Privacy Notice

About the data stored at the Ökotárs Foundation related to the operation of the Civilization Coalition

I, Data Controller - who you can contact if you have any questions

  • Name: Ökotárs Foundation

  • Address: 1056 Budapest, Szerb utca 17-19., Hungary

  • Data Controller’s Data Protection Officer for data processed related to the Civilization coalition: Ágnes Oravecz 

  • Contact details of the Data Protection Officer: civilizacio2017@gmail.com

This document is a unilateral commitment of the Data Controller in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) and the relevant legislation of the Member States.

This Regulation may be unilaterally amended and/or revoked by the Data Controller at any time, with the simultaneous notification of the Data Subjects. The information is provided by direct notification of the Data Subjects.

II, Purpose of data handling

What information do we ask and what do we use it for?

1, Petition campaigns

Collecting participants for petition campaigns and certifying and documenting the connection.

  • Legal basis of data handling: consent of the Data Subject

  • Scope of data handled:

    • Name of organization

    • E-mail address

    • Fact and date of signing the petition

    • Name of petition

    • Contact name

    • Phone number

  • Planned deadline for data handling: until revoked

2, Providing information on issues affecting CSOs

Providing information on fundamental legal changes affecting the civil sphere, related training and advocacy opportunities, and local and national activities and campaigns to promote civil society and active citizenship.

  • Legal basis of data handling: legitimate interest

  • Source of data handling: The Data Controller has lawfully managed the Data Subjects’ data for other data management purposes.

  • Scope of data handled:

    • Name of organization

    • E-mail address

    • Contact name

    • Phone number

    • Place of activity of the CSO (city, county)

  • Planned deadline for data handling: until revoked

3, Trainings and events

Manage related registration to ensure participation in a training or event.

  • Legal basis of data management: consent of the Data Subject

  • Scope of data handled:

    • Name

    • Name of organization

    • E-mail address

    • Phone number

    • Additional information related to the event or training (eg program brought by the organization, description of know-how)

  • Planned deadline for data handling is 5 years after the event or training.

4, Press Communications

Issuing press releases in electronic form, sending invitations to press events and press communication on the Data Controller's webpage and Facebook page.

  • Legal basis of data management: consent of the Data Subject

  • Source of data handling: consent of the Data Subject

  • Legal basis of data management: legitimate interest

  • Source of data handling: data from public sources

  • Scope of data handled:

    • E-mail address

    • Phone number

    • Name

    • Name of the media

    • If necessary, any other request from the press.

  • Planned deadline for data handling: until revoked, in the case of legitimate interest until protest.

5, Surveys

Conducting surveys

- to inform the public on matters related to the civil sphere,

- to on the views and needs of the civil sphere in regarding the activities of Civilization.

  • Legal basis of data management: consent of the Data Subject

  • Scope of data handled:

    • Name of organization

    • The organisation's answers to the questions asked in the survey

  • Planned deadline for data handling: until revoked.

6, Campaigns and actions

Organizational documents for campaigns, actions and events organized to promote or defend the interests of the civil sphere.

  • Legal basis for data handling: Legitimate interest

  • Source of data handling: consent of the Data Subject

  • Scope of data handled:

    • Names of participants

    • E-mail address

    • The tasks and offers of the participants in relation to the given campaign, action or event.

  • Deadline for data handling: 10 years after the campaign, action or event.

7, Volunteers’ data

People who have in some way offered volunteer help for the Civilization coalition.

  • Legal basis for data handling: consent of the Data Subject.

  • Scope of data handled:

    • Name

    • E-mail address

    • Details of professional knowledge offered

  • Planned deadline for data handling: until revoked

8, Documenting events, informing the public

Taking photos and videos at public events and publishing them on the organisation's public surfaces and in the press.

  • Legal basis of data management: consent of the Data Subject, which in this case is expressed in an action, ie by participating in a public event.

