The Office of the National Assembly (hereinafter: the Office) gives priority attention to act in the course of data handling in accordance with Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Information Act), other legal regulations, and the data protection practice established in the operations of the National Authority for Data Protection and Freedom of Information (hereinafter: NAIH).
The Office hereby informs visitors to the Library of the Hungarian Parliament (hereinafter: the Library) and www.ogyk.hu website about the personal data processed in connection with patrons’ registration and the newsletter service, about the practice followed in the processing of personal data, the measures to protect personal data, as well as the ways and means for data subjects to exercise their rights.
The controller of the personal data supplied through the website at www.ogyk.hu is the Office of the National Assembly (H-1055 Budapest, Kossuth Lajos tér 1-3., firstname.lastname@example.org).
In the course of preliminary registration via www.ogyk.hu and registration in person, personal data is collected pursuant to the provisions set out in Section 57 of Act CXL of 1997, Section 4 of Act XX of 1996 on the Ways of Identification Replacing the Personal Identification Number and on the Use of Identification Codes, and Section 54 of Act XXXVI of 2012 on the National Assembly.
Pursuant to Sections 5 (1) a) and 20 (2) of the Information Act, the newsletter services of www.ogyk.hu are provided upon the consent given by the person registering to the newsletter services and subject to data processing (hereinafter: data subject) – following preliminary information provided for such person –, in view of the provisions set out in Section 14 of Act CVIII of 2001 on Electronic Commerce and on Information Society Services, and in Section 6 of Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities.
The objective of data handling is to enable readers to use the Library and to send electronic newsletters to data subjects interested in the services and public events of the Library. Newsletters provide information on professional programmes organized by the Library, latest book acquisitions and events.
In order to establish a library user’s legal relationship, the following details are required to be provided during patrons’ registration: family name and given name / family name and given name at birth, place and date of birth, mother’s family name and given name at birth and domicile. In order to enter the Library and to be identified, it is required to specify the number and the type of the personal ID document. The following details may be provided voluntarily for statistical data collection and information: primary language used, fields of interest, e-mail address, phone number.
In order to sign up for the newsletter, it is required to specify the family name, the given name and the e-mail address. The name is required to be specified for keeping in contact, and the e-mail address for liaising between the Office and the data subject, and for sending electronic newsletters and various information materials. Signing up for the newsletter is simultaneously deemed a consent to the handling of the name and e-mail address as personal data. Registration is subject to reading the Privacy and Data Protection Policy of the Office and to verify it by ticking the appropriate checkbox.
Data may be handled until withdrawal of the data subject’s consent.
Consent may be withdrawn in respect of registration by sending an e-mail to email@example.com, which entails the termination of the right of library use.
Consent may be withdrawn in respect of the newsletter by sending an e-mail to firstname.lastname@example.org.
Only the staff of the Office shall be authorised to handle the personal data supplied by data subjects, exclusively within the scope of fulfilling their duties. Therefore, the personal data supplied can be accessed by the staff of the Office involved in registration with the Library and sending newsletters, and by their superiors.
The Office shall not transfer personal data handled by it to third parties.
The Office shall exercise the greatest care in handling personal data, in a strictly confidential manner and only to the extent required for using the services. The Office shall store personal data on the servers located at its registered seat; it shall not hire the services of another firm to store or process personal data. The Office shall ensure, by way of appropriate IT security measures set out in its IT Security Policy, that the personal data supplied by data subjects be protected, inter alia, from unauthorised access and unauthorised compromise. Interventions are logged by the IT system.
Data subjects may initiate the following actions at the Office:
Everybody is entitled to request information on their data handled by the Office, on the sources of their data, on the objective, legal grounds, and duration of data handling, on the name and address of the data processor and its activities related to data handling, on the circumstances and impacts of any data protection incidents occurred and the measures taken to eliminate them; furthermore, on the legal grounds and the addressee of any data transfer.
The Office shall provide information in writing, on the shortest notice possible but within up to 25 days, with provision of information being refused only in the cases prescribed as mandatory by the Information Act. In such a case, the Office shall notify the data subject in writing pursuant to which regulatory provision the information was refused to be disclosed, also giving information on the opportunities to seek legal remedy against the relevant decision.
If personal data is incorrect, it can also be requested that such data handled by the Office be corrected. In the event that correct personal data is available, the Office will correct it.
Personal data must be deleted if
The Office shall notify the party submitting such request in writing – or electronically if consented to by the data subject – about the fact of correction, blocking, marking and deletion, and / or the fulfilment of the request therefore or any hindrance thereto within 25 days of submitting the request; in the event of rejecting the request, with the factual and legal reasons of the rejection and due information on the possibilities of legal redress included.
The data subject may initiate any query, correction, deletion or blocking by a written request submitted to the Office by post, or via e-mail at email@example.com. Deletion also means that the right for library use is discontinued.
In the event of illegitimate data handling noticed by the data subject, they may primarily apply to the Office – as the controller of their personal data – to redress the infringement. If this proves to be ineffective, the data subject may institute an investigation by the NAIH or go to court.
Anyone can institute an investigation by notification to the NAIH (National Authority for Data Protection and Freedom of Information, H-1125 Budapest, Szilágyi Erzsébet fasor 22/C, firstname.lastname@example.org), with reference to the fact that their rights have been infringed in relation to the handling of their personal data or there is an imminent threat thereof. The NAIH will only investigate complaints if the data subject had already applied to the Office, prior to notification to the NAIH, in connection with exercising their rights specified in the notification.
Those who believe that their rights have been impaired as a consequence of data handling by the Office may go to court. The court shall treat such cases with priority. Budapest-Capital Regional Court (H-1055 Budapest, Markó u. 27.) has competence in such lawsuits, but the person initiating legal proceedings may choose to take the case before the court competent according to their domicile or residence.
Cookies are intended to collect statistical information required for website development and analyses related to the number of visitors and utilisation. Cookie imprints cannot be associated with individual website browsing: only anonymous data can be retrieved from them for statistical purposes in order to delineate trends for further website development.
Session cookies and cookies for qualification purposes to boost website use are deleted at the end of the given session – browsing –; functional cookies are stored for one quarter, and statistical cookies are stored for two years on the data subject’s computer, unless they are removed earlier by the data subject.
The legal grounds for data processing in case of both log data and cookies are provided by the data subject’s consent [under Section 5 (1) a) of the Information Act; in respect of the period of data processing, also under Section 6 (5) of the Information Act].