing personal data:

a) Voluntary consent of data subjects: data subjects give informed consent to the processing of their personal for one or more specific purposes.

b) Processing based on legitimate interests: Processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

4.2. The Data Controller does not process sensitive data.

 

5. RULES OF DATA PROCESSING

5.1. The Data Controller processes personal data disclosed to it by the data subjects (the users) or otherwise acquired by the Data Controller as set out in the present Policy. In processing personal data, the Data Controller must at all times comply with the principles of legality, fair procedures and transparency, the principle of purpose limitation, the data-saving principle, the principle of accuracy and the principle of storage limitation, as well as the principles of integrity and confidentiality. The Data Controller is responsible for compliance with these principles and must be able to demonstrate such compliance.
5.2. Before recording any data, the Data Controller informs the data subject about the purpose and the legal basis of the data processing in all cases.

5.3. Data processing must in all phases conform to the purpose, and the data will be deleted if the purpose of the data processing ceased or the processing of the data otherwise becomes unlawful.

5.4. In order to ensure the safety of the personal data processed, the Data Controller takes all technical and organizational measures and establishes the rules of procedure that are required to enforce the Privacy Act and other domestic and international data protection legislation. The Data Controller is obliged to protect the personal data processed by it against unauthorized access, alteration, transfer, disclosure, erasure or destruction, as well as accidental destruction and damage.

5.5. The personal data provided may be accessed only by the Data Controller in order to attain the purpose of processing. Data transfer is governed by the provisions of Section 10.

5.6. In carrying out their work, the members, employees and representatives of the Data Controller ensure that no unauthorized person can access the personal data and that the personal data are adequately protected against unauthorized access, alteration, transfer, disclosure, erasure or destruction, as well as the accidental destruction and damage or becoming inaccessible arising from changes in the applied technology.

      

6. ENFORCING THE RIGHTS OF DATA SUBJECTS (USERS)

6.1. In carrying out its data processing activity, the Data Controller ensures enforcing the rights of data subjects in accordance with the provisions of the GDPR and the Privacy Act.

6.2. Data subjects (users) may ask the Data Controller for access to the personal data concerning them, their rectification, erasure and, in certain cases, restriction of the processing of the data and object to the processing of personal data. Data subjects also have the right to data portability or submit a complaint to the supervisory authority and the right to redress.

6.3. Where processing based on consent, the data subject also has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

6.4. The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, be granted access to the personal data and the following information:

a) Purposes of the data processing;

b) Categories of the personal data concerned;

c) The recipients or categories of recipients to whom or which your personal data were disclosed or will be disclosed, including in particular third country recipients or international organizations;

d) Where applicable, the planned duration of storage of the personal data, or if it is not possible, the criteria for the definition of such period;

e) The right of the data subject to request from the Data Controller the rectification, erasure or restriction of the processing of his or her personal data, and to object to the processing of his or her personal data;

f) The right of submitting complaints addressed to the supervisory authority;

g) If the data was not collected from the data subjects (users), all available information regarding their source.

6.5. The Data Controller provides the requested information as soon as possible after the submission of the request and at the latest within 30 calendar days in a clearly understandable form, in writing if so requested by the data subject. The information will be provided free of charge if the person requesting it has not submitted yet any request for information in relation to the same dataset during the year in question.

6.6. Where the request of the data subject is manifestly unfounded or excessive (in particular because of its repetitive character), the Data Controller may, having regard to the administrative costs of providing the information or communication, or taking the action requested:

a) Charge a reasonable fee, or

b) Refuse to act on the request.

The Data Controller bears the burden of demonstrating the manifestly unfounded or excessive character of the request.

6.7. On request, the Data Controller shall provide the Data Subject with one copy of the processed personal data. If the data subject submitted the request electronically, the requested information will be made available in widely used electronic format, unless the data subject expressly requested otherwise. Unless the data subject expressly requested otherwise, the Data Controller makes the information available in PDF format.

