PRIVACY NOTICE
1 INTRODUCTION
In the course of its activities, the research institute of the Public Prosecutor’s Office, the National Institute of Criminology (hereinafter referred to as the Controller) and ITM Holding Kft. (Operator), takes special care to protect personal data, to comply with mandatory legal provisions, and to ensure safe and fair data processing.
Particulars of the Processor:
Name: Országos Kriminológiai Intézet (National Institute of Criminology)
Address: 1122 Budapest, Maros u. 6/a.,
Phone: +36-1-356-7566
E-mail: Ez az e-mail-cím a szpemrobotok elleni védelem alatt áll. Megtekintéséhez engedélyeznie kell a JavaScript használatát.
Particulars of the Operator:
Name: ITM Holding Kft.
Address: 1122 Budapest, Maros u. 28.,
Phone: +36-20-999-8780
E-mail: Ez az e-mail-cím a szpemrobotok elleni védelem alatt áll. Megtekintéséhez engedélyeznie kell a JavaScript használatát.
In all cases, the Controller processes the personal data processed by it or made available to it in accordance with the Hungarian and European laws and ethical requirements in force, and always takes the technical and organisational measures necessary for the proper secure processing.
This Policy is based on the following applicable laws:
| • | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC; | |
| • | Act CXII of 2011 on the Information Self-determination Right and the Freedom of Information; | |
| • | Act XC of 2017 on Criminal Procedure; | |
| • | Prosecutor General's orders and internal provisions relating to data processing, data protection and data security; | |
| • | Recommendation of the Prosecutor General on the ethical rules of the profession of prosecutors (Code of Ethics of the Public Prosecutor's Office). |
The Controller undertakes to comply with the provisions of this Policy and requests the data subjects to accept the provisions of the Policy. The Controller reserves the right to amend its Privacy Policy in accordance with the legal requirements in force at all times, in which case it will publish the amended Policy and Notice publicly.
2 INTERPRETATIVE PROVISIONS
In this Notice, data protection terms shall have the following meaning:
Personal data shall mean any data that may be associated with any specific (identified or identifiable) natural person (hereinafter referred to as "the data subject”), and any conclusion that can be drawn from that data and relating to the data subject. The personal data retains this quality during the processing process as long as its relationship with the data subject can be restored. In particular, a person shall be considered identifiable if he can be identified, directly or indirectly, by name, identifier or by one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
Consent shall mean a voluntary and firm declaration of the data subject's will, based on appropriate information, giving his unambiguous consent to the processing of personal data relating to him, in full or covering certain operations.
Objection shall mean a statement by the data subject objecting to the processing of his personal data and requesting the termination of the processing or the deletion of the data processed.
Controller shall mean a natural or legal person or an entity without legal personality who determines independently or together with others the purpose of the processing of the data, makes and implements decisions on the processing (including the means used for it) or has the Data Processor carry it out.
Processing shall mean any operation performed on the data or the entirety of the operations performed on the data, irrespective of the procedure used, in particular the collection, recording, organisation, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, erasure or destruction, as well as preventing the further use of the data, taking photo, sound or image recordings and recording physical characteristics enabling the identification of a person.
Transmission shall mean making the data available to a specific third party.
Disclosure shall mean making the data available to anyone.
Data erasure shall mean rendering the data unrecognizable in such a way that it is no longer possible to recover it.
Data marking shall mean affixing an identifier to the data in order to distinguish it.
Data blocking shall mean affixing an identifier to the data with the view to limit the further processing of the data definitively or for a specific period of time.
Data destruction shall mean the complete physical destruction of the data medium containing the data.
Processing shall mean the performance of technical tasks related to data processing operations, irrespective of the method and instrument used to perform the operations and the place of application, provided that the technical task is performed on the data.
Data Processor shall mean a natural or legal person or an entity without legal personality, which is engaged in the processing of data under a contract, including any contract concluded under a legislative provision.
Data set shall mean the totality of the data processed in a register.
