Integrated Services to Boost Energy Renovation in Hungarian Homes – ‘RenoHUb’ (’action’) (Grant Agreement No 845652)

(www.renohub-h2020.eu)

I. DESCRIPTION OF DATA PROCESSING

Processing of personal data on the website (www.renohub-h2020.eu)  of the Integrated Services to Boost Energy Renovation in Hungarian Homes – ‘RenoHUb’ (’action’) Project

II. NAME OF DATA CONTROLLER

Energiaklub Climate Policy Institute and Applied Communications Association

Short name: Energiaklub Association

Tax ID: 18076592-2-41

Registration Number: 01-02-0006637

Seat: H-1056 Budapest, Szerb u. 17-19

Website: www.energiaklub.hu

Contact: [email protected]

Phone: +36-1-411-35-20

Email: [email protected]

Data Protection Officer: According to Article 37 of the GDPR, the Controller is not required to designate a data protection officer.

Privacy Notice of the Organisation: https://energiaklub.hu/adatkezelesi-tajekoztato

III. LEGAL BACKGROUND OF THE OBLIGATION TO PROVIDE INFORMATION

The purpose of this notice is to inform natural persons visiting or requesting information via the Controller’s homepage about the processing operations concerning them.

This obligation to provide information is governed by

  • Article 13 of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April  27,  2016) on  the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the GDPR);
  • and Article 20 of Act CXII of 2011 on Informational Self-determination and the Freedom of Information (hereinafter referred to as the Privacy Act).

IV. PRINCIPLES OF DATA PROCESSING

The principles relating to the processing of personal data at the Energiaklub Association are laid down in REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April  27,  2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (hereinafter referred to as the GDPR).

  • We process personal data lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  • We process personal data for specified, explicit and legitimate purposes („purpose limitation”);
  • We make sure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
  • We make sure that personal data are accurate and, where necessary, kept up to date;
  • We take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  • Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed;
  • Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with the provisions of the GDPR subject to the implementation of appropriate technical and organisational measures required by this Regulation to safeguard the rights and freedoms of the data subject (‘storage limitation’);
  • We process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’);
  • The Controller shall ensure compliance with applicable regulations and demonstrate compliance (‘accountability’).

Data processing based on consent:

  • The Privacy Notice is written in a clear and plain language and prominently displayed on the website (www.renohub-h2020.eu);
  • Free choice is always granted to the data subject concerning voluntary consent and the right to refuse or withdraw consent and the data subject shall suffer no detriment as a result;
  • Based on information;
  • Data are processed for specific purposes;
  • All grounds of processing are clearly defined;
  • Consent may be withdrawn, and the possibility of withdrawal shall always be communicated by the Controller. It shall be as easy to withdraw as to give consent. If the data subject withdraws his or her consent, the Controller shall no longer process the data subject’s personal data. In the case of withdrawal of consent, the Controller shall arrange for the erasure of data, except when there is other legal ground for the processing of such data;
  • In the case of data processing based on consent, processing of the personal data shall, in principle, be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
  • If the data subject consents to the processing of personal data, it may only be used only for the purposes the data subject has consented to;
  • In some cases, the processing of your data is mandatory based on legal obligation; in such cases, we will draw your attention to that fact. Furthermore, in some cases the processing of your personal data is in the legitimate interest of Energiaklub Association or a third person, such case may be the operation, development or the safety of our website.

V. PERSONAL DATA PROCESSING AREAS OF THE WEBSITE

On the website (www.renohub-h2020.eu), we process your personal data based on your prior notification and voluntary consent only to the extent necessary, and it is limited to purpose.

On the homepage of the Controller (www.renohub-h2020.eu), personal data are processed in the context of the following activities, for which the key processing principles and rules are detailed per data processing area below:

  1. NEWSLETTER, MESSAGING, INQUIRIES
  2. VISITING THE WEBSITE

  1. NEWSLETTER, MESSAGING, INQUIRIES

PURPOSE OF THE PROCESSING:

Deliver services up to the highest standards and provide most comprehensive information about operation of the “845652 Integrated Services to Boost Energy Renovation in Hungarian Homes – ‘RenoHUb’ (’action’)” Project and other services.

The purpose of the processing in case of newsletter service:

Communication and distribution of newsletter (based on consent) about news and services. Energiaklub distributes the newsletter only to persons who opted in.

LEGAL BASIS FOR THE PROCESSING:

The data subject’s voluntary and explicit consent (Article 6 (1) a) of the GDPR).

