Information data protection and processing
- The purpose and scope of this Information
- The purpose of this Information is to lay down those data protection and processing principles and policies used by www.birosag.hu that the National Office for the Judiciary (hereinafter: OBH), as data controller, acknowledges as binding upon itself.
- The present Information contains the principles for processing the personal data provided by Users on the Website.
- When developing the provisions of this Information, particular account was taken of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (‘General Data Protection Regulation’ or ‘GDPR’) and Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (‘Information Act’).
- Data Processing: any operation or the totality of operations performed on the Personal Data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, changing, using, querying, viewing, disclosing, transmitting, disseminating or otherwise making available, aligning or combining, restricting, erasing or destructing Personal Data.
- Data Controller: the party determining the purpose and tools of Processing, either independently or with others.
In the case of the Services referred to by this Information, the following qualifies as Data Controller:
a) National Office for the Judiciary (1055 Budapest, Szalay u. 16.)
The Data Controller is the operator of the website, which primarily provides information services in connection with the operations of the Court and provides the Services accessible via the Website in connection with this main activity.
The Data Processing described in this Information qualifies as processing under the GDPR.
- Personal Data or Data: any information relating to an identified or identifiable natural person.
- Data Processor: the service provider processing Personal Data on behalf of the Data Controller. The Data Processor for the purposes of the services referred to in this Information:
a) National Office for the Judiciary (1055 Budapest, Szalay u. 16.).
- Website: the birosag.hu website operated by the Data Controller.
- Service(s): the services operated and provided by the Data Controller and accessible on the Website.
- Information: the Data Controller's present Data Processing Information.
- The sphere of processed Personal Data
- When the User visits the Website, the Data Controller's system does not automatically record any data that can be linked to the User’s person.
- In connection with use of the services available via the Website, the cookies stored on the User’s computer may automatically record the start and end times of the User’s visit, the User’s IP address, and, in certain cases, depending on the settings on the User’s computer, the type and language of the browser and operating system, the parameters of the User’s device, the settings provided by the user on the Website, the visited sub-pages, and the time spent on those. The Data Controller shall not link and is not able to link these data to Personal Data.
- If the user sends an email (e.g. message) to any Service, the Data Controller records the User’s email address, which it shall process to the degree and for the time necessary for providing the Service. The Data Controller shall delete the email promptly after the Service has been provided.
- The sphere of other data processed by the Data Controller
- The data technically recorded during the course of system operations: the data of the computer used by the User to log on, which data are generated during the use of the Services and which the Data Controller's system records as the automatic results of the technical processes. When logging in and out, the system automatically logs the automatically recorded data, without any separate statement or action required on behalf of the User.
- The purpose and legal basis for Data Processing
- The purpose of the data processing performed by the Data Controller:
- the provision of online content;
- the use of convenience functions;
- handling and managing individual user contacts;
- technical development of the IT system;
- protection of the rights of Users;
- validating the rightful interests of the Data Controller.
- Data Processing is performed on the basis of the User’s statement given freely, beforehand, and after having been provided suitable information, which statement includes the User’s consent for the processing of the Personal Data provided by them during the use of the Website and the Personal Data generated in relation to them. In the case of consent-based data processing, the User is authorised to withdraw consent at any time, which does not affect the legality of the data processing performed prior to the withdrawal.
In addition to the user’s voluntary consent, the Data Controller's significant rightful interest can also form the legal basis for Data Processing as part of and in connection with the provision of content.
- The principles and methods for Data Processing
- The Data Controller processes Personal Data in line with the principles of good faith and fair dealing and of transparency, and in accordance with the provisions of relevant legislation and this Information.
- The Data Controller uses the Personal Data essential for the provision of the Services based on the consent of the given User and only for targeted purposes.
- The Data Controller shall use the Personal Data only for the purposes outlined in this Information and in relevant legislation. The scope of processed Personal Data is proportionate to the purpose of Data Processing and shall not extend beyond the scope of Data Processing.
The Data Controller shall not check the provided Personal Data. The person providing the Personal Data shall be solely liable for its correctness and compliance.
