Privacy Statement and Data Protection
Notification on Data Protection regarding the data processing in connection with the Calls for Applications for Scholarships of the University of Pécs Faculty of Engineering and Information Technology
The University of Pécs pays particular attention to act in accordance with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as General Data Protection Regulation), of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information Act (hereinafter referred to as Info Act), and of other laws and the practice of data processing established by the Hungarian National Authority for Data Protection and Freedom of Information (Hungarian abbreviation: NAIH) when processing data.
1. Purpose of Notification
The purpose of this Notification is to provide information about the principles applied by Data Controller regarding the protection and processing of personal data of Applicants applying for scholarships.
2. Description of Data Controller
Name: University of Pécs
Registered Office and mailing address: Vasvári Pál Str. 4; 7622 Pécs, Hungary
Represented by: Attila Miseta M.D., Rector and Zoltán Jenei, Chancellor
Organizational unit implementing data processing: Faculty of Engineering and Information Technology
Represented by: Dr. Gabriella Medvegy, Dean
Contact person: Dr. Brigitta Balogh
Contact email: email@example.com
Name of Data Protection Officer: Dr. Gergely László Szőke, PhD
Contact data: firstname.lastname@example.org; +36 (30) 179 5672
3. Scope of personal data concerned
The scope of personal data processed includes the data provided when submitting an application for scholarship and the data in connection with the scholarship, in particular the Applicant’s name, Unified Education System ID (Neptun Code), email address, telephone number, bank account number and – depending on the contents of the Call for Applications – their image. In case there are any modifications or changes in the period of data processing in their data concerned, Applicants are requested to notify the contact person indicated in the Call for Applications immediately.
4. Purpose and legal base of data processing
4.1. Data Controller shall process personal data included in the application based on the Applicant’s consent, according to Article 6 (1) a) of General Data Protection Regulation for the purpose of evaluating the application. In case Applicant withdraws his/her consent in the period of data processing, their participation in the scholarship cannot be granted.
4.2. For the purposes of fulfilling the contract, Data Controller shall publish the name, academic year and major of Applicants receiving the scholarship on its website, based on Article 6 (1) b) of General Data Protection Regulation. According to the Call for Applications this is a prerequisite of receiving the scholarship. In case it is included in the Call for Applications, Data Controller shall utilize and publish the voice recordings, images and videos of Applicants receiving the scholarship.
4.3. Adatkezelő az általános adatvédelmi rendelet 6. cikk (1) bekezdés e) pontja jogalap – azaz az adatkezelés közérdekű vagy az adatkezelőre ruházott közhatalmi jogosítvány gyakorlásának keretében végzett feladat végrehajtásához szükséges – alapján a nemzeti felsőoktatásról szóló 2011. évi CCIV. törvény (Nftv.) 3. melléklet 1. be) pont szerint a hallgatói juttatások adatait, és a juttatásokra való jogosultság elbírálásához szükséges adatokat, ösztöndíjfeltételek teljesítésének adatait.
4.4. Data Controller shall process the data of student benefits, the data necessary for evaluation of entitlement to benefits and the data of fulfilling the conditions of the scholarship according to Article 1 be) of Annex 3 of Act CCIV of 2011 on National Higher Education (hereinafter referred to as NHEA), on the legal basis of Article 6 (1) e) of General Data Protection Regulation – that is, processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
5. Period of data processing
The period of data processing shall end as of the end of the application process or as of the withdrawal of consent in case of section 4.1; as of the end of limitation period for the claims arising from the contract in case of section 4.2; according to Annex 3 point 3) of NHEA in case of section 4.3; and as of the withdrawal of consent in the case defined by section 4.4.
6. Scope of persons acquainted with the data, transferring and storing data
Data may be accessed by authorized public-sector employees of the University of Pécs. Further, the managing authority (Supporting Authority) and other controlling authorities may access all documents in connection with the project at an on-the-spot inspection.
Data Controller shall use the education system (Neptun) provided by SDA Informatikai Zrt. for storing personal data.
Name of Data Processor: SDA Informatikai Zrt.
Registered Office: Retyezáti út 46., 2030 Érd, Hungary
Registration Number: 13-10-011083
Contact data: email@example.com
7. Data Safety
Data Controller shall guarantee appropriate safety of the Applicants’ personal data by applying necessary technical and organizational measures, including protection of data from unauthorized or unlawful access, accidental loss, destruction or damage. Further information on data safety measures applied at the University of Pécs may be found in Articles 20-22 of the University’s Data Protection Regulation and in Chapter IV of the University’s Information Technology Regulations.
8. Rights of Applicants
8.1. Applicants are entitled to access information in connection with processing of their data, according to Article 15 of General Data Protection Regulation, in particular to be notified by Data Controller about
– the scope of their personal data processed,
– the purpose and legal basis of data processing,
– the source of data,
– the period of data processing,
– the scope of persons that gained access to or have been transferred their personal data, the date, legal basis and scope of such data transfer, and
– the Applicant’s rights and possibilities of legal remedy regarding the processing of data.
8.2. Applicants have the right to the correction of their inaccurate (incorrect or incomplete) data according to Article 16 of General Data Protection Regulation.
8.3. In case of data processing on the basis of consent, Applicants have the right to withdraw their consent in writing at any time, without reasoning according to Article 7 (3) of General Data Protection Regulation. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
8.4. According to Article 17 of General Data Protection Regulation Applicants have the right to obtain from the Data Controller the erasure of their personal data, in particular if the purposes for which the personal data were collected no longer exist, if the personal data have been unlawfully processed or if the Applicant withdraws consent on which the processing is based (and there is no other legal ground for the processing) or if Data Controller has granted the objection as a result of the right to objection to the processing of data.
8.5. Applicants have the right to request restriction of processing their personal data according to Article 18 of General Data Protection Regulation. In this case such personal data shall, with the exception of storage, only be processed with the Applicant’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
8.6. Applicants have the right to receive the personal data concerning him or her, which he or she has provided to Data Controller, in a commonly used digital format and have the right to transmit those data to another controller, according to Article 20 of General Data Protection Regulation.
8.7. Applicants have the right to object to the data processing according to Article 21 of General Data Protection Regulation.
8.8. Detailed rules of exercising the Applicants’ rights regarding data processing are laid down in the Data Protection Regulation of the University of Pécs, downloadable from the following link: https://pte.hu/adatvedelem.
9. Applications may exercise their rights according to the following
Claims regarding data processing shall be submitted by email to the contact person indicated in the Call for Applications of the scholarship or to the University’s Data Protection Officer by email (firstname.lastname@example.org). If submitted by regular mail, Applicants shall address their claim to Dr. Gergely László Szőke, Vasvári P. u. 4. 7622 Pécs, Hungary.
Applicants may contact the Hungarian National Authority for Data Protection and Freedom of Information (mailing address: 1530 Budapest, Pf.: 5., telephone: +36 (1) 391-1400, email: email@example.com, website: www.naih.hu) in case they feel their rights regarding data processing have been violated or there is an imminent danger of their violation. Applicants may seek legal remedy at court in case of violation of their rights and may submit their claim at the competent court according to their place of residence or stay based on their choice.