Information on data management

1. Data Controller Information:
Veszprém Archdiocese
Address: 8200 Veszprém, Vár u. 16
Tax number: 19897253-1-19
E-mail: info@veszpremiersekseg.hu
Website: www.veszpremiersekseg.hu
Representative: Dr. György Udvardy, Archbishop of Veszprém

2. Legal Basis for Data Processing:
• Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons regarding the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation: GDPR);
• Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.

3. Scope and Duration of Processed Personal Data, Scope of Data Subjects:
User: A natural person using the services of the website (reading news and information materials, viewing videos and photo galleries, or submitting messages) or visiting the website.
Scope of processed personal data: name, email address (for the volunteers subpage: name, email, phone number).

4. Purposes and Legal Basis of Data Processing:
Purposes of data processing:
• online content service
• contact with users
The data controller may not use the personal data provided for purposes other than those specified above.
Legal basis of data processing: voluntary consent as defined in Article 6(1)(a) of the GDPR, based on the voluntary, prior, and informed consent of the User. The User is entitled to withdraw their consent at any time, and such withdrawal shall not affect the lawfulness of the processing carried out before its withdrawal.
The User warrants that they have the appropriate legal basis for providing or making accessible personal data of other persons while using the services of the website. The User is solely responsible for the user content uploaded or shared via the services.
The data controller does not verify the personal data provided, and the accuracy of the data is the responsibility of the person providing it.
Personal data of users under the age of 16 can only be processed with the consent of a legal adult exercising parental authority over them.

5. Duration of Data Processing:
In the case of emails sent by the User, the contacted Data Controller will delete the name and email address within 90 days after the matter referred to in the inquiry is closed, unless the Data Controller has a legitimate interest in further processing the Personal Data, which lasts until the existence of such legitimate interest.
The data automatically, technically recorded during system operation is stored in the system for the period necessary to ensure the operation of the system.

6. Automatically Collected Data:
The data generated during the use of the website on the User’s logging-in device, including mobile devices, and automatically recorded by the Data Controller’s system as a result of technical processes, include in particular the Internet Protocol (IP) address, browser type, language settings, operating system, internet service provider (ISP), and timestamp.
The automatically recorded data is logged by the website upon entry and exit without a specific declaration or action by the User. These data cannot be linked to other personal data of the User – except in cases required by law. The data is accessible only to the Data Controller.
Automatically recorded data is stored in the system for the period necessary to ensure system operation.

7. Use of Data Processors and Data Transfer:
The Data Controller may use the services of other Data Processors to carry out its activities.
The Data Processor is not entitled to make independent decisions and may only act according to the contract and instructions of the Data Controller. After February 28, 2021, the Data Processor records, processes, and manages the Personal Data transferred and processed according to the GDPR’s provisions and issues a statement of compliance to the Data Controller.
The Data Controller supervises the work of the Data Processor.
The Data Processor is not entitled to use further data processors.
The Data Controller is entitled and obliged to transfer any Personal Data at its disposal to the competent authorities if required by law or a final court order. The Data Controller cannot be held liable for such data transfers or their consequences.
Personal data is not transferred to third countries or international organizations.

8. Data Security Measures:
The Data Controller stores personal data on its own server. It may also use the services of another company for data storage (see point 5 for the data processor). The Data Controller and the data processor it uses take appropriate measures to protect personal data, including against unauthorized access.

9. Users’ Rights Regarding Data Processing:
• Right to information: Users can request information about the personal data processed by the Data Controller at the contact details provided in point 1. The Data Controller will fulfill the request within one month.
• Right to rectification: Users can request the modification of their personal data via the contact details in point 1. The request will be fulfilled within one month.
• Right to restriction: Users can request the restriction of their data via the contact details in point 1. Restriction will last as long as the reason provided by the User necessitates.
• Right to object: Users can object to the processing of their data via the contact details in point 1. In this case, the Data Controller must demonstrate that the data processing is justified by compelling legitimate grounds.
• Right to erasure: Users can request the deletion of their personal data via the contact details in point 1. The deletion may be refused if data processing is required by law.

10. Legal Remedies Related to Data Processing:
If a User believes their data has been unlawfully processed, they may:
• Submit a complaint to the National Authority for Data Protection and Freedom of Information (NAIH). Address: 1055 Budapest, Falk Miksa u. 9-11. Email: ugyfelszolgalat@naih.hu Website: www.naih.hu
• Seek judicial remedy by contacting the court.

11. Changes to the Privacy Notice:
The Data Controller reserves the right to modify this notice at any time. The User accepts the provisions of the Privacy Notice by opening and using the website, without needing additional consent.
The current version of the Privacy Notice is available at: www.bodimariamagdolna.hu
Last updated: 25 October 2024.