6.8. Data subjects are entitled to have the data controller rectify their incorrect personal data without delay. Taking into account the purpose of the data processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

6.9. In accordance with Article 17 GDPR, the data subject has the right to obtain from the Data Controller the erasure of personal data concerning him/her without undue delay. Instead of erasure, the Data Controller must block the personal data if it can be assumed on the basis of available information that erasure would harm the legitimate interests of the data subject. Personal data blocked in this manner may only be processed for as long as the purpose of data processing that excluded the deletion of personal data prevails.

6.10. The data subject has the right to obtain from the Data Controller restriction of processing in accordance with Article 18 GDPR. During the restriction period, the Data Controller and its data processors, if any, must not use the personal data for any purpose other than storage.

6.11. The data subject has the right to object to the processing of his or her personal data under Article 21 GDPR.

 

7. SPECIAL PROVISIONS ON SPECIFIC DATA PROCESSING

7.1. Data processing on the Website

Anyone can access the Website and obtain information from the contents stored on the Website and from the Website and the sites linked to it freely and without restriction without disclosing his or her personal data or revealing his/her identity.

Unless otherwise stated, the contents of the Website are owned by and the copyrighted intellectual property of the Data Controller. The Data Controller reserves all rights in this regard.

The Data Controller excludes its liability for any damage arising from the downloading or unavailability of the Website. Content downloaded by following any external link found on the Website is not under the influence of the Data Controller and for this reason the Data Controller excludes its liability in respect of these contents.

 

7.2. Use of cookies

The Data Controller uses the data generated while anonymously visiting the Website solely for the technical operation of the Website, for statistical purposes, to increase the security of the system, to ensure better and high-quality user experience and to send the Newsletter and improve the Website. These data are not considered personal data, and are not linked by the Data Controller with personal data; these data are not accessible by the public and cannot, in themselves, identify the person of the visitor.

The Data Controller uses so-called cookies to collect profile data and status data (e.g. IP address, browser type, date and time of visit, visited sites, sub-site, feature or service used, etc.). The use of cookies operated by the Website requires the prior informed consent of the data subjects within the meaning of Section 155(4) of Act C of 2003 on electronic communications.

Cookies can be disabled in the browser used by the visitor.

 

7.3. Processing the data of newsletter subscribers

The Data Controller sends a Newsletter relating to its activities to the persons subscribing to it. The Newsletter can be subscribed on the Website. The purpose of processing is to provide periodic information about new developments (including but not limited to new releases of the Hungarian Yearbook, call for papers, relevant new contents added to the Website). The Data Controller uses the names and e-mail addresses of the data subjects (users or newsletter subscribers) for this purpose only.

The Data Controller stores the personal data electronically until the data subject unsubscribes, but at latest until the Data Controller terminates the Website’s and/or its own operation.

Data subjects (users or newsletter subscribers) may unsubscribe the Newsletter for free without any restriction or giving a reason. They can do so directly using the link provided in the Newsletter, or by sending the Data Controller a request for erasure (by e-mail or post). In this case, the Data Controller will no longer send Newsletters to the user.

 

7.4. Managing contact data

All users can contact the Data Controller at all the public contacts of the Data Controller.

When making contact, the data subjects decide on the processing of the personal data he/she disclosed. The legal basis of processing is provided by the data subject (user) by voluntarily, for the purpose of communication.

By sending a message (e-mail or regular mail), users give voluntary, clear and explicit consent to the Data Controller processing their data electronically in the manner defined in the Privacy Act and the GDPR for up to 1 year from the date of making the contact.

By sending a message (e-mail or regular mail), users expressly consent to the Data Controller using their name, e-mail address and other personal data disclosed when making contact (e.g. cell phone number) for the purpose of communication.

 

8. RIGHTS AND REMEDIES RELATING TO DATA PROCESSING

8.1. Data subjects (users) have the right to obtain from the Data Controller:

a) information on the processing of their personal data;

b) rectification of their personal data; and

c) erasure or blocking of their personal data, except for any mandatory data processing.

