Privacy Notice

The Mezőhegyes Technical, Vocational School and Dormitory (registered office: 5820 Mezőhegyes, Kozma Ferenc utca 23.; OM ID: 203246; tax number: 26933869-2-04; represented by: Gábor Tarkó, Head Teacher) – hereinafter referred to as the Service Provider, Data Controller, as the data controller, acknowledges the contents of this legal notice as binding. It undertakes to ensure that all processing of data related to its activities complies with the requirements set out in this Policy and in the applicable national legislation and European Union legal acts.

The Data Protection Policy relating to the processing of personal data by the Data Controller is permanently available at https://mezohegyes-szakkepzes.edu.hu/adatkezelesi-tajekoztato/.

The Data Controller reserves the right to modify this policy at any time and will, of course, inform its audience of any changes in due time.

If you have any questions regarding this notice, please contact us and our team will answer them!

 

This Privacy Policy contains all relevant information on data management in connection with the operation of the website of Mezőhegyesi Technical, Vocational School and Dormitory in accordance with the General Data Protection Regulation (GDPR) of the European Union 2016/679 (hereinafter referred to as the Regulation) and Act CXII of 2011 (hereinafter referred to as the Infotv).

The Data Controller is committed to protecting the personal data of its students, their legal representatives, employees, customers and partners, and attaches the utmost importance to respecting their right to information self-determination. The Data Controller treats personal data confidentially and takes all security, technical and organisational measures to guarantee the security of the data.

The Data Controller describes its data management practices below.
Principles of data management


The Data Controller is a multi-purpose vocational training institution with a public task, and the processing of personal data is mainly based on law.
Personal data in vocational education and training institutions are exclusively: by legal authorisation or consent


The legal basis, purpose, duration and conditions for the exercise of personal rights in relation to each processing operation must be specified.

The scope of the personal data to be processed under the law is defined in Article 114 of Act LXXX of 2019 on Vocational Education and Training and, in the case of the college, in Article 41 of Act CXC of 2011 on National Public Education. The data subjects are the students who have a legal relationship with the institution, their legal representatives, employees and contractual partners.

The effective operation of vocational education and training institutions is in the public interest, therefore data processing on the basis of the law does not require any specific consent from the data subjects.

 

The consent of the persons concerned or, in the case of persons under the age of majority, their legal representatives, is required for the processing of data not specified by law – e-mail addresses, other digital identification data, special data – or for the processing of data for specific purposes specified by law (school meals, submission of applications, organisation of programmes, excursions, the Stud Farm scholarship programme).

 

The GDPR imposes an obligation on vocational education and training institutions to inform parents and other relevant parties about who uses the personal data of students and parents and for what purpose. The unambiguous consent of the data subject (the parent or, where their age allows, the student) is required for any processing that falls outside the scope of the processing of data by the VET institution as defined by law.

 

Specific information and consent must be given and obtained where the VET institution transfers data to a non-statutory body for processing (e.g. a student insurance policy).
Consent to provide voluntary data can be withdrawn at any time.


With regard to the processing of data in vocational training institutions, data may be deleted only if it has been collected on the basis of voluntary consent or if the purpose limitation or legal basis has ceased to exist (in the latter case, deletion is mandatory).
Electronic records are kept of all processing activities and of data transferred for processing.


For vocational training institutions, the institution or the public education institution must ensure that the tasks of the data protection officer are carried out. The DPO shall ensure that the activities of the institution can be demonstrated to comply with the requirements of the GDPR.


A data protection incident of any kind that adversely affects the controller must be reported to the DPA within 72 hours and the persons involved in the incident must be informed. If the personal data breach concerns the data of the student’s parents or guardians, the parents or guardians must also be informed of the incident.

The institutional arrangements for data management and transfer are set out in the institution’s rules on data management and data protection. Under the GDPR, all data controllers must have a personal data protection policy.
Data controller’s data

 

If you would like to contact our School, you can contact the Data Controller by e-mail at mezohegyes.szakkepzes@gmail.com, by mobile phone at +36-70-400-2550 or by landline at +36-68-466-006.

 

The Data Controller will delete all e-mails received by the School and the personal data contained therein, as well as any other data communicated by electronic means (registration form, SMS, Messenger message, etc.), after a maximum of 1 year from the date of communication.

