Privacy Policy

ABOUT DATA MANAGEMENT DURING THE USE OF THE OPENUP WEBSITE AND ITS SUBPAGES OF THE UNIVERSITY OF PÉCS FACULTY OF ECONOMICS

The University of Pécs (hereinafter referred to as the University) pays particular attention to ensuring that in its data processing, the University complies with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the General Data Protection Regulation), the Act on the Right to Informational Self-Determination and Freedom of Information of 2011. CXII of 2011 (hereinafter: Infotv.), other legislation and the data protection practices developed in the course of the activities of the National Authority for Data Protection and Freedom of Information (hereinafter: NAIH).


1. Introduction of the data controller

Name: University of Pécs

Place of residence and address for correspondence: 7622 Pécs, Vasvári Pál street 4. Representing Dr. Attila Miseta, Rector and István Decsi, Chancellor

Department responsible for data management: Faculty of Economics Representative: Dr. András Takács, Dean

Contact name: Dr. Zsolt Bedő Phone number: +36 20 972 5080

E-mail address: bedo.zsolt@ktk.pte.hu

Name of Data Protection Officer: Dr. Gergely László Szőke, PhD Contact: adatvedelem@pte.hu; +36 (30) 179 5672


2. The scope and source of the personal data processed

The scope of the data processed includes all data provided by persons using the site, visitors (hereinafter referred to as "User") during use and registration. The scope of registered Users is divided according to the profile of the university user and the profile of the external user.

In the case of a university user, the scope of the data includes: the data provided by the individual during registration, the username, name, e-mail address, type of user, degree of visibility.

In the case of university users of the student, lecturer, expert type, in the case of login with Neptun identification, the username, Neptun code, name, visibility level of the person concerned.

In the case of external users, the user data of their contact person (name, position, e-mail address, telephone number and the name and visibility level of their employer.)

The source of the data is the information you provide.

If there are any changes or modifications to the processed contact data during the data processing period, please notify the contact person indicated in point 1 without delay.


3. The purpose and legal basis of the processing

    1. The University shall process the data specified in Section 2, in particular the first and last name,

      user name, contact details of the data subject, in order to carry out its public tasks (Article 6 (1) (e) of the General Data Protection Regulation) in the proper functioning of the institution and the organisation of training [Section 18 (1) (a) and (c) of the Nftv.

    2. The University processes the personal data provided at the time of registration for the purposes of processing the data of the registered User Data Subjects necessary for the conclusion and performance of the contract (pursuant to Article 6(1)(b) of the General Data Protection Regulation). The provision of this data is a prerequisite for the conclusion of a contract or is based on a contractual obligation, and without the provision of such data, the contract cannot be concluded or performed. By registering, you accept the General Terms and Conditions (hereinafter referred to as "GTC").

    3. The University will not transfer data provided by the data subject without the data subject's explicit and voluntary consent (Article 6(1)(a) of the General Data Protection Regulation). The University will allow the other registered Users to know the data of the data subject as defined in point 2 and all that he/she shares about himself/herself, on the basis of the explicit and voluntary consent of the data subject using the University user profile (Article 6(1)(a) of the GDPR), if the "public" visibility setting is enabled.

    4. The University processes the name and e-mail address of the data subject for the purpose of sending information mailings on the basis of the data subject's explicit and voluntary consent (Article 6(1)(a) of the General Data Protection Regulation).

    5. The University shall process the data specified in Section 2, in particular the first and last name, user name and contact details of the data subject, for the purpose of handling complaints of registered users in order to perform its public tasks in the proper functioning of the institution and the organisation of training (Article 6 (1) (a) and (c) of the General Data Protection Regulation).

    6. The University uses "cookies" to ensure the proper functioning of the website, in the legitimate interest of the data controller (pursuant to Article 6(1)(e) of the GDPR), and may also use other "cookies" with the explicit and voluntary consent of the data subject (Article 6(1)(a) of the GDPR). The list of cookies used, their purposes and the duration of their processing are summarised in the table in point 7. All cookies used by openup.pte.hu website, the IP address of the device used and the referrer data are logged on the web server and may be used for the purpose of enforcing or defending against any legal dispute or infringement and/or criminal proceedings until the statute of limitations has expired, the use of session cookies, which are essential to enable visitors to browse the site and its sub-sites, use its features and services fully and smoothly. These cookies are stored until the end of the session (browsing) and are automatically deleted from the computer or other device used for browsing when the browser is closed.


Purpose of Data Processing

Legal Basis for Processing

Scope of the Data Processed

provide registration

Article 6(1)(e)

username, email address, first name, last name, password, status type, Neptun code if applicable

registration and identification of registered users, confirmation of registration

Article 6(1)(b)

first name, surname, e-mail address

interconnection of services

Article 6(1)(a)

first name, surname, e-mail address

sending information letters

Article 6(1)(a)

first name, surname, e-mail address

data management related to complain handling, error reporting

Article 6(1)(e)

username, email address, first name, last name

ensure the smooth operation of the website and its sub-sites

Article 6(1)(a) and (e)

the IP address of the data subject, data obtained from cookies placed on his or her device


4. Duration of data processing

The processing of personal data will continue until your consent is withdrawn, failing which it will be carried out to the extent and for the duration necessary for the purposes for which it is processed. You may withdraw your consent at any time by sending an email to cal@ktk.pte.hu and by deleting your user account. The cookies used on the website, which are not automatically deleted, can be removed from the device at any time by deleting your browsing history. By deleting your browsing history, you may also lose information your saved information (e.g. login details, search preferences).