  • Scope of data handled:

    • Photo

    • Video recording

  • Planned deadline for data management: until revoked

9, Data handling related to the GDPR Regulation

Data handling, data transfer register, data protection incidents, Data Subject needs and questions

  • Legal basis for data handling: legal obligation - date of entry into force: 24.05.2018

  • Scope of data handled:

    • Name

    • Date, type, content of the Data Subject’s request

    • Result of the request concerned

    • Incident date, documentation, result

  • Intended timing of data processing: not to be discarded

III, Children

Our activities are not carried out for people under the age of 16, persons under 16 years old should not provide personal data to the Data Controller. If we become aware that we have collected personal information from a child under the age of 16, we will take the necessary steps to delete the information as soon as possible.

IV, Data transmission, data processing, the circle of those who know the data

During the data handling, the Data Controller transmits the data to the data processor(s) contracted by him for the performance of the contract.

Recipient categories: postal and delivery services, transport companies, IT operators, web hosting providers, web content developer, accounting service provider, internet payment service providers, legal advisors, GDPR advisor, business advisors, social media sites, web application providers.

V, The scope of access to the data

The Data Controller shall not transfer the disclosed data to third parties, except for the data processor(s) indicated in point IV. The recorded data may only be used by the employees of the Data Controller and the volunteers competent in the given topic, and by the designated employees of the data processor(s).

VI, Handling of data received from third parties

If the User/Partner does not provide his/her own data to the Data Controller, but data of another natural person, then the User/Partner is solely responsible for providing the data with the consent, knowledge and appropriate information of this natural person. The Data Controller is not obliged to investigate their existence. The Data Controller draws the attention of the User/Partner to the fact that if he/she does not fulfill this obligation and therefore the Data Subject asserts a claim against the Data Controller, the Data Controller may pass on the asserted claim or the related damage to the User/Partner.

VII, The Data Subjects’ rights

The Data Subject may contact the Data Controller at the contact details indicated in point I. to request

  • information on the handling of his/her personal data,

  • that his/her data be corrected,

  • information on data handling,

  • the deletion of his/her personal data and restrictions on data handling.

The Data Subject can exercise his/her rights above at any time.

The Data Subject may also contact the Data Controller at the contact details indicated in point I. to

  • request the transfer of his/her data to another Data Controller, if the data handling is based on a contract or consent and is handled by the Organization in an automated procedure.

  • dispose for the withdrawal of his/her previous consent to data handling.

The Data Controller shall comply with or reject (with explanation) the request in not more than 1 month after the submission of the request - in exceptional cases within a longer period permitted by law. It shall inform the Data Subject  about the result of the investigation in writing

1, Cost of information

The Organization shall provide the measures and the necessary information free of charge for the first time every month.

If the Data Subject requests the same data for the second time within a month, which have not changed during this time, the Data Controller will charge an administrative fee.

  • The basis for the calculation of the administrative cost is the cost per hour of the current minimum wage as an hourly rate.

  • The number of working hours used for information, calculated on the basis of the former hourly rate.

  • Furthermore, in the case of a paper-based information request, the cost of printing the response at cost price and the cost of postage.

2, Refusal of information

If the Data Subject's request is clearly unfounded, he/she is not entitled to the information or the Organization, as the Data Controller, can prove that the Data Subject possesses the requested information, the Data Controller shall reject the information request.

If the Data Subject's request is excessive due to its particularly repetitive nature, the Organization may refuse to act on the request, if the Data Subject submits a request in accordance with Articles 15-22. on the same subject for the third time within a month.

3, Right to protest

The Data Subject has the right to protest any time against the lawful processing of his/her personal data based on legitimate interest or public authority.

In this case, the Organization may not process the personal data further unless it proves that the processing is justified by legitimate reasons of coercive force which take precedence over the interests, rights and freedoms of the Data Subject or which relate to the submission, enforcement or defense of legal claims.

If it finds that the legal basis for the protest is well-founded, it shall terminate the processing of data, including the transfer of data and further data collection, as soon as possible. It will notify of the protest all persons to whom it has previously transmitted the data of the Data Subject .