When requesting information, newsletters or exchanging messages, the data subjects (their legal representatives) expressly declare by ticking the relevant electronic checkbox that they have studied contents of the Privacy Notice (checkbox), accept and consent to have their personal data processed by the Controller as described in the Privacy Notice. The Privacy Notice is published on the homepage, where the user shall explicitly confirm in an electronic format that he or she has studied the contents thereof.

Visitors may opt in to the newsletter on the homepage by ticking the relevant checkbox or pressing the “Subscribe” button according to the sign-on protocol or by other means, paper-based explicit statement. Subscribers may opt out from the newsletter at any time by clicking on the “Unsubscribe” button at the bottom of the newsletter or sending an email or a postal mail to Energiaklub. Opting out shall not be more time-consuming or complex than opting in (typically it is a link or email sent, or any other arrangement that meets the above criteria and does not impose unnecessary additional burden). After withdrawing consent, the data subject may give his or her consent again at any time. It is compulsory to provide an email address when giving consent; in the absence thereof, it is not possible to give consent. It is compulsory to provide an email address when withdrawing consent to ensure identifiability.

Newsletters are handled and distributed by the MAILKITCHEN (email newsletter app) (https://www.mailkitchen.com/en/legal-notice).

DATA SUBJECTS OF THE PROCESSING:

Data subjects requesting information in electronic format under the “Contact/Requests for Information” menu item of the website (www.renohub-h2020.eu) and/or sending messages.

CATEGORIES OF PERSONAL DATA PROCESSED:

As part of providing data, users requesting information and/or sending messages may, on a voluntary basis, disclose the following data:

  1. Email address of the person requesting information and/or sending messages (purpose of the processing: establishing contact and/or sending information). In case of email addresses, no personal data are required. For instance, it is not required to include your name in the email address. You may freely decide whether the email address contains any information indicating your identity.
  2. Name of the person requesting information and/or sending messages (if disclosed by the user) (purpose of the processing: establishing contact, identification)
  3. Subject and content of the message: information considered relevant by the sender

DURATION OF THE PROCESSING:

With regard to messages sent by the data subject via the Controller’s messaging interface (www.renohub-h2020.eu), Personal Data provided shall be subject to the processing until erasure of Personal Data is requested, the relevant consent is withdrawn, or service delivery is completed by the Controller. With regard to closed cases, the Controller shall delete the email address provided in the inquiry on the 90th day following the closing date of the relevant case, unless the individual case, where the further processing of the personal data is a legitimate interest pursued by Energiaklub Association as the Controller until this legitimate interest exists concerning the message in question.

METHOD OF THE PROCESSING:

Electronic data processing, registration of email address in messaging system.

2. VISIT TO WEBSITE

PURPOSE OF THE PROCESSING:

Provide operation of the Controller’s homepage (www.renohub-h2020.eu) according to intended purpose and up to the highest standards; control and improve the quality of their services; identify visitors of our homepage, measure web traffic, prepare statistics.

LEGAL BASIS FOR THE PROCESSING:

Legitimate interests pursued by the Controller (Article 6 (1) f) of the GDPR)

DATA SUBJECTS OF THE PROCESSING:

Visitors of the Controller’s homepage.

PERSONAL DATA PROCESSED:

As part of technical operation, the start and end time of user visits are automatically recorded and, in some cases – depending on the configuration of the user’s computer -, including operating system details and user IP address, name of the site the user arrived from. By using these data, the system automatically generates statistical records to be used only in aggregated and processed form to improve services and to detect potential errors. The operator does not tie these data to other personal data but uses them for statistical purposes only. The website sends cookies to the computers of visitors. Cookies are exclusively used to make user authentication easier. The Controller does not use cookies for commercial purposes.

Anyone can visit the homepage (www.renohub-h2020.eu) without disclosing any personal data other than the automated technical processing of such visits.

DURATION OF THE PROCESSING:

Session IDs are automatically deleted when the browser is closed. The user may delete his or her own cookies at any time. Cookies are automatically deleted depending on browser settings. The Controller stores automatically recorded IP addresses for maximum 7 days after registration.

METHOD OF THE PROCESSING:

Automated data processing

VI. SELECTION OF DATA PROCESSORS

Energiaklub Association uses the following data processors and provides updates on data processor-related changes via the website:

IT support:

János Ferenc Gräfl, private entrepreneur

Seat: H-2092 Budakeszi, Fő u. 172
Registration number: 42421081
Tax ID: 67017955-1-33

Hosting service provider:

Silicium Network Kft
Seat: H-1146 Budapest, Cházár András utca 2 Building ‘A’, 3rd Floor No. 7

Tax ID: 23474178-2-42, HU23474178
Phone: +36709447008

VII. DATA TRANSFERS

No data are transferred concerning homepage-related data processing.