 

Institution name: Mezőhegyesi Technical, Vocational School and Dormitory
5820 Mezőhegyes, Kozma Ferenc st. 23.
OM ID: 203246

 

File number of the decision on the operating licence: BE/08/696-3/2020.

The operating licence was issued by: Department of Social, Guardianship and Education of the Department of Guardianship and Justice of the Government Office of Békés County

 

Tax number: 26933869-2-04
Mobile: +36-70-400-2550
Landline: +36-68-466-006
Fax: +36-68-468-258
E-mail: mezohegyes.szakkepzes@gmail.com
Data Protection Officer: Anita Benkő Secretary
Phone number: +36-70-520-3977
E-mail: benkoanita0930@gmail.com

 

Data processing by the multi-purpose vocational training institution – the scope of personal data processed by the Data Controller pursuant to Section 114 of Act LXXX of 2019 on Vocational Training:

 

(1) The vocational education and training institution shall process, in connection with vocational education and training, for the purpose of establishing and maintaining the apprenticeship or adult education and training relationship

 

a) the apprentice or person undergoing training
(aa) natural person identification data,
(ab) his or her sex,
ac) his/her nationality and, in the case of non-Hungarian citizens, the title of residence in the territory of Hungary and the name and number of the document entitling the person to reside in Hungary,
ad) address, postal address, electronic mail address and telephone number,
ae) his/her social security number,
(af) his/her tax identification number,
(b) the legal representative of the minor pupil
(ba) natural identity data,
bb) his/her address, postal address, electronic mail address and telephone number,
c) in the context of the data relating to the pupil’s status
(ca) data relating to the admission procedure,
(cb) data relating to the suspension or termination of the pupil’s status, including the date and the reason for such suspension or termination,
(cc) data relating to truancy,
(cd) data relating to an accident involving a pupil,
(ce) the educational identification number of the pupil,
(cf) data relating to the individual learning plan,
(cg) data relating to the assessment and marking of the pupil’s knowledge and to the examinations taken by the pupil,
(ch) data relating to the timetable of education,
(ci) data relating to disciplinary and compensation matters concerning pupils,
(cj) the serial number of the pupil’s student card,
(ck) data relating to the supply of textbooks,
(cl) data on grade repetition,
(d) in the context of data relating to adult education, the data set out in points (c)(cb) to (cf) and (ci) to (k),
(e) the data necessary for the assessment and verification of entitlement to statutory benefits in order to establish the identity of the beneficiary and his/her eligibility for such benefits.


(2) A vocational training institution shall, for the purposes of the employment of its staff, the establishment and fulfilment of benefits, advantages and obligations for its staff and the keeping of the records provided for in this Act, process

 

a) the employee’s
aa) the surname and forename and the surname and forename at birth,
(ab) his sex,
(ac) place and date of birth,
ad) the mother’s maiden name and surname, her nationality and, in the case of a non-Hungarian citizen, the title of residence in the territory of Hungary and the name and number of the document entitling the employee to reside there,
ae) address, postal address, electronic mail address and telephone number,
af) data concerning his/her education, professional qualifications, vocational qualifications and knowledge of foreign languages,
ag) educational identification number,
(ah) the number of his/her teaching certificate,
(ai) his/her social security number,
aj) his/her tax identification number,
ak) his/her payroll account number,
(b) in relation to all previous employment of the staff member
(ba) the job title,
(bb) the type of employment, the starting and ending dates and the method of termination of employment,
(bc) his title and job title,
(bd) the amount of his remuneration and allowances and the period on the basis of which they are calculated,
(c) in relation to the staff member’s employment with the vocational training establishment
(ca) the particulars specified in (b),
(cb) the number and date of the official certificate issued by the criminal records department,
(cc) details of the results of the aptitude test,
(cd) the extent of his working time, the entitlement and the duration of his absence from work,
(ce) details of his secondment,
cf) the results of his assessment,
(cg) details of the performance of his obligation to undergo further training,
(ch) data relating to his misconduct or liability for damages.

 

§ 115 [Transfer of processed data]

 

(1) Vocational education and training institutions shall be obliged to keep the records required by law, to log into the information system for vocational education and training, to use the basic registration and study system, and to provide aggregated data on pupils at risk of early school leaving as required under the national statistical data collection programme.

