Archdiocese of Veszprém

Privacy Policy

The handling of personal data is carried out in compliance with applicable legal requirements, while taking all necessary security, technical, and organizational measures to ensure the security of personal data.

The public content of our website can be viewed by anyone without registration or login.

A specific privacy notice regarding registration for events organized by the Archdiocese of Veszprém and its internal units is available on the website at the location indicated.

1. Name of the data controller

Archdiocese of Veszprém (hereinafter: Archdiocese or Data Controller) Headquarters: 8200 Veszprém, Vár u. 16., postal address: 8201 Veszprém, P.O. Box 109, telephone number: 06-88-426-088; e-mail:titkarsag@veszpremiersekseg.hu

1. Name and contact information of the Data Protection Officer
2. Balázs Demeter; jog@veszpermiersekseg.hu, phone number: 06-88-220-542
3. The purposes of data processing and the scope of personal data processed

In accordance with the given contact or case type.

3.1. In the case of visiting the website: Ensuring the proper functioning of the website, distinguishing between the work sessions of users visiting our website, storing the data provided during the visit, and preventing data loss. If cookies are enabled, the operator of the website does not retain any identifiers or passwords.

Personal data processed: the IP address of visitors to the website.

3.2. In the case of contracts entered into by the Archdiocese, the purpose of data processing is to secure the resources and infrastructure necessary for the effective performance of the Archdiocese’s duties, as well as the preparation and conclusion of contracts related to ensuring the Archdiocese’s operational conditions.

Personal data processed: name, phone number, email address, and, in certain cases, personal identification data.

3.3. In the case of job applications, the purpose of data processing is to conduct the process of selecting new employees and to prepare the employment contract.

Personal data processed: name, phone number, email address, personal identification data, school transcripts, resume.

3.4. In the case of registration for and participation in events organized by the Archdiocese or its internal units, the purpose of data processing is to organize the event, record registrants, the successful execution of the Event, and maintaining contact with participants.

Personal data processed: name, phone number, email address, and possibly home address.

Within a specific range of events, the Photographs and video recordings may be taken of the event, in which case theRecordings may be made of the data subject. In this case, the purpose of the data processing is to document the event, to provide information about the Event, and to make reports on the Event available to a wide audience of interested parties and to the general public.

Pursuant to Section 2:48(2) of Act V of 2013 on the Civil Code, the consent of the data subject is not required for the creation of a recording or the use of a recording in the case of a mass recording or a recording of a public figure’s appearance in public life.

3.5. In the case of data processing for marketing purposes carried out by the Archdiocese’s internal units: sending program information and promotional materials via email or regular mail regarding exhibitions, events, and special offers, with the aim of raising awareness of and promoting the Archdiocese’s internal units’ services and encouraging their use.

Personal data processed: name, phone number, email address, and possibly home address.

In the case of data processing for marketing purposes, instructions on how to unsubscribe from the newsletter or mailing list will be clearly indicated in the email, or, in the case of other forms of communication, in an appropriate manner consistent with the medium used.

3.6. The purpose of data processing within the security camera surveillance system operating in the Archdiocese’s buildings is to protect life and physical safety, safeguard property, ensure and maintain personal safety, and prevent and provide evidence of unlawful acts.

Personal data processed: a photograph of the data subject.

The Archdiocese stores the recordings for 3 days from the date of recording and automatically deletes them thereafter, unless their use is required in an official proceeding pursuant to a directive from the relevant authority.

Access to the recordings is granted to persons authorized to do so under the relevant regulations of the Archdiocese for the purpose of performing their official duties.  

4. 4. Legal basis for Data Processing:

Depending on the type of contact or case, the appropriate legal basis defined in the relevant legislation.

4.1. Consent of the data subject 

Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation) (hereinafter: GDPR), data processing may only take place if the data subject, through a clear affirmative act, such as a written—including electronic—or oral statement, gives their voluntary, specific, informed, and unambiguous consent to the processing of personal data relating to the natural person. Such consent is also deemed to have been given if the data subject checks a box to that effect while viewing a website, as well as any other statement or action that, in the given context, clearly indicates the data subject’s consent to the intended processing of their personal data.

If data processing serves multiple purposes at the same time, consent must be given for all purposes of data processing.

Visiting the website, registering for events, data processing for marketing purposes, and in the case of job applications, the legal basis for data processing is the data subject’s consent pursuant to Article 6(1)(a) of the GDPR.

The provision of personal data included in the application submitted for the position is not based on any legal or contractual obligation, nor is it a prerequisite for entering into a contract; and the applicant is not required to provide this information; however, in such a case, the Archdiocese will not be able to consider the application for the job posting due to the lack of data.

4.2. Legal Basis for the Performance of the Contract 

In the case of contracts entered into by the Archdiocese, the legal basis for data processing is Article 6(1)(b) of the GDPR, meaning that the processing is necessary for the performance of a contract to which the data subject is a party, or is necessary for taking steps at the data subject’s request prior to entering into a contract.

4.3. Legal basis related to legitimate interests

The legal basis for recording footage from the security camera surveillance system is the legitimate interest of the Archdiocese, pursuant to Article 6(1)(f) of the GDPR.

