Code of conduct

PRIVACY POLICY

on the data process of the Translational Medicine Foundation's online video library

The Translational Medicine Foundation (hereinafter:  Foundation) pays particular attention to complying with the Regulation (EU) 2016/679 (hereinafter: General Data Protection Regulation) of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EK, as with Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter:  Privacy Act), with other legislations, and with the data protection practices developed during the activities of the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter: NAIH).

1. Data Controller

Name: Translational Medicine Foundation

Seat and mailing address: 52/D Pálfy Street, Szeged, Csongrád, 7625,  Hungary

Representative:  Dr. Péter Hegyi Chairman of the Board of Trustees

Name of the Contact Person: Attila Márta

Phone number: +36 (30) 994 6576

E-mail address: martaattila42 [at] gmail.com

2. The Scope of the Processed Personal Data and Their Sources

The scope of the processed data includes the data provided in connection with the access to the online video library, in particular the data provided during registration, payment data, and the data provided during contact.

The source of the data is your data provision. 

Should any modifications or changes occur in the processed data of the data subject during the data process period, please immediately notify the contact person indicated in point 1.

3. The Purpose and Legal Basis of Data Process
   1. With the express and voluntary consent of the data subject (Article 6 (1) (a) of the General Data Protection Regulation), the Foundation processes the data provided during registration, such as the subject’s name, date of birth, address, e-mail address and telephone number, for the purpose of registration, providing access to a user account, and for contact. The provision of data is voluntary, but in the absence of data or consent, we are unable to create a user account for you or to ensure the viewability of lectures.
   2. With the express and voluntary consent of the data subject (Article 6 (1) (a) of the General Data Protection Regulation), the Foundation processes the data subject’s answers to ensure that the questionnaire created with the goal of aiding the comprehension of the information provided in the online video are filled out, and then creates a memorial card about the proportion of correct answers. The answers to the questionnaire are anonymised by the Foundation on the basis of its legitimate interest in quality assurance (Article 6 (1) (f) of the General Data Protection Regulation) and are used for quality assurance purposes.
   3. The Foundation processes the data subject’s data related to the subsciption, in particular the subject’s name, the content of the subscription and its period, on the basis of the provision of the subsribed online video material (Article 6 (1) (b) of the General Data Protection Regulation).
   4. The Foundation processes the name and address of the person paying the fee for the purpose of issuing an invoice in accordance with Article 6 (1) (c) of the General Data Protection Regulation, ie a legal obligation, namely Article CXXVII of 2007 on value added tax (VAT Act). 
   5. The Foundation processes the name and address of the person paying the fee for the purpose of keeping the invoice in accordance with Article 6 (1) (c) of the General Data Protection Regulation, ie the fulfillment of a legal obligation.  
   6. The Foundation uses “cookies” for the legitimate purpose of ensuring the proper functioning of the website (in accordance with Article 6 (1) (f) of the General Data Protection Regulation), and may use other “cookies” with the express and voluntary consent of the data subject (in accordance with Article 6 (1) (a) of the General Data Protection Regulation). The list of used “cookies”, their purpose and the duration of data performed by them are summarised in the table in point 7.
4. The Duration of Data Process

In the cases of points 3.1. and 3.2. data process lasts until the withdrawal of consent or until objection, in the case of point 3.3. it lasts until the subscription claims expire, in the case of point 3.4. it lasts until the invoice is issued, and in the case specified in point 3.5. it lasts for 8 years in accordance with Act C (169) of 2000 on Accounting.

5. People Who Get to Know the Data, Data Processing, and Data Transfer

The data can only be accessed by those employees of the Foundation’s organizational unit who need the data to perform their organizational tasks. Employees are bound by the obligation of confidentiality with regard to the personal data disclosed.

The Translational Medicine Foundation employs Marble Digital Kft. as data processor in order to perform the graphical and developmental tasks necessary for the creation of the website’s image.  Data Processor:

Name of representative: Attila Király

Seat: 15 Visegrádi Street, Budapest, Pest, 1132,  Hungary

Contact: hello [at] marbledigital.eu; +36 (30) 642 24 84

The Foundation employs B-Payment Zrt. as data processor for online credit card payments. Data Processor:

Seat: 42 Rákóczi Street, Budapest, Pest, 1072, Hungary

Contact: info [at] b-payment.hu

The Foundation employs the website Számlázz.hu as data processor for issuing invoice.  Data Processor:

Name: KBOSS.hu Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (KBOSS.hu Kft.)

Seat: 7 Záhonyi Street, Budapest, Pest, 1031, Hungary

Name of representative: Balázs Ángyán executive

E-mail: info [at] szamlazz.hu

Data Protection Officer: dr. Éva Istvánovics lawyer

Contact: dpo [at] kboss.hu

The Foundation does not pass on or make personal data available to other recipients. If you need to use the online video library to fulfill your study obligations, the Foundation will act as data processor on behalf of the training institution.