 

(2) Of the data specified in Section 114(1)

 

(a) the pupil’s name and surname, place and date of birth, place of residence, place of abode, name and surname of his/her legal representative, address and telephone number, the start date, the date of interruption and termination of the pupil’s status as a pupil, data relating to the individual study arrangements, data relating to the pupil’s absence from school, for the purpose of checking the legality of absences from classes on the school day and contacting the legal representative, for the maintenance authority, the court, the police, the public prosecutor’s office, the notary of the local municipality, the administrative body and the national security service in connection with the existence of the pupil’s legal status and the fulfilment of the compulsory school attendance,
b) data relating to the admission or acceptance of the pupil to the school, vocational training institution or higher education institution concerned,
c) the student’s name and surname, date and place of birth, address, postal address, social security number, name and surname, address, postal address and telephone number of his/her legal representative, the medical records of the vocational training institution, data on the student’s accident for the purpose of determining his/her state of health to the health institution and the institution responsible for school health,
data concerning a pupil with special educational, learning or behavioural needs, a pupil or person undergoing training who is disadvantaged or who is severely disadvantaged, to the institution or organisation for family protection, to the organisation or institution for child and youth protection, with a view to identifying and removing the risk of the pupil or person being at risk,
(e) the data necessary for the assessment and verification of the pupil’s eligibility for the support available to the maintaining authority,
(f) the details of the diploma or certificate of the pupil issued on the basis of the state examination to the state vocational education and training administration body for the purpose of registering the diploma or certificate, and from the state vocational education and training administration body to the organisation registering applications for admission to higher education,


(3) The data specified in Section 114 may be transmitted, as specified in this Act, subject to the purpose limitation on the protection of personal data, to the maintenance provider, the paying agency, the court, the police, the public prosecutor’s office, the state vocational training administration body, the persons entitled to monitor the provisions on employment and the National Security Service. In the case of holders of a teacher’s certificate, all the data necessary for the issue of the teacher’s certificate may be transmitted to the persons involved in the preparation of the teacher’s certificate.

 

(4) The pupil

a) data on the special educational needs, integration disorder, learning difficulty, behavioural disorder of the pupil to the institutions of the special educational needs service and between the institutions of vocational education and training,
(b) data relating to the assessment and classification of the minor pupil within the class or group concerned, within the teaching body, to the legal representative of the minor pupil, to the dual training centre, if the assessment is not carried out in the vocational training establishment, between vocational training establishments, and, in the event of a change of school, to the new vocational training establishment or public education establishment,
(c) all the data necessary for the issue of his/her student card to the persons involved in the preparation of the student card
can be transmitted.

 

(5) Paragraphs (1) to (4) shall apply to the transmission of the data of a trainee specified in Article 114(1).

 

(6) The vocational training institution shall provide the dual training centre [National Stud and Educational Farm] with access to the registration and study basic system for the purpose of recording the fulfilment of the obligations of the apprentice or trainee.

 

(7) The data of the vocational examination shall be provided to the Central Statistical Office free of charge, in accordance with Section 28 of Act CLV of 2016 on Official Statistics (hereinafter: Stt.), on the basis of prior verification of the statistical purpose, to the extent necessary for this purpose, in a manner suitable for unique identification for statistical purposes, and may be used by the Central Statistical Office for statistical purposes. The scope of the data received and the detailed rules of data transfer shall be laid down in an agreement pursuant to Section 28 of the Stt.

 

(8) Data relating to the basic vocational training task may be used for statistical purposes and may be transmitted for statistical purposes in a manner that does not allow identification of the individual, as specified in the Government Decree.

 

§ 116 [Confidentiality]

 

(1) Employees of vocational training institutions and persons who assist in the supervision of apprentices shall, by virtue of their profession, be under an obligation of confidentiality vis-à-vis third parties in respect of all facts, data and information relating to apprentices and apprenticeship participants which they have acquired in the course of their contacts with apprentices and apprenticeship participants and, in the case of underage apprentices, with the legal representative of the underage apprentices. This obligation shall continue to apply without time limit after the termination of the employment relationship. The obligation of confidentiality shall not extend to discussions between members of the teaching staff or with members of the child protection referral system concerning the pupil’s development.

 

(2) All personal data of a minor pupil may be disclosed to the legal representative of the minor pupil, unless the disclosure of the personal data would seriously impair the physical, mental or moral development of the minor pupil.