After taking all circumstances into account, the Archdiocese determined that, in the interest of the safety of persons present in the buildings operated by it and its internal units, the maintenance of order in those buildings, and the protection of property—taking into account the short retention period of the recordings, careful data security measures, and the safeguards ensuring the exercise of the data subject’s rights—the operation of the camera surveillance system is lawful. Based on the results of this assessment, the benefits achievable through data processing overall outweigh any potential disadvantages caused by recording and storage, and do not result in a significant infringement of interests.

5. Source of the personal data processed

The archdiocese obtains the data from the party contacting it.

6. 6. Recipients of personal data, or categories of recipients

The employees designated for handling the specific matter within the archdiocese, solely for the purpose of performing their job duties.

Depending on the type and necessity of the data processing in question, the Archdiocese may engage a data processor in accordance with applicable laws; further information on this matter can be provided on a case-by-case basis.

7. Retention period for personal data 

In the case of contracts, the archdiocese retains the personal data specified in the contract for 8 years following the relevant year in accordance with the provisions of the Accounting Act. In the case of registrations for events, the data is stored for the duration of the event, and if separate consent is given for further communication, until the withdrawal of consent. The handling of CVs submitted for job applications occurs until the advertised position is filled, or until the applicant withdraws their consent to data processing.

8. Processing of Minors' Personal Data

In the case of minors under the age of 18, consent, authorization, or approval for the processing of the minor’s personal data must be provided by the parent or legal guardian exercising parental authority over the minor.

9. Data Security

The Data Controller ensures the security of personal data and takes the necessary technical and organizational measures to ensure that the data provided, collected, stored, and processed are protected; furthermore, the Data Controller takes all necessary steps to prevent the destruction, unauthorized use, and unauthorized alteration of such data. The Data Controller shall ensure that access to stored data, whether through an internal system or by direct access, is restricted to authorized persons and is limited solely to the purposes of data processing; ensures the necessary, regular maintenance of the IT equipment used and the appropriate protection of all components of the IT system used with regard to the confidentiality, integrity, and availability of the data.

10. 8. Rights of the data subject regarding data processing 

8.1. Deadline

The archdiocese will fulfil the request for exercising the data subject's rights within a maximum of 25 days from its receipt. The day of receipt of the request does not count towards this deadline.

10.2. The data subject’s rights related to data processing

10.2.1. Right to access

The data subject is entitled to request information from the archdiocese at the contact details provided in point 1 regarding whether their personal data is being processed, and if so, they have the right to know:

what personal data of theirs is being processed by the archdiocese; on what legal basis; for what purpose of data processing; and for how long it is being processed.
The archdiocese will provide the data subject with a copy of the personal data forming the subject of data processing free of charge upon the first request, thereafter it may charge a reasonable fee based on administrative costs.

In order to fulfil data security requirements and protect the rights of the data subject, the archdiocese is obliged to ensure that the identity of the data subject and the person exercising the access right match. Therefore, providing information, access to data, and issuing copies of data are subject to the identification of the data subject.

10.2.2. Right to rectification

The data subject can request, through the contact details provided in point 1, that the archdiocese amend any of their personal data. If the data subject can credibly prove the accuracy of the corrected data, the archdiocese will fulfil the request within a maximum of 25 days and notify the data subject at the provided contact details.

10.2.3. Right to data blocking (restriction of processing)

The data subject can request the archdiocese to restrict the processing of their personal data through the contact details provided in point 1 (clearly indicating the restricted nature of processing and ensuring separate handling from other data).

10.2.4. Right to object

The data subject can, at any time, object to the processing of their data for reasons related to their particular situation through the contact details provided in point 1, if they believe that the archdiocese is processing their personal data inappropriately concerning the purpose stated in this privacy policy.

10.2.5. Right to erasure

The data subject can request the archdiocese to erase their personal data through the contact details provided in point 1. The archdiocese will promptly erase the personal data upon the data subject's request if:

• the archdiocese no longer needs the personal data for the purposes for which it collected or processed it;
• the data subject withdraws their consent, which constitutes the legal basis for data processing, and there is no other legal basis for the data processing;
• the data subject objects to the processing of their personal data, and the archdiocese has no overriding legitimate grounds for the processing;
•  the Archdiocese processed personal data unlawfully;
•  the personal data has to be erased for compliance with a legal obligation in Union or Member State

law to which the controller is subject

11. 11. Right to judicial remedy

If the data subject believes that the Archdiocese has violated applicable data protection requirements in the processing of their personal data, then:
– You may file a complaint with the National Authority for Data Protection and Freedom of Information, address: 1055 Budapest, Falk Miksa Street 9–11, P.O. Box: 1363 Budapest, P.O. Box 9, Email: ugyfelszolgalat@naih.hu, website: www.naih.hu), or

– You have the option of turning to a court to protect your data, which will hear the case on an expedited basis. In this case, you are free to decide whether to file your complaint with the court having jurisdiction over your place of residence (permanent address), your place of stay (temporary address), or the Authority’s headquarters. You can find the court with jurisdiction based on your place of residence or temporary residence at http://birosag.hu/ugyfelkapcsolati-portal/birosag-kereso. Based on the seat of the Archdiocese, the Veszprém Court has jurisdiction over the case.