Third Party shall mean any natural or legal person or an entity without legal personality other than the data subject, the Controller or the Data Processor.
EEA State shall mean any Member State of the European Union and any other State party to the Agreement on the European Economic Area and any State whose nationals enjoy the same status as a national of a State party to the Agreement on the European Economic Area under an international treaty between the European Union and its Member States and a State not party to the Agreement on the European Economic Area.
Third country shall mean any State which is not an EEA State.
Data breach shall mean any unlawful processing of personal data, in particular unauthorised access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.
3 DATA PROCESSING PRINCIPLES
Personal data may be processed if the data subject consents to it or the processing is required by the law or, under the authorisation granted by the law, by a decree of the local government, within the area specified in the authorisation.
Personal data may only be processed for a specific purpose, for the exercise of rights and the fulfilment of an obligation. Data processing must meet this purpose at all stages of the processing.
Only personal data that is essential for the realization of the purpose of the processing, capable of achieving the purpose may be processed, only to the extent and for the time necessary for the achievement of that purpose.
Personal data may be transferred and the different processings may be linked if the data subject has consented to it or it is permitted by the law, and if the conditions for processing are met for each personal data.
Personal data may be transferred to a controller or data processor in a third country, irrespective of the medium or method of transmission, if the data subject has expressly consented to it or it is permitted by the law and an adequate level of protection of personal data is ensured in the third country during the processing of the data transferred.
In the case of mandatory data processing, the purpose and conditions of the processing, the scope and accessibility of the data to be processed, the duration of the processing and the identity of the controller are determined by the law or municipal decree ordering the processing.
The law may, in the public interest, order the disclosure of personal data, expressly specifying the scope of the data. In all other cases, disclosure shall require the consent of the data subject and, in the case of sensitive data, his written consent. In the event of doubt, it shall be presumed that the data subject has not granted his consent.
The data subject's consent shall be deemed to have been granted in respect of the data communicated by him in the course of the public appearance of the data subject or provided by him for the purpose of publication.
In proceedings initiated upon the application of the data subject, his consent to the processing of his necessary data shall be presumed. The data subject’s attention must be drawn to this fact.
The data subject may also grant his consent in the framework of a written contract with the Controller for the purpose of performance of that contract. In this case, the contract shall contain all the information that the data subject needs to know for the purposes of the processing of personal data, in particular the definition of the data to be processed, the duration of the processing, the purpose of the use, the transmission of the data, the use of any data processor. The contract shall contain, in an unambiguous manner, that the data subject agrees to the processing of his data as set out in the contract.
The right to the protection of personal data and the privacy rights of the data subject, unless otherwise required by law, shall not be compromised by other interests in the processing, including the publicity of data of public interest.
4 PROCESSING GROUNDS
In the course of its activities, the Controller in any case processes personal data on the basis of the law or voluntary consent.
5 SECURITY OF PROCESSING
The Controller shall protect data in particular against unauthorised access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage. The Controller shall ensure the security of the data by means of technical, organisational and organisational measures, which provide a level of protection appropriate to the risks involved in the processing.
6 RIGHTS OF DATA SUBJECTS
The data subject may request information on the processing of his personal data and may request the correction of his personal data or, with the exception of data processing ordered by the law, and the deletion of his personal data.
At the request of the data subject, the Controller shall provide information on the data processed by the Controller, the purpose, legal basis, duration of the processing, the name, address (registered address) and the activities of the processor related to the processing, as well as who receives or received the data and for what purpose.
The Controller shall be obliged to provide the information in writing, in a comprehensible form and free of charge, within the shortest time from the submission of the application, but not more than 25 days.
The Controller shall be obliged to correct any incorrect personal data.
The personal data shall be deleted by the Controller if its processing is unlawful, the data subject requests it, it is incomplete or incorrect – and this condition cannot be lawfully remedied – provided that the deletion is not precluded by law, if the purpose of the processing has ceased, the statutory deadline for storing the data has expired, or it has been ordered by the court or data protection commissioner. It shall inform the data subject of the correction and deletion, as well as all those to whom it has previously transmitted the data for the purpose of data processing. This notification may be omitted if this does not prejudice the legitimate interest of the data subject in view of the purpose of the processing.