 

(3) The consent of the person concerned and of the person who is otherwise entitled to receive the data shall not be required if the vocational training institution acts pursuant to Article 17(2) of Act XXXI of 1997 on the Protection of Children and Guardianship Administration.

 

§ 117 [Duration of processing]

 

(1) A vocational training institution shall process the data specified in Article 114(1) until the last day of the tenth year following the termination of the student’s legal status, and the data specified in Article 114(2) until the last day of the fifth year following the termination of the employment relationship.

 

(2) For the purpose of verifying the condition specified in Section 41(1)(b), the vocational training institution shall process the personal data of the employee or the person to be employed by the vocational training institution which are contained in the official certificate issued by the criminal records body. The personal data obtained shall be processed by the vocational training institution until the date of the decision taken in connection with the establishment of the employment or, in the case of employment, until the last day of the fifth year following the termination of the employment.

 

Article 118 [Data processing policy]

 

The data management policy of the vocational training establishment shall lay down the institutional arrangements for the processing and transfer of data. The duration of data processing may not exceed the archival retention period. The training council and the student council shall have the right to express an opinion on the drafting and amendment of the data management regulations in the vocational training establishment. The director and, within the limits of the power of attorney, any other person authorised by the director shall have the right to transmit data.
The Data Controller also processes the data on the basis of the consent of a multi-purpose vocational training institution:

 

Bank account number

 

E-mail address

 

Name(s) of the educational establishment(s) with which he/she has previously been or is currently a student; details of the establishment(s)

Current employment or assignment with another institution; details of the institution

Allergies, food allergies, declaration of persistent illness; medical certificates, hospital reports and other medical documents, in particular school and occupational health certificates and accident reports and coronavirus certificates

Language knowledge, language examination certificate number(s)

Curriculum vitae, covering letter and the range of personal data contained therein

For institutional staff, number and age of children living in the same household

Identification number(s) of driving licence(s)

 

Passport/passport number

 

Proof of entitlement to a reduction in the standard subsistence allowance:

– the pupil is in receipt of regular child protection benefit;

– a child who is permanently ill or disabled;

– the student is in a family with three or more children.

 

Declaration of the number of children living in the same household (children placed with a foster parent on a temporary basis and children placed with a foster parent who are foster children)

and young adult children in after-care; total number of own children – of which under 18 or aged 18-25, in full-time education in a public educational establishment, in adult education organised according to the full-time work schedule or in full-time education in an institution of higher education); number of permanently sick or disabled child(ren)).

Documents proving the legal basis for the free meal:

 

– a pupil in education, or

– a pupil who is in after-school care.

– the range of personal data included in the expert opinion for a pupil with special educational needs (SNI)

– the range of personal data included in the expert opinion for a pupil with integration, learning and behavioural difficulties (BTMN)

– specific data relating to the application and payment of scholarships, the establishment of eligibility and the payment of scholarships

– photographic, video and audio recordings on the basis of a declaration – or a parental declaration in the case of a minor pupil


Data, files and documents are stored in paper and digital (scanned) formats. The Data Controller is a multi-purpose vocational training institution, which also processes data in electronic format on various platforms:

 

KIR (Public Education Information System);
PIS (information system for vocational education and training);
e-Learning (e-Learning System for Vocational Education and Training (e-Learning));
Institutional website;
network sharers;
Facebook community page.
Technical data

 

The Data Controller selects and operates the IT tools used to process personal data in the provision of the service in such a way that the processed data:

 

accessible to those authorised to access it (availability);
its authenticity and authenticity are ensured (authenticity of processing);
its integrity can be verified (data integrity);


is protected against unauthorised access (data confidentiality).
The Data Controller shall take appropriate measures to protect the data against unauthorised access, alteration, disclosure, disclosure, erasure or destruction and against accidental destruction.

 

The Data Controller shall ensure the security of data processing by technical, organisational and organisational measures that provide a level of protection appropriate to the risks associated with the processing.

 

The Data Controller shall, during the processing, keep

confidentiality: it shall protect information so that only those who are entitled to have access to it have access to it;


integrity: to protect the accuracy and integrity of the information and the processing method;


availability: it ensures that when the authorised user needs it, he has effective access to the information and the means to obtain it.


Cookies (Cookies)

The purpose of cookies

 

collect information about visitors and their devices;


remember visitors’ individual preferences and details, which are used later so that they do not have to be re-entered;
facilitate the use of the website;
provide a quality user experience.
Browsers place a small piece of data, called a cookie, on the user’s computer to provide a personalised service, which is read back during a subsequent visit. If the browser returns a previously saved cookie, the cookie provider has the possibility to link the user’s current visit to previous visits, but only for its own content.