  1. Circle of the persons accessing the data, data processing, data transmission

    Access to the data is restricted to staff of the University department whose staff need the data to perform their duties. Staff members are bound by confidentiality obligations with regard to the personal data they receive.

    With the data subject's consent, the personal data is transferred to third parties, and the data subject's name, username, contact details and the content published by the data subject are freely visible to registered users.

    The University uses Amazon Europe Core S.à r.l. as its data processor to ensure the operation of the Openup platform.

    Data processor details:

    Name: Amazon Europe Core S.à r.l. (Société à responsabilité limitée)

    Contact: 38 avenue John F. Kennedy, L-1855 Luxembourg, eu-privacy@amazon.de

    https://www.amazon.com/gp/help/customer/display.html?ref_=hp_left_v4_sib&nodeId=GX7NJQ4ZB 8MHFRNJ


  2. Data Security

    The University shall ensure adequate security of the personal data of the data subject, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by implementing appropriate technical and organisational measures. Further information about the data security measures applied by the University can be found in §§ 20-22 of the University of Pécs Data Protection Regulations and in Chapter IV of the IT Regulations.

  3. The "cookies" used on the website


    Name of „Cookie”

    Goal

    Duration of data processing

    Is it essential for the functioning of the website


    pte-refresh-token

    Request a new access token (x-auth token)


    60 days


    yes


    x-auth-token

    Access token. User authorisation, identification


    15 minutes


    yes

    XSRF-TOKEN

    CSRF token to protect

    against attacks

    It lives until the

    browsing process

    yes

    JPTESESSION

    User identification for Openup modules

    1 week

    no

  4. Rights of data subjects and their exercise

    1. The data subject (User) has the right to access the information specified in Article 15 of the General Data Protection Regulation (right of access) in relation to the processing of personal data concerning him or her, including in particular the right to be informed by the University that:

      • which personal data,

      • for what purposes and on what legal basis,

      • and from which source it is collected;

      • the envisaged duration of the storage or the criteria for determining that duration;

      • to whom, when and to which personal data the University has given access or to whom it has transferred personal data; and

      • what rights, complaints and remedies the data subject has in relation to the processing.

    2. The data subject has the right to have inaccurate (incorrect or incomplete) personal data relating to him or her corrected or rectified pursuant to Article 16 of the General Data Protection Regulation (right of rectification).

    3. The data subject has the right to erasure of his or her personal data (right to erasure) pursuant to Article 17 of the General Data Protection Regulation if:

      • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

      • where processing is based on consent, the data subject withdraws his or her consent and there is no other legal basis for the processing;

      • the personal data have been unlawfully processed;

      • the personal data must be erased in order to comply with a legal obligation;

        Data will not be deleted if the processing is necessary

      • fulfil a legal obligation or for the exercise of a public task or authority; fulfil a legal obligation or for the exercise of a public task or authority;

      • for the establishment, exercise or defence of legal claims;

      • for the exercise of the right to freedom of expression and information;

      • for archiving purposes in the public interest, scientific and historical research or statistical purposes, where the right of erasure would be likely to render such processing impossible or seriously impair it.

    4. The data subject has the right to request the restriction of the processing of his or her personal data as set out in Article 18 of the General Data Protection Regulation (right to restriction) if:

      • the data subject contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the University to verify the accuracy of the personal data;

      • the processing is unlawful and the data subject opposes the erasure of the data and instead requests the restriction of their use; or

      • the University no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims.

        Except for storage, personal data subject to restriction may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.

    5. In the case of processing based on consent, the data subject has the right to withdraw his or her consent at any time without giving reasons, pursuant to Article 7(3) of the General Data Protection Regulation (right to withdraw consent). The withdrawal must be made in writing or in the form in which consent was given. Withdrawal does not affect the lawfulness of the processing prior to the withdrawal.

    6. In the case of automated (electronic) processing based on consent or for the performance of a contract, the data subject has the right to receive personal data relating to him or her in a commonly used electronic format or to request the University to transfer the data to another controller, as defined in Article 20 of the General Data Protection Regulation (right to data portability).

    7. Where the processing is carried out for the performance of public tasks or in the exercise of public authority or is based on a balancing of interests, the data subject has the right to object to the processing on grounds relating to his or her particular situation (right to object). The University may no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

    8. The data subject may exercise his or her rights free of charge by contacting the contact person indicated in point 1 or the Data Protection Officer. The exercise of the data subject's rights may in most cases require the identification of the data subject, and in some cases (e.g. exercise of the right to rectification) the verification of some additional data. The University will decide on the request to exercise the right of access within one month at the latest. Where necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months, the extension being notified to the data subject within 1 month.


  5. Complaints and remedies

If you have a complaint about the processing of your personal data, you can contact the contact person indicated in point 1 or the University's Data Protection Officer (adatvedelem@pte.hu).

If you wish to complain by post, you can do so to the address Vasvári Pál u. 4., 7622 Pécs, to the contact person indicated in point 1 or to the Data Protection Officer.

If you consider that you have suffered or are at imminent risk of suffering a violation of rights in connection with the processing of your personal data, you may contact the National Authority for Data Protection and Freedom of Information (postal address: 1363 Budapest, Pf. 9. phone: +36 (1) 391-1400, email: ugyfelszolgalat@naih.hu, website: https://naih.hu).

If your data protection rights have been infringed, you can also take your case to court, at your choice, before the competent court in your place of residence or domicile.