Privacy statement regarding the data processing of personal data for individuals who join pilot projects of Budapest Global

Your privacy is important to us, thus we would like to inform you, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: Regulation), in connection with the processing of your personal data protected by the Regulation.

1. Name and contact details of the Data Controller:

Mayor’s Office of Budapest

Principal office: 1052 Budapest, Városház u. 9-11.

Mailing address: 1840 Budapest

E-mail: ugyfelszolgalat@budapest.hu

Phone: +36 1 327- 1000

Website: http://budapest.hu/sites/english/Lapok/default.aspx

2. Data Protection Officer
3. Kormány-Krivács Zita

Tel: +36 1 999-9190  

Email: adatvedelmitisztviselo@budapest.hu

3. Legal rules regarding the data processing
4. a) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
5. b) Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: Act on Informational Self-Determination and Freedom of Information)

4. Scope of processed data, purpose, and legal basis of data processing

Budapest Global aims to become a collaboration and project incubation platform based on mutually agreed strategic priorities. Budapest Global strives to offer an environment for open collaboration to address our shared urban challenges in new, innovative ways in the following themes: talent friendly city; smart and tech-enabled city; sustainable city. The plan is to establish the legal entity by the end of the year, but start project-based operations during the summer with pilot projects.

4.a Registration

4.b. Personal/online communication, consultation

Online consultations will be held on Microsoft Teams. Audio-visual recordings may be done for the purpose of summary and reminder preparations. After the completion of the summaries and reminders, the recording will be forthwith deleted.

5. Duration of data processing

The data controller will process the data of the contact person of the registered organization until cancelation of the organization’s registration. The cancelation process will begin forthwith after the request of the organization.  

The data controller will immediately delete the data of the contact person of the registered organization after receiving the notification about the termination/alteration of the authorization.

Audio-visual recordings made for the purpose of a summary/reminder preparation will be deleted immediately after the completion of the summary/reminder.

The data controller manages the data in the electronic registry described in point 4, data arrived through Microsoft Forms will be deleted after transferring them to the electronic registry.

Data included in the summary/reminder of the personal/online consultation or the attendance sheet will be stored until the period determined in Decree 78/2012 (XII.28) of the Minister of Interior on issuing single archive plan for municipal offices and in the internal policies.

6. Persons entitled to process data, access to data and data security measures

The data is processed only by the authorized staff of the Data Controller, in order to perform their duties. Only the designated employees have the right to access the stored data.

The Department shall take all reasonable technical and organizational measures to protect your personal data against, inter alia, unauthorized access or unauthorized alteration.

7. Rights and available remedies of the data subject related to data processing

The data subject may request (at the contact details specified in Section 1):

1. information on the processing of his/her personal data,
2. the modification of his/her personal data,
3. the deletion of his/her personal data,
4. the restriction of the processing of his/her personal data,
5. and they may withdraw their consent to data processing at any time.

At the request of the data subject, the Data Controller

• Provides information on whether your personal data is being processed, and if yes, the information shall include the following: the purpose of data processing, the categories of personal data affected by data processing, the name of the recipients in case of data transfer, the duration of the data processing, the rights of the data subject, the remedy rights of the data subject, and if the data are not from the data subject, the indication of the source of data.

• Provides the information in writing, in a comprehensible form, in the shortest possible time from the submission of the request, but at the latest within 1 month of the receipt of the request. This information is free of charge. If the Data Controller can prove that the data subject’s request is unfounded or excessive, the Data Controller may charge a fee, or reject the request.

• If the data subject requests a copy of the personal data being processed, the Data Controller provides it. The Data Controller may charge a reasonable fee based on administrative costs for any additional copies requested by the data subject.

• The Data Controller corrects inaccurate personal data concerning the data subject at the request of the data subject without undue delay or supplements the incomplete personal data on the basis of a supplementary statement.

The Data Controller

• Deletes the personal data, if its processing is unlawful, if the purpose of the data processing is terminated, if consent is revoked and there is no other legal basis of data processing.

• Restricts the data processing at the request of the data subject, if the data subject disputes the accuracy of the personal data, if the data processing is unlawful and the data subject objects to the deletion of the data, if the processing of personal data is no longer necessary for the purpose of the data processing, but for the enforcement of the legal claim of the data subject it is required,. In this case, the data controller may process the personal data, with the exception of storage, only with the consent of the data subject, or for the submission, enforcement or protection of a legal claim, or for the protection of the rights of another natural person or legal entity, or for the purpose of important public interest.

• The Data Controller informs without undue delay, but in any case, within one month of the receipt of the request, the data subject of the measures taken in response to his/her request for rectification, deletion or restriction of the personal data concerned. If the Data Controller fails to take action in response to the request of the data subject, it informs the data subject, within one month of the receipt of the request, of the reasons for not taking action and the right of the data subject to submit a complaint to the Supervisory Authority and to exercise his/her judicial remedy right..

• The Data Controller notifies the data subject of the correction, the restriction of the data processing or its termination.

Available remedies

If you wish to file a complaint regarding the data processing, it is advised to send it first to the data protection officer’s contact details as specified above in point 2, which will be promptly examined after receipt, but no later than within 1 month, and the complainant will be informed in writing of the result of the examination

Complaint

The data subject may submit a complaint to the National Authority for Data Protection and Freedom of Information, if he/she believes that there has been an infringement with regard to the processing of his/her personal data.

Place of submission for complaints:

National Authority for Data Protection and Freedom of Information

1055 Budapest Falk Miksa utca 9-11.

Fax: +361-391-1410

Email: ugyfelszolgalat@naih.hu

Right to judicial remedy

The data subject is entitled to judicial remedy, if in his/her opinion the data controller has not processed his/her personal data in compliance with the rules of the Regulation, and the rights of the data subject have therefore been infringed.

The lawsuit may be brought before the court pursuant to the permanent address or usual residence of the data subject.

Right to compensation and general damages for infringement of personal rights

If the data controller causes damage due to the violation of the legal rules pertaining to data processing, it is required to compensate it. If the personal rights of the data subject are also infringed due to the data processing not complying with the rules, the data subject is entitled to general damages.

Effective from May 21, 2021