Privacy Policy and Information Related to Website Use
The Hungarian Pentacon Museum (headquarters: 2314 Halásztelek, II. Rákóczi Ferenc Street 42), as data controller (hereinafter: "Data Controller"), is committed to the data security of website visitors. This privacy policy (hereinafter: "Policy") summarizes the data management principles and practices applied by the Data Controller. The Data Controller undertakes to conduct its data processing activities in accordance with the provisions of this Policy and the applicable laws.
The purpose of this Policy is to provide information about the data processing carried out by the Data Controller, ensuring transparency and compliance with data security requirements.
This Policy applies to the Hungarian Pentacon Museum's website (hereinafter: "Website") and other websites operated by the Data Controller, as well as to relationships and inquiries made via the Website or by other means with the Data Controller, including the use of services provided on the Website or any websites operated by the Data Controller.
This Policy has been prepared in accordance with applicable data protection laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR), Act CXII of 2011 (on the right of informational self-determination and freedom of information), and other relevant domestic legislation.
The Data Controller reserves the right to update or modify this Policy from time to time. We recommend regularly visiting the Website and following changes.
Last update: 2023.04.11.
Data Processing: The performance of technical tasks related to data management operations, including the place of application.
Data Processor: A natural or legal person who processes personal data on behalf of the Data Controller based on a contract.
Data Management: Any operation performed on personal data, such as collection, storage, use, transfer, deletion, etc.
Data Controller: A natural or legal person who alone or jointly with others determines the purposes and means of data management.
Data Transfer: Making personal data accessible to a specified third party.
Data Subject: The natural person to whom the personal data relate.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council.
Third Party: Anyone other than the Data Subject, the Data Controller, and the Data Processor.
Authority: The National Authority for Data Protection and Freedom of Information.
Consent: The voluntary, specific, and explicit agreement of the Data Subject to the processing of personal data.
Personal Data: Information based on which a natural person can be identified directly or indirectly.
Service: Services provided by the Data Controller on the Website.
The use of services available on the Website, as well as certain pages and links, and the conditions of contact require that visitors ("Visitors" or "Data Subjects") voluntarily provide personal data. Please always read this Policy. Providing data voluntarily means acceptance of this Policy.
For the purpose of providing services and handling necessary communication, the Data Controller may request the following personal data from the Data Subject: name, email address, phone number, mailing address, and other related information.
The Data Controller does not collect or store IP addresses or other data that could identify visitors during visits to the Website, except when necessary for the operation of the Website (e.g., server logging).
The Website contains links to other sites. This Policy does not apply to those sites, and the Data Controller is not responsible for the data management practices of such external sites.
The Data Controller processes personal data based on principles of good faith, fairness, and transparency, and in accordance with applicable laws.
Data are used only for the defined purpose, based on the prior consent of the Data Subject, and must not be used beyond the original purpose.
The Data Controller ensures appropriate protection of personal data through technical and organizational measures to prevent unauthorized access, modification, destruction, or transfer of data.
The Data Controller's data processing aims at the following purposes:
providing online content services;
identifying visitors and maintaining contact with them;
ensuring the use of the services;
preparing statistical analyses;
protecting the rights of visitors;
enforcing the legitimate interests of the Data Controller;
developing the IT system.
The Website is not specifically intended for minors. We do not intentionally collect personal data from persons under the age of 18 except for IP addresses, which are automatically recorded due to the nature of the service.
By providing personal data, the Data Subject declares that they act lawfully and, if necessary, obtains the consent of the minor’s legal representative.
If we become aware that a minor has provided personal data without parental consent, we will delete such data as soon as possible.
VII. Cookie
A cookie is an information package sent by the Website to your computer when you visit the Website, which makes certain services on the Website more conveniently accessible to you. For example, it allows the Website to remember your email address and password on registration pages, so you do not have to enter these data every time you log in, provided you consent to it. The use of cookies helps better understand your preferences. You have the right to enable or disable cookies at any time using your web browser settings or modifying them. You can also configure your browser to notify you with a pop-up window before using cookies. If you do not consent to the use of cookies, some functions of the Website may not be fully available to you. For more information on this topic, numerous articles are available online, for example at http://www.allaboutcookies.org.
The Website uses cookies for the following purposes:
to store user sessions,
to collect statistics,
to store user settings,
to store consent regarding cookies.
You can enable or disable cookies by changing your browser settings. Since the options differ by browser, for further information, please consult your browser's Help menu or contact us for assistance at bakogabor@interspect.hu.
VIII. Legal Basis of Data Processing
The legal basis for processing personal data is the voluntary, prior, informed consent of the Data Subject. The Data Subject may withdraw their consent at any time, and such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
By using the Website and providing personal data, you declare that you have read the current version of this Privacy Notice valid at the time of data provision and voluntarily, explicitly consent to the use of the personal data you provide and data generated about you. You may provide personal data in accordance with applicable data protection laws and guarantee that you have the appropriate and informed consent to transmit such information.
The Data Controller may record the visitor's IP address upon entry to the Website, in connection with providing the service, based on the Data Controller’s legitimate interest and to ensure lawful provision of the service, without the Data Subject’s separate consent.
Data processing related to and within the framework of content services may be based not only on the voluntary consent of the Data Subject but also on the Data Controller’s essential legitimate interest, as well as the fundamental rights to information and freedom of expression, within the limits set by law. If the legal basis for data processing is the Data Controller’s essential legitimate interest, the Data Controller has conducted and may conduct in the future a balancing test in accordance with GDPR provisions, demonstrating that the Data Controller’s legitimate interest in the given data processing outweighs the Data Subject’s rights and freedoms regarding data processing. The Data Controller will provide information to the Data Subject upon request.
IX. Duration of Data Processing
The Data Controller processes the Data Subject's data until the purposes of data processing described above are achieved, or until the Data Subject withdraws their consent or requests deletion.
Data automