As of March 15, 2019
Please read this information carefully to understand how we handle your personal information and what your data processing rights are.
The Civil Collegium Foundation as Data Controller regards the content of this legal notice as binding on itself. It undertakes to comply with all requirements for the management of its activities in accordance with the requirements set out in this these rules and the applicable national and European Union legislation. We are committed to protecting your personal information as respecting your right to information self-determination is a priority for us. We treat personal information confidentially and take all security, technical, and organizational measures that are needed to guarantee data security.
The Civil College Foundation provides the following information in accordance with Article 13 of the General Data Protection Regulation of the European Union (Regulation 679/2016, hereinafter: GDPR):
I. Data Controller’s Data:
Name: Civil College Foundation
Headquarters: H-6090 Kunszentmiklós-Kunbábony 37/2.
Registration number: 01-01-0005308
Name of registering court: Metropolitan Court of Budapest
Tax number: 18070008-1-03
Phone Number: (+36) 1/788-3632
Data processor involvement: no data processor is involved.
Foreign data transfer: not applicable.
II. How and Why We Use Your Personal Data
1. Legal Grounds and Objectives
We collect and manage your personal information for contact, providing information, fundraising, statistics and analysis, quality assurance, and mobilization of volunteers, activists and helpers.
In the course of our activity, the handling of your personal data is primarily based on your consent. You can give your consent in the following formats: in writing, electronically, or by any other form of statement or action that clearly indicates your consent to the intended management of your data. The consent covers all data management activities for the same purpose or purposes (Article 6 (1) (a) of GDPR).
We also process data for the purpose of enforcing the legitimate interests of the Data Controller or a third party, including our interest in providing our users with an innovative, personalized and secure service. This also serves as the legal basis for liaising with you (Article 6 (1) (f) of GDPR).
We may also manage your data if it is necessary to comply with our legal obligations; to protect our fundamental interests or the fundamental interests of others; or where necessary for the public interest.
2. Disclosure of the Data and Content You Upload When Using the Community
Public information can be seen by anyone inside and outside the Community, including those who do not have an account. This includes your username and all the information you share with a public target audience, information on your public aPont profile, and content you share in an aPont community or on your public aPont profile. You can control your visibility in the Settings menu item.
We recommend you consider carefully who you share content with, because people who can see your activities on aPont can decide to share it with others inside and outside the Community, including people and companies outside your target audience with whom you have not shared content. For example, if you share a post or send a message to certain friends or accounts, then they can download them, take a screenshot of them, or share those pieces of content with others inside and outside aPont, in person or in virtual reality, such as on aPont domains. Likewise, if you comment on someone else’s post or react to their content, your post or reaction will be visible to anyone who can see the content of that other person, who may as well decide to change their target audience.
People may also use aPont to create and share content about you with the target audience they choose. For example, someone may share a photo of you in a post, mention you or share information about you in their posts or messages. If you are uncomfortable with content shared about you by others, you can report it.
3. Scope of Data Processed While Using the Community
To join the aPont Community, you need to create an account on our website and provide the following information: your first name, last name, and a valid email address. In addition, you can optionally set your profile picture and phone number. Users may at any time freely modify their personal information provided during registration, or permanently delete them from the Community’s public system by deleting their account. We will not keep this data any longer, with only the full name of the deleted user remaining in our internal closed system.
4. Scope of Data Processed for Receiving Our Newsletter
Users can consent to being informed about our activities and campaigns in the future. You can unsubscribe from our newsletter by clicking the “Unsubscribe” link. The purpose of data management in this case is to maintain contact with those interested in our activity.
5. Scope of Other Processed Data
III. Security & Privacy:
1. Technical and Organizational Solutions
2. Data Protection Agreement with our Employees
We assume responsibility for the confidentiality of all written or oral information and data. Appropriate technical and organizational measures and procedures ensure that only authorized persons have access to personal data. These employees, or other employees, sign an agreement on the responsible and confidential handling of personal data based on experience with current data protection laws.
3. Storage Time of Personal Data
Generally speaking, your personal data will be stored for six years from the date of collection. However, if your personal information is no longer necessary for the purposes listed above, or we are no longer legally able to work with them, we will remove them from our database before that date.
The period of storage of personal data in the case of our newsletter is limited to a period of up to 3 years, but we will of course delete them if you withdraw your consent.