The fullfillment of the request is free of charge, except for unfounded or excessive requests, for the processing of which the Data Controller may charge a reasonable fee corresponding to its administrative costs.

If the Data Subject does not agree with the decision made by the Data Controller, he/she may apply to a court.

VIII, Transfer of data to a third country or to an international organization

The Data Controller will NOT transfer the Data Subject's personal data to a third country outside the EEA Member States or international organization, with the exception of point IV.

IX, Information on data security measures

The Data Controller handles the data in a closed system in accordance with the requirements of its Information Security Policy.

The Data Controller provides default and built-in privacy. To this end, the Data Controller shall apply appropriate technical and organizational measures in order to:

  • precisely regulates access to data;

  • allows access only to persons who need the data in order to perform the task with it, and even then only access the data that is the minimum necessary to perform the task;

  • select the data processors he/she entrusts carefully and ensure data security with an appropriate data processing contract;

  • ensure that the data processed are unchanged (data integrity), authentic and protected.

The Data Controller applies reasonable physical, technical and organizational security measures to protect the data concerned, in particular against their accidental, unauthorized, unlawful destruction, loss, alteration, transmission, use, access or processing. The Data Controller notifies  immediately the Data Subject in the case of unauthorized access to or use of personal data that is known and involves a high risk to the Data Subject.

If the transfer of data relating to a Data Subject is required, the Data Controller ensures that the transferred data are adequately protected, for example by encrypting the data file. The Data Controller is fully responsible for the data processing carried out by third parties.

The Data Controller also ensures, through appropriate and regular backups, that the Data Subject's data is protected against destruction or loss.

X, Analytical services, cookies

The Data Controller uses cookies and tracking codes from external service providers (especially Facebook) to compile page statistics, measure user interest and demographics, and measure behavior on the Website. In addition, the Data Controller may use aggregate data obtained from interest-based advertising services or visitor data (such as age, gender, and interest) for general site reporting and development, as well as for use in ad marketing lists.

The purpose of these is to continuously improve our web interfaces, increase the effectiveness of our web interfaces and the ads associated with our campaigns.

We also use Facebook's remarketing code to display targeted ads. If you don't want to see ads based on page views and interest, you can turn off the service at this link.

For more information on the use of cookies, visit allaboutcookies.org, which includes detailed instructions on how to delete cookies from your computer. For information on deleting cookies from your mobile phone, see the manual of your device.

By using this site, you accept the use of technical data and cookies as described above. It is important that these alone cannot be used to identify you and will be deleted after leaving the page according to your browser settings.

XI, Applied law

Legislation governing the data processing performed by the Data Controller:

  • Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR"),

  • Act CXII of 2011 on the right to self-determination regarding information and freedom of information (hereinafter referred to as the “Information Act”),

  •  Act C of 2000 on Accounting (hereinafter referred to as the "Accounting Act"),

  •  Act V of 2013 on the Civil Code (hereinafter: the Civil Code),

  • CLV of 1997 on consumer protection (hereinafter referred to as the “Consumer Protection Act”),

  • CXXXIII of 2005 on the rules for the protection of persons and property and for the activities of private investigators (hereinafter referred to as the “Property Protection Act”).

  • Act CLXXV of 2011 on the right of association, public benefit status and the operation and support of non-governmental organizations

XII, Legal remedy

If you have a request or problem, please contact us and we will try to resolve it as soon as possible. If you are still dissatisfied with something or feel you have been infringed, you can contact the following institutions.

In the case of an alleged violation of the law relating to the processing of your personal data, any Data Subject may also apply to the competent court or the Metropolitan Coutrs in the capital or initiate an investigation with the National Data Protection and Freedom of Information Authority.

  • President: dr. Attila Péterfalvi

  • Address: 1055  Budapest, Falk Miksa utca 9-11

  • Postal address: 1374  Budapest, Pf.: 603.

  • Contact: ugyfelszolgalat@naih.hu, + 36-1-3911400, www.naih.hu

Budapest, May 24, 2018