Duration of processing

 

More information on the data retention period of cookies is available here:

Google general cookie notice:

https://www.google.com/policies/technologies/types/

Google Analitycs notice:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu

Facebook Privacy Policy::

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Legal background and legal basis for cookies:

The legal basis for processing is your consent pursuant to Article 6(1)(a) of the Regulation.

 

Main characteristics of the cookies used by the website.

Cookies strictly necessary for the functioning of the website.

These cookies are essential for the use of the website and allow you to use its essential functions. Without them, many of the site’s functions will not be available to you. The lifetime of these types of cookies is limited to the duration of the session.

 

Cookies to improve the user experience

These cookies collect information about a user’s use of the website, such as which pages they visit most often or what error messages they receive from the website. These cookies do not collect any information that identifies the visitor, i.e. they are completely generic and anonymous. We use the information they provide to improve the performance of the website. The lifetime of these types of cookies is limited to the duration of the session.

 

Third-party cookies (analytics); Google Adwords cookie

When someone visits our site, the visitor’s cookie ID is added to our remarketing list. Google uses cookies, such as NID and SID cookies, to personalise the ads you see in Google products, such as Google Search. It uses such cookies, for example, to remember your recent searches, your previous interactions with advertisements from individual advertisers or search results, and your visits to advertisers’ websites. The AdWords conversion tracking feature uses cookies. To track ad sales and other conversions, cookies are saved on a user’s computer when they click on an ad. Some common uses of cookies include: selecting ads based on what is relevant for a particular user, improving campaign performance reporting, and avoiding displaying ads that the user has already viewed.

 

Google Analytics cookie

Google Analytics is Google’s analytics tool that helps website and application owners to get a more accurate picture of their visitors’ activities. The service may use cookies to collect information and generate reports on website usage statistics without individually identifying visitors to Google. The main cookie used by Google Analytics is the “__ga” cookie. In addition to generating reports from website usage statistics, Google Analytics, together with some of the advertising cookies described above, can also be used to display more relevant ads in Google products (such as Google Search) and across the web.
Remarketing cookies
May appear to previous visitors or users when browsing other sites on the Google Display Network or searching for terms related to your products or services
Session cookie
These cookies store the visitor’s location and browser language, and have a lifetime of up to 2 hours or until the browser is closed.
Mobile version, design cookie
Detects the device used by the visitor and switches to full view on a mobile device. Lifetime 365 days.
Cookie acceptance cookie
Accepts the cookie storage statement in the warning window when you visit the site. Lifetime 365 days.
Facebook pixel (Facebook cookie) A Facebook pixel is code that is used to report conversions on the website. Target audiences can be created and the site owner receives detailed analytics data on visitors’ website usage. The Facebook pixel is used to display personalised offers and ads to website visitors on the Facebook interface. You can read Facebook’s privacy policy here:

https://www.facebook.com/privacy/explanation

If you do not accept the use of cookies, certain features will not be available to you. For more information on how to delete cookies, please follow the links below:

Internet Explorer:

http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

Firefox:

https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

Mozilla:

https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito

Safari:

https://support.apple.com/kb/ph21411?locale=en_US

Chrome:

https://support.google.com/chrome/answer/95647

 

Data related to online administration

Detailed list of personal data requested during online administration

Declaration of acceptance of the Privacy Notice

Registration interface of the Host Camp:

https://docs.google.com/forms/d/1ALwderOyWOSKbQEfAc2iltyGQJtzmwqZGIoj9pToY4c/viewform?edit_requested=true

E-mail address

Last name

First name

Place of birth

Date of birth (year, month, day)

Mother’s maiden name

Address details: postcode, name of locality, type and name of public area, house number

Contact details: mobile/landline phone number, e-mail address

Name of parent/guardian

Parent/carer’s mobile/landline phone number

Name of the educational establishment with which the applicant is registered as a pupil

Declaration of any existing allergies and their type

Declaration of any existing long-term illness

Declaration that he/she has read and acknowledged the detailed information on the Host Member State and the work offered

 

Information related to the newsletter

The Mezőhegyes Technical, Vocational School and Dormitory does not edit or send newsletters.
Purpose, method and legal basis of processing

General data processing policy

The data processing of the Data Controller’s activities is based on legal authorization or voluntary consent. In the case of processing based on voluntary consent, data subjects may withdraw their consent at any stage of the processing.