- The Personal Data of persons under 16 may be processed only with the consent of the adult exercising parental responsibility.
The Data Controller is unable to check the authority of the person granting consent and the contents of the provided statement; therefore, the User or the person exercising parental responsibility over the User warrants that the consent given complies with relevant legislation. In absence of a statement of consent, the Data Controller shall not collect Personal Data pertaining to persons under 16, with the exception of the IP address used to access the Service, which is automatically recorded due to the nature of online services.
- The Data Controller shall not disclose to third parties the Personal Data it processes.
An exception under the provision in this point is the statistically aggregated use of data that may not include any data suitable for the identification of the given User in any form and therefore does not qualify as Data Processing or data transfer.
- The Data Controller shall provide for the security of the Personal Data and implement adequate safeguards and appropriate technical and organisational measures to protect the recorded, stored, and processed personal data, and to prevent their accidental loss or unauthorised destruction, access, use, modification, or dissemination.
- The duration of Data Processing
7.1. The Data Controller shall not automatically record any Personal Data suitable for the identification of the User (name, email address, IP address, etc.).
- In the case of emails sent by the User, if the User is not registered on the site, the contacted Data Controller shall delete the email address on the 90th day following the closing of the case referred to in the request, unless the Data Controller’s legitimate interest justifies the continued processing of the Personal Data; in this case, the Personal Data shall be processed until the Data Controller’s legitimate interest ends.
- The Personal Data disclosed by the User shall be processed until the User unsubscribes from the Service with the use of the given user name or otherwise requests the deletion of the Personal Data.
In this case, the Personal Data shall be deleted from the Data Controller's systems.
Even if the User does not unsubscribe from the Service or only terminated the possibility for logging in by deleting the registered account but leaves the comments and data uploaded to the account, the Personal Data provided by the User may be handled by the Data Controller until the time the User expressly requests in writing that their processing to be terminated. The User’s right aimed at the termination of Data Processing without unsubscribing from the Service does not affect the right to receive the Service; however, in absence of Personal data, the User may not be able to use certain Services.
- In the case of the use of unlawful or misleading Personal Data, a crime committed by the User, or an attack against the system, the Data Controller shall be authorised to terminate the User’s registration and promptly delete the User’s Personal Data; however, in case of suspicion of a crime or liability under civil law, the Data Controller is also authorised to store the Personal Data for the duration of the procedure to be held.
- The data automatically generated during the course of system operation and technically recorded are stored in the system from the time of their generation for the duration justified for the purpose of ensuring the operation of the system. With the exceptions required by law, the Data Controller ensures that these automatically recorded data cannot be brought in connection with other Personal Data.
If the User withdraws the consent given for the processing of his/her Personal Data or has unsubscribed from the Service, the person of the User will no longer be identifiable from the technical data, with the exception of investigating authorities and their experts.
- If a court or official body issues a final order for the erasure of the Personal Data, the Data Controller shall perform such erasure. The Data Controller shall, after informing the User, restrict the use of the Personal Data instead of erasing it if so requested by the User, or if there are reasonable grounds to believe that erasure could affect the legitimate interests of the User.
The Data Controller shall not erase Personal Data while the purpose which prevented their erasure is valid.
- The User’s rights and the method validating such rights
- The User may request that the Data Controller provide information on whether it is processing the User’s Personal Data and, if yes, grant access to the Personal Data it processes.
Users may request information at any time on the processing of their Personal Data by sending a registered letter or registered letter with return receipt sent to the Data Controller’s address or an email sent to firstname.lastname@example.org. The Data Controller shall consider the request for information sent by mail to be authentic if the User can be clearly identified on the basis of the submitted request.
- Data processing
- The Data Controller does not utilise the services of a Data Processor for the performance of the activity.
- Third-party service providers
- The Data Controller utilises the services of third-party service providers to provide the Services:
a) Cheppers Szolgáltató Zártkörűen Működő Társaság (1137 Budapest, Szent István körút 22. 3. em. 3.)