The data subject may object to the processing of his personal data if the processing (transfer) of the personal data is necessary only for the exercise of the right or legitimate interest of the Controller or the data recipient, unless the processing is required by law, the personal data is used or transmitted for the purpose of direct marketing, public opinion polling or scientific research, otherwise the exercise of the right of objection is allowed by the law.
The Controller is obliged to examine the objection as soon as possible after the submission of the application, but not more than 15 days, with the simultaneous suspension of the processing, and to inform the applicant in writing of its outcome. Where the objection is justified, the Controller shall terminate the processing, including any further data collection and transfer, and block the data, and shall notify all those to whom the personal data concerned by the objection has been previously transmitted and these entities shall be obliged to take action to enforce the right of objection.
In the event of a violation of his rights, the data subject may institute a proceeding against the controller at a court or at the data protection authority.
Remedies and complaints may be submitted at the following contact details:
Name: Hungarian National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Phone: +36-1-391-1400
Fax: +36 1 391 1410
E-mail: Ez az e-mail-cím a szpemrobotok elleni védelem alatt áll. Megtekintéséhez engedélyeznie kell a JavaScript használatát.
Website: naih.hu
♦♦♦♦♦
Our website uses cookies that are subject to your consent (which you can revoke at any time). We use these cookies in compliance with the provisions of Act C of 2003 on electronic communications and Act CVIII of 2001 on certain aspects of electronic commerce and information society services, as well as the relevant EU directives.
What are cookies?
Websites operating within the member states of the European Union are required to request user consent to the use of cookies and their storage on the user’s computer or other devices. When a user visits a website subject to the regulations, small files called cookies containing letters and numbers are placed on the user’s computer as a means of exchanging information between the web server and the user’s browser. These data files are not executable, do not contain spyware or viruses, cannot identify the user and cannot access the contents of the user’s hard drive. Some cookies are essential for the proper functioning of the website (so-called “process cookies”), while some others collect information about the use of the website (aggregated and anonymous statistics) to make the website even more convenient and useful to the user. Some cookies are only temporary and disappear the moment you close your browser, while there are also persistent cookies that stay on your computer for a longer period of time.
COOKIE PRIVACY NOTICE
This notice applies to the following website managed by the National Institute of Criminology (Controller) and ITM Holding Kft. (Operator): https://en.okri.hu.
♦ The types of cookies used on the website
Our website uses only “strictly necessary cookies” to support statistical analysis. These “cookies” collect information on how our visitors use our website (e.g. which pages a visitor viewed, how many pages they visited, which part of the page they clicked on, how long each session lasted, etc.). The data collected is anonymized and does not allow the visitor to be identified.
Our website uses analytical cookies from the following provider: Google Analytics
Detailed information on the service is available here: https://www.google.com/analytics/terms/us.html
♦ Data security
The Operator of the website does store any ID or password even if cookies are enabled, so the website’s visitor can browse securely even if cookies are accepted.
♦ Check cookie settings and disable cookies
Modern browsers allow you to change cookie settings. Some browsers accept cookies by default, but this setting can be changed by the user to prevent cookies being automatically accepted in the future.
You can find information about the cookie settings of general purpose browsers on the following web pages:
• Google Chrome
• Firefox
• Microsoft Internet Explorer
• Microsoft Edge
♦ Links to external websites
Visitors can navigate from some of our web pages to external websites. Please review the information on that website, as we cannot take responsibility for any cookies used after you leave our website.
An overview of the privacy information on the cookies used
| Domain | https://en.okri.hu | |
| Cookie type | Support for use; Providing performance | |
| Legal basis for data processing | The website’s visitor’s consent (which can be revoked by disabling the use of cookies in your browser) | |
| Purpose of data processing | Enhance the user experience; Measure performance | |
| Duration of data processing | 1 year after the last activity |