In certain cases, the processing, storage and transmission of some of the data provided is required by law and we will inform our customers separately.

Data controllers are reminded that if they do not provide their own personal data, it is the data controllers’ responsibility to obtain the data subject’s consent.

Our data management principles are in accordance with the applicable data protection legislation, in particular the following:

Act CXII of 2011 – on the Right to Informational Self-Determination and Freedom of Information (Infotv.);
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR);
Act V of 2013 – on the Civil Code (Civil Code);
Act C of 2000 – on Accounting (Accounting Act);
Act LIII of 2017 – on the Prevention and Combating of Money Laundering and Terrorist Financing (PMT);
Act CCXXXVII of 2013 – on Credit Institutions and Financial Undertakings (Hpt.);
§ 41 of Act CXC of 2011 on National Public Education;
EMMI Decree No. 20/2012 (VIII. 31.) on the operation of educational institutions and the naming of public educational institutions;
EMMI Decree No. 15/2013 (II. 26.) on the Operation of Pedagogical Specialised Service Institutions;
EMMI Decree No. 32/2012 (X. 8.) of the Minister of Human Resources on the publication of the Guidelines for the Education of Children with Special Educational Needs in Kindergartens and the Guidelines for the Education of Pupils with Special Educational Needs in Schools;
§ 114 of Act LXXX of 2019 on Vocational Training;
Government Decree 12/2020 (II. 7.) on the implementation of the Vocational Training Act;
Act XXXI of 1997 on Guardianship Administration;
Act I of 2012 on the Labour Code;
Act XXXIII of 1992 on the Legal Status of Public Servants;
Government Decree No 326/2013 (VIII. 30.) on the implementation of Act XXXIII of 1992 on the Career System of Teachers and the Status of Public Servants in Public Education Institutions.
Physical storage locations of data

Your personal data (i.e. the data that can be associated with you personally) may be processed by us in the following ways: on the one hand, technical data relating to the computer, browser program, Internet address and pages visited are automatically generated in our computer system in connection with the maintenance of the Internet connection, and on the other hand, you may provide your name, contact details or other data if you wish to contact us personally when using the website.

Data technically recorded during the operation of the system: the data of the computer of the data subject which are generated on the website and recorded by the system of the Government Information Technology Development Agency (GITDA) as an automatic result of technical processes. The automatically recorded data are automatically logged by the system on log-in and log-out without any declaration or action by the data subject. This data cannot be linked to other personal user data, except in cases required by law.
Data transfer, data processing, data subjects

The Data Controller processes personal data only on the basis of a legal authorisation or consent, specifying the legal basis, purpose, duration and conditions for the exercise of the privacy rights relating to each processing operation.

Processing and transfer of data shall be carried out by the Controller only on the basis of a legal authorisation and legal requirements.

The scope of the personal data to be processed pursuant to the law is defined in Section 114 of Act LXXX of 2019 on Vocational Education and Training and, in the case of the Dormitory, in Section 41 of Act CXC of 2011 on National Public Education. The data subjects are the students who have a legal relationship with the institution, their legal representatives, employees and contractual partners.
In all cases, the Data Controller shall ensure that the activities of third parties processing the institution’s data also comply with the GDPR and shall have a legally binding contract with any partner processing personal data processed by the institution (in cases where the institution discloses data of students or employees, for example, for the purpose of taking out student insurance or providing a benefit such as a gift card). Exceptions to this rule are made where the transfer of data to third parties is required by law (for example, statistical data collection).

Data subject’s rights and means of redress

During the period of processing, you have the following rights under the Regulation:

the right to withdraw consent
access to personal data and information relating to the processing
the right to rectification
restriction of processing,
the right to access to personal data and to obtain information on the processing of personal data, including the right to access to personal data
right to object
the right to portability.
If you wish to exercise your rights, this will involve your identification and the Data Controller will need to communicate with you. For this purpose, identification will require the provision of personal data (but identification may only be based on data that the Controller already holds about you) and your complaints about the processing will be available on the Controller’s email account within the time period indicated in this Notice in relation to complaints. If you are a student of ours and wish to be identified for the purposes of complaint handling or other administration, please also provide your education ID for identification purposes! We can use this to identify you as a student.