6. Data Security

The Foundation shall ensure the appropriate security of the data subject’s personal data by applying appropriate technical and organizational measures, including protection against unauthorized or unlawful handling, accidental loss, destruction or damage to the data.

7. “Cookies” Used on the Website

Name of “Cookie”	Purpose	Duration of data process	Is it essential for the website to work?
PHPSESSID	To preserve the status of the user session in page requests	1 day	yes
_ga	To generate statistics on the use of the website	2 years	no
_gat	Google Analytics “cookie” to reduce the number of requests	1 day	no
_gid	To generate statistics on the use of the website	1 day	no

8.  Rights of Data Subjects and Their Exercise
   1. The data subject shall have the right to access the information specified in Article 15 of the General Data Protection Regulation in relation to their data process (right of access), including in particular that the Foundation inform them about the following:

• which personal data,
• for what purpose and on what legal basis,
• from what source is processed;
• what is the planned duration of storage or what are the criteria for determining the duration;
• to whom and when did the Foundation provide acces to or forward which one of the data subject’s personal data; and
• what rights, complaints and redress possibilities the data subject has during data process.
  2. The data subject has the right to rectify inaccurate (false or incomplete) personal data concerning them on the basis of Article 16 of the General Data Protection Regulation (right to rectification).
  3. The data subject has the right to erase their personal data pursuant to Article 17 of the General Data Protection Regulation (right of erasure), if

• the personal data are no longer required for the purpose for which they were collected or if they were processed otherwise;
• in the case of consent-based data process, the data subject withdraws their consent and there is no other legal basis for the process of data;
• the data subject succesfully objected to data process on the basis of point 7.7.;
• the personal data have been processed unlawfully;
• the personal data must be erased in order to fulfil a legal obligation.

Data will not be erased if the data process is required for the following:

• for the purpose of fulfilling a legal obligation, or for exercising a public task or public authority;
• to file, enforce or defend legal claims;
• for the purpose of exercising the right to freedom of expression and information;
• on the grounds of public interest in the field of public health;
• for archiving in the public interest, for scientific and historical research or statistical purposes, where the right of erasure would likely make data process impossible or would seriously jeopardize it.
  4. The data subject has the right to request a restriction on the process of their personal data as defined in Article 18 of the General Data Protection Regulation (right to restriction), if:

• the data subject disputes the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Foundation to verify the accuracy of the personal data;
• the data subject objected to data process on the basis of point 7.7.; in this case, the restriction shall apply for the period until it is determined whether the Foundation grants the objection;
• the data process is unlawful, and the data subject opposes the erasure of data and instead requests their use be restricted; or
• the Foundation no longer needs the personal data for the purpose of data process, but the data subject requests them in order to file, enforce or protect legal claims.

Personal data subject to a restriction may be managed, with the exception of storage, only with the consent of the data subject or for the purpose of filing, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State.

8. 5. In the case of consent-based data process, the data subject has the right to withdraw their consent at any time without explanation, in accordance with Article 7 (3) of the General Data Protection Regulation (right to withdraw consent). Withdrawal shall be made in writing or in the form in which consent was given. The withdrawal shall not affect the lawfulness of the data process prior to the withdrawal.
   6. In the case of automated (electronic) data process based on consent or in the case of data process for the performance of a contract, the data subject has the right to receive the personal data concerning them in a widely used electronic form or to request the Foundation to transfer the data to another data controller as defined in Article 20 of the General Data Protection Regulation (right to data portability).
   7. In the case of data process based on the balance of interests, the data subject has the right to object to data process for any reason related to their own situation (right to object).  Pursuant to Article 21 of the General Data Protection Regulation, the Foundation may no longer manage personal data unless it demonstrates that the management is justified by overriding legitimate reasons which take precedence over the interests, rights, and freedoms of the data subject or that are related to the filing, enforcement, and protection of legal claims.
   8. The data subject may exercise their rights free of charge at the contact details of the contact person or Data Protection Officer referred to in point 1. The exercise of the data subject’s rights may, in most cases, require the identification of the data subject, while in some cases (e.g. the exercise of the right to rectification), it may be necessary to prove additional data. The Foundation shall consider the application for the exercise of the rights of the data subject within one month at the latest. Taking into account the complexity of the application and the number of applications submitted, this period may be extended by a further two months if necessary, and the data subject shall be informed of the extension within one month.
9. Complaints and remedies

You can make a complaint about data process by contacting the contact person indicated in point 1.  If you wish to make a complaint by post, you can do so by contacting the contact person indicated in point 1 at the address indicated there.

If you believe that the process of your personal data has been infringed or is in imminent danger of infringment, you may contact the Hungarian National Authority for Data Protection and Freedom of Information (mailing address: PO Box 9, Budapest, Pest, 1363, Hungary; phone: +36 (1) 391-1400; e-mail: ugyfelszolgalat [at] naih.hu; website: https://naih.hu).

You may choose to go to court in case your personal data rights have been breached, and the lawsuit may be brought before the court having jurisdiction over your place of residence or your place of stay depending on your preference.