VIII. ORGANISATIONAL AND SECURITY MEASURES DESIGNED TO PROTECT CLIENT DATA

Energiaklub Association protects the personal data of the data subject by appropriate technical and other measures and provides the security and availability of the data; furthermore, we protect them from unauthorised access, modification, damage, disclosure, or any other unauthorised use. Within the framework of technical measures, Energiaklub Association uses encryption, password protection and anti-virus software.

The Controller shall:

deny unauthorised access to equipment used for processing personal data (hereinafter referred to as data processing system);

prevent the unauthorised reading, copying, modification or removal of data media;

prevent the unauthorised input of personal data and the unauthorised access to, modification or deletion of stored personal data;

prevent the use of processing systems by unauthorised persons using data communication equipment;

ensure that persons authorised to use the processing system have access only to the personal data covered by their access authorisation;

ensure that it is possible to verify and establish the recipients to which personal data have been or may be transmitted or made available using data communication equipment;

ensure that it is subsequently possible to verify and establish when by whom and which personal data have been input into the processing system;

prevent the unauthorised access to, copying, modification or deletion of personal data during transfers of personal data or during the transportation of data media;

provide that the processing system may, in the case of interruption, be restored;

ensure that the functions of the processing system perform, that faults affecting functions are reported, and that stored personal data cannot be corrupted by means of a malfunctioning of the system;

To ensure the protection of data sets processed electronically in various records, the Controller and – within the scope of its business activities – the Processor shall use appropriate technical solutions to protect that such data stored in the records may not be directly interconnected and suitable for the identification of the data subject – unless permitted by law;

Personal data provided by users and data automatically obtained as part of the technical operation can only be accessed by staff members of the Controller. Automatically generated data can also be accessed by the hosting service provider (Silicium Network Kft) as the Processor,

The Controller does not disclose personal data to any third parties unless users submitted personal data for this purpose.

IX. RIGHTS OF THE DATA SUBJECT RELATING TO THE PROCESSING

Natural persons with personal data processed by the Controller shall have the following rights:

  • Right of information;
  • Right to rectification;
  • Right to be forgotten;
  • Right to restriction of processing;
  • Right to data portability;
  • Right to object.

The data subject may request the erasure of the personal data if he or she considers the processing unlawful, the processing is no longer necessary in relation to the purposes for which they are processed, or the data must be erased according to legal obligations under Union or Member State legislation. In case of erroneous data capture or change in data, they may request rectification of inaccurate data. The data subject shall have the right to object to the processing of data after service delivery. In this case, we erase his or her personal data, unless we can demonstrate compelling legitimate grounds for the processing which override his or her interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

X. JUDICIAL REMEDIES AVAILABLE TO THE DATA SUBJECT

Energiaklub Association shall process your personal data only in accordance with the provisions of this Privacy Notice and applicable data privacy legislation. However, if you want to lodge a complaint relating to the processing of your personal data or otherwise dissatisfied with the way your data are processed, you have the right to complain to the competent supervisory authority.

According to Article 37 of the GDPR, Energiaklub Association as the Controller is not required to designate a data protection officer, but you may request information concerning the operation of our homepage or personal data processing. You may request information from Energiaklub Association as the Controller on what personal data are processed for what purpose and how or a copy of personal data that we process. To protect the privacy of your personal data, you may exercise your right of disposal and access following prior identification. Consequently, you are kindly asked to send your questions, statements and complaints relating to processing operations to us in writing; if it is not possible for any reason whatsoever, contact us via the email address or phone number listed in this Privacy Notice. Send other inquiries relating to the protection of personal data to [email protected] via email. Our response to your inquiry relating to the processing will be sent to you via the preferred channel without delay within 15 calendar days (but no later than within 30 days). The Controller shall state the reasons for refusing your request.

Should you or the owner of personal data find that within the framework of processing personal data, the Controller breaches provisions of applicable data protection legislation, you may appeal to the locally competent court of justice or the National Authority for Data Protection and Freedom of Information.

Contact details for the National Authority for Data Protection and Freedom of Information:

Seat: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

Email: [email protected]

Website: http://naih-hu

Initiation of court proceedings

If you observe unlawful processing, you may initiate civil action against the Authority. The action falls within the jurisdiction of the general courts. The action may – at your choice – be initiated at the general court for the place where you are domiciled (find the list of general courts and their contact details here: http://birosag.hu/torvenyszekek)