The Data Controller will respond to complaints about data processing within 30 days at the latest.

 

Right to information

The Data Controller shall take appropriate measures to provide data subjects with all the information referred to in Articles 13 and 14 of the GDPR and each of the information referred to in Articles 15 to 22 and 34 of the GDPR concerning the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language.

 

Right of access of the data subject

You have the right to obtain from the Controller feedback as to whether or not your personal data are being processed and, if processing is ongoing, the right to:

to have access to the personal data processed; and
to be informed by the Controller of the following information:
the purposes of the processing;
the categories of personal data processed concerning you; and
information about the recipients or categories of recipients to whom or with which the personal data have been or will be disclosed by the Controller;
the envisaged period of storage of the personal data or, where this is not possible, the criteria for determining that period;
your right to obtain from the Controller the rectification, erasure or restriction of the processing of personal data concerning you and, where the processing is based on legitimate interests, to object to the processing of such personal data;
the right to lodge a complaint with a supervisory authority;
if the data have not been collected from you, any available information about their source;
the fact of automated decision-making (if such a process is used), including profiling, and, at least in these cases, clear information on the logic used and the significance and likely consequences for you of such processing.
The purpose of exercising the right may be to ascertain and verify the lawfulness of the processing, and therefore, in the event of repeated requests for information, the Data Controller may charge reasonable compensation for the provision of information.

Access to personal data shall be ensured by the Controller by sending you, by e-mail, the personal data and information processed, after you have been identified. If you are registered in the CREDIT School Core System, access will be granted by logging into your account to view and check the personal data processed about you.

Please indicate in your request whether you are requesting access to personal data or information on data management.

 

Right to rectification

You have the right to have inaccurate personal data relating to you corrected by the Data Controller without delay upon your request.

 

Right to erasure

The data subject shall have the right to obtain from the Controller, upon his or her request, the erasure of personal data relating to him or her without undue delay where one of the following grounds applies:

the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;
the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed;
the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
the personal data have been collected in connection with the provision of information society services.
The erasure of the data may not be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for public health purposes or for archiving, scientific or historical research purposes or statistical purposes in the public interest; or for the establishment, exercise or defence of legal claims.

 

Right to restriction of processing

At the request of the data subject, the Controller shall restrict processing if one of the following conditions is met:

the data subject contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the accuracy of the personal data to be verified;
If the processing is unlawful, the data subject opposes the erasure of the data and requests instead the restriction of their use;
the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or
the data subject has objected to the processing – in which case the restriction shall apply for a period of time until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the data subject.
Where processing is subject to restriction, personal data other than storage may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.
Right to data retention

If the processing is automated or based on your voluntary consent, you have the right to request the Controller to receive the data you have provided to the Controller, which the Controller will make available to you in xml, JSON or csv format; if technically feasible, you may request that the Controller transfer the data in this format to another controller.

 

Right to object

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the Controller may no longer process the personal data, except on compelling legitimate grounds which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

 

Automated decision-making in individual cases, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

 

Right of withdrawal

The data subject has the right to withdraw his or her consent at any time.

 

Right to apply to the courts

The data subject may take legal action against the Controller in the event of a breach of his or her rights. The court shall rule on the case out of turn.

 

Procedure before the data protection authority

Complaints may be lodged with the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Postal address: 1530 Budapest, PO Box 5.
Phone: +36-1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu Website: http://www.naih.hu
Other provisions

Information on data processing not listed in this information notice will be provided at the time of data collection.

We inform our customers that the court, the prosecutor, the investigating authority, the law enforcement authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank or other bodies authorised by law may contact the Data Controller to provide information, to disclose or transfer data or to provide documents.

The Data Controller shall disclose to the authorities – if the authorities have indicated the precise purpose and scope of the data – personal data only to the extent and to the extent that is indispensable for the purpose of the request.

 

The present Privacy Policy, consolidated with amendments, contains all procedures and information related to the operation of the website of the Mezőhegyesi Technical and Vocational School and College, in accordance with the General Data Protection Regulation (GDPR) 2016/679 of the European Union and Act CXII of 2011.

The institutional provisions of the Privacy Notice are effective from 15 April 2021.

 

 

Mezőhegyes, 15 April 2021.

 

Gábor Tarkó
Head Teacher