The handling of personal data is carried out in compliance with applicable legal requirements, while taking all necessary security, technical, and organizational measures to ensure the security of personal data.
The public content of our website can be viewed by anyone without registration or login.
For events or activities requiring registration, a separate data management information sheet is available at the designated location on the website.
1. Name of Data Controller
Veszprém Archdiocese (hereinafter referred to as the Data Controller) Headquarters: 8200 Veszprém, Vár u. 16., Mailing address: 8201 Veszprém, Pf.109, Phone number: 06-88-426-088; Email: titkarsag@veszpremiersekseg.hu
2. Name and Contact Information of the Data Protection Officer (DPO)
Dr. Balázs Demeter; email: jog@veszpermiersekseg.hu, phone number: 06-88-220-542
3. Purposes of Data Processing
In accordance with the given contact or case type.
3.1. In the case of visiting the website: Ensuring the proper functioning of the website, distinguishing between the work sessions of users visiting our website, storing the data provided during the visit, and preventing data loss. If cookies are enabled, the operator of the website does not retain any identifiers or passwords.
3.2. In the case of registration for events, the purpose of data processing is to organize participation and maintain contact with the participant.
3.3. In the case of contracts concluded by the Archbishopric, the purpose of data processing is to provide the necessary resources and infrastructure for the effective performance of the Archbishopric’s tasks, as well as to prepare and conclude contracts related to ensuring the operational conditions of the Archbishopric.
3.4. In the case of resumes submitted for job applications, the purpose of data processing is the selection of new employees.
4. Legal basis for Data Processing:
Depending on the type of contact or case, the appropriate legal basis defined in the relevant legislation.
The legal basis for data processing concerning visits to the website, registration for events, and CVs sent for job applications is the consent of the data subjects regarding the protection of personal data and the free movement of such data, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as GDPR) Article 6(1)(a).
The provision of personal data in the CV sent for job application is not based on legal or contractual obligation, it is not a precondition for the conclusion of a contract, and the applicant is not obliged to provide this data. However, without the necessary data, the Archbishopric cannot consider the application for the job advertisement.
In the case of contracts concluded by the Archbishopric, the legal basis for data processing is GDPR Article 6(1)(b), namely, processing is necessary for the performance of a contract to which the data subject is a party or for taking pre-contractual steps at the request of the data subject.
5. Source of processed personal data
The archdiocese obtains the data from the party contacting it.
6. Recipients of personal data, or categories of recipients
The employees designated for handling the specific matter within the archdiocese, solely for the purpose of performing their job duties.
7. Storage period of personal data
In the case of contracts, the archdiocese retains the personal data specified in the contract for 8 years following the relevant year in accordance with the provisions of the Accounting Act. In the case of registrations for events, the data is stored for the duration of the event, and if separate consent is given for further communication, until the withdrawal of consent. The handling of CVs submitted for job applications occurs until the advertised position is filled, or until the applicant withdraws their consent to data processing.
8. Rights of the data subject regarding data processing
8.1. Deadline
The archdiocese will fulfil the request for exercising the data subject's rights within a maximum of 25 days from its receipt. The day of receipt of the request does not count towards this deadline.
8.2. The data subject’s rights related to data processing
8.2.1. Right to access
The data subject is entitled to request information from the archdiocese at the contact details provided in point 1 regarding whether their personal data is being processed, and if so, they have the right to know:
what personal data of theirs is being processed by the archdiocese; on what legal basis; for what purpose of data processing; and for how long it is being processed.
The archdiocese will provide the data subject with a copy of the personal data forming the subject of data processing free of charge upon the first request, thereafter it may charge a reasonable fee based on administrative costs.
In order to fulfil data security requirements and protect the rights of the data subject, the archdiocese is obliged to ensure that the identity of the data subject and the person exercising the access right match. Therefore, providing information, access to data, and issuing copies of data are subject to the identification of the data subject.
8.2.2. Right to rectification
The data subject can request, through the contact details provided in point 1, that the archdiocese amend any of their personal data. If the data subject can credibly prove the accuracy of the corrected data, the archdiocese will fulfil the request within a maximum of 25 days and notify the data subject at the provided contact details.
8.2.3. Right to data blocking (restriction of processing)
The data subject can request the archdiocese to restrict the processing of their personal data through the contact details provided in point 1 (clearly indicating the restricted nature of processing and ensuring separate handling from other data).
8.2.4. Right to object
The data subject can, at any time, object to the processing of their data for reasons related to their particular situation through the contact details provided in point 1, if they believe that the archdiocese is processing their personal data inappropriately concerning the purpose stated in this privacy policy.
8.2.5. Right to erasure
The data subject can request the archdiocese to erase their personal data through the contact details provided in point 1. The archdiocese will promptly erase the personal data upon the data subject's request if:
-
the archdiocese no longer needs the personal data for the purposes for which it collected or processed it;
-
the data subject withdraws their consent, which constitutes the legal basis for data processing, and there is no other legal basis for the data processing;
-
the data subject objects to the processing of their personal data, and the archdiocese has no overriding legitimate grounds for the processing;
-
the archdiocese has unlawfully processed personal data;
-
the personal data has to be erased for compliance with a legal obligation in Union or Member State
law to which the controller is subject
9. Right to judicial remedy
If the data subject thinks that the archdiocese has violated the applicable data protection requirements while processing their personal data, they can:
- lodge a complaint with the Nemzeti Adatvédelmi és Információszabadság Hatóság (Hungarian National Authority for Data Protection and Freedom of Information), address: 1055 Budapest, Falk Miksa utca 9-11., mailing address: 1363 Budapest, Pf. 9., Email: ugyfelszolgalat@naih.hu, website: www.naih.hu), or- seek judicial remedy in order to protect their data, and the court will proceed in the matter out of turn. In this case, the data subject can freely decide whether to file a lawsuit with the court having jurisdiction over their domicile (permanent residence) or place of residence (temporary residence), or with the court having jurisdiction based on the Authority’s headquarters. You can find the court based on your domicile or temporary residence on the website http://birosag.hu/ugyfelkapcsolati-portal/birosag-kereso. The Veszprém District Court has jurisdiction over the case based on the archdiocese’s headquarters.