8.2. If the data subject (user) believes his/her right to protection of personal data has been violated in the course of processing by the Data Controller, the data subject (user) may seek remedy from the competent bodies in accordance with the relevant legislation, that is:

a) He/she may lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH, Address: 22/C Szilágyi Erzsébet fasor, 1125 Budapest, Hungary, Web: www.naih.hu), or

b) He/she may turn to the competent court. Based on the seat of the Data Controller, the competent court is the Budapest-Capital Regional Court (Fővárosi Törvényszék).

8.3. A detailed description of the rights and remedies relating to data processing is contained in the Privacy Act and the GDPR.

 

9. DATA PROCESSING

9.1. In processing personal data, the Data Controller does not make the personal data accessible by third parties without the consent of the data subjects, unless the data transfer is required by law governing the Data Controller. The Data Controller informs the data subjects in advance of the use of a data processor.

9.2. The data protection obligations of the natural or legal person engaged in data processing activity on behalf of the Data Controller, if any, are laid down in the agency contract made with the data processor. The Data Controller uses only data processors who/that provide sufficient guarantees to implement appropriate technical and organizational measures to ensure compliance with the requirements of data processing and the protection of data subjects’ rights. The data processor may not engage another data processor without the prior occasional or general written authorization of the Data Controller.

9.3. The data processor processes the data according to instructions from the Data Controller and must always act in accordance with instructions from the Data Controller while performing the processing. The data processor may not make a decision on the merits regarding the personal data it becomes aware of. The data processor is not authorized to perform data processing for its own purposes. During the data processing, the employees of the data processor may come to know the data, but neither the data processor nor its employees may transfer the data to third parties.

9.4. The Data Controller may transfer the data processed to the data processor identified in this Section for the purpose of operating the Website:

 

NAME OF DATA PROCESSOR

CONTACT

PROCESSING ACTIVITY

EsterCom Kft.

szorenyi.roland@estercom.hu

Website operation and maintenance

 

9.5. The personal data of data subjects (name and e-mail address) are transferred to a data processor for sending Newsletters. Personal data are typically stored and transferred digitally, to which the data processor engaged in the sending of Newsletters necessarily has access:

 

NAME OF DATA PROCESSOR

CONTACT

PROCESSING ACTIVITY

Mailchimp

www.mailchimp.com

Sending newsletters

 

10. HANDLING OF PERSONAL DATA violations

10.1. The Data Controller must, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the competent supervisory authority, except if able to prove, in accordance with the principle of accountability, that the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

10.2. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller informs the data subject of the personal data breach without undue delay.

10.3. It is not necessary to inform the data subject if any of the following conditions are met:

a) The Data Controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular, those that render the personal data unintelligible to any person who is not authorized to access them;

b) The Data Controller took subsequent measures following the personal data breach that ensure that the high risk to the rights and freedoms of the data subjects is no longer likely to materialise;

c) The information would involve a disproportionate effort. In such a case, there must instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.

 

11. AMENDMENT OF THE POLICY

11.1. The Data Controller reserves the right to modify this Policy in accordance with current legislation.

11.2. If an amendment to the Policy concerns the processing of the personal data of the users of the Website in any manner, the Data Controller informs the data subjects (users) of the changes via e-mail information (Newsletter). If, due to an amendment of the Policy, the details of data processing also change, the Data Controller will repeatedly ask for the data subject’s (user’s) consent to the continued processing of his or her data.

 

12. OTHER ISSUES

Matters not regulated in this Policy are governed by Privacy Act and the GDPR, as well as the current laws in force.

 

Last updated: 1 February 2020

 

© HUNGARIAN YEARBOOK OF INTERNATIONAL LAW AND EUROPEAN LAW

Privacy policy | All rights reserved     Design, programming: EsterCom