4. aPont’s Web Server, Email Notifications, Engine & Bulk and Custom Emails
The web server and email notifications of apont.hu are provided by Hostiso LLC (Hostiso LLC, 350 Main Street, Suite 102, 18th Floor, Buffalo, NY 14202, USA, hostiso.com) through an EU data center (OVH SAS, 2 Rue Kellermann, 59100 Roubaix, France, ovh.com).
HumHub (HumHub GmbH & Co. KG, Johann-Clanze-Straße 28c, 81369 Munich, Germany, humhub.org) is used to operate the community. HumHub is a free open source social networking software written for the Yii PHP framework.
In order to deliver bulk and custom emails (in a spam-free and fast way), we use the SendinBlue email sending service (55 Rue d'Amsterdam, 75008 Paris, France, sendinblue.com).
IV. Your Rights to Your Data & Judicial and Official Procedures
1. Your Rights
Right to information: We take appropriate measures to provide you with all the information referred to in Articles 13 and 14, and Articles 15-22 and 34, of the GDPR on the processing of personal data in a clear, concise, transparent, comprehensible and easily accessible form.
Right of access by the data subject: you are entitled to receive feedback from us whether your personal data is being processed and, if such data processing is underway, to have access to your personal data and the following information: purposes of data management; the categories of personal data involved; recipients and categories of recipients with whom or with which your personal data have been or will be communicated, including in particular third-country recipients or international organizations; planned duration of storage of personal data; the right of rectification, erasure or data management, and the right to object; the right to lodge a complaint with a supervisory authority; information about data sources; instances of automated decision-making, including profiling, as well as information pertaining to the logic used and comprehensible information about the significance of such data management and the expected consequences for the data subject. The controller shall provide the information within a maximum of one month from the submission of the request.
Right of rectification: you may request the rectification of your personal data that we handle.
Right of deletion: you are entitled to delete your personal data concerning you without undue delay if personal data are no longer needed for the purpose for which they were collected or otherwise managed; if you revoke your consent that serves as the ground for data processing, and there is no other legal ground for data management; If you oppose data processing that takes place after an interest weighing and there are no legitimate reasons that weigh heavier than your interest; If the personal data have been processed illegally; if deletion is required to comply with a legal obligation under applicable EU or Hungarian law; if the personal data have been collected in relation to the information society services offered. Deletion of data cannot be initiated if data management is necessary to exercise the right to freedom of expression and the right to information; to fulfill a legal obligation under EU or Hungarian law governing the processing of personal data for the controller, or to perform a task carried out in the public interest or in the exercise of public authority conferred on the controller; for the purpose of archiving, scientific and historical research or for statistical purposes in the public health field, in the public interest; or for the submission, validation or protection of legal claims.
Right to restriction of processing: you may require the restriction of the processing of your personal data concerning you, if one of the following conditions apply: if you dispute the accuracy of your personal information during a period that allows the verification of the accuracy of your personal information; if the processing is illegal and you object to the deletion of your personal data and instead of that require the limitation of the use of personal data; if we no longer need personal data for processing purposes, but you need data for the purpose of asserting, exercising or defending legal rights; if you have objected to data processing; in such cases the restriction applies for the period during which it can be established whether the legitimate reasons of the Data Controller outweigh your reasons. If the processing of personal data has been restricted, this data may be processed - except for their archiving - only with your consent, or to constitute, exercise or defend a right by judicial process or to protect another person or entity’s rights or for reasons of significant public interest of the Union or a Member State.
Right to data transfer: you are entitled to receive the personal data provided to the Data Controller in a structured, widely used, machine-readable format, and to transfer the data to another data controller. Right of objection: you have the right to object at any time to the processing of personal data concerning you for reasons arising from your particular situation, whether the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority conferred on the controller or for the legitimate interests of the controller or a third party, including profiling based on the provisions mentioned above. The Data Controller can no longer processes the personal data unless we can prove compelling grounds for protection for the processing which outweigh the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend legal claims.
Automated decision-making in individual cases, including profiling: you have the right not to be subject to a decision based exclusively on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar manner.
Right of Withdrawal: You are entitled to withdraw your consent at any time.
2. Right to Apply to the Court
In case of a violation of your rights, you can go to court against the data controller. The court shall handle such disputes with priority. You can also initiate a lawsuit before a court with jurisdiction over your permanent or temporary place of residence.
3. Data Protection Authority Procedure
You can lodge a complaint with the National Authority for Data Protection and Freedom of Information:
Name: National Authority for Data Protection and Freedom of Information
Headquarters: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: H-1530 Budapest, Pf .: 5.
Phone: (+36) 1/391-1400
Fax: (+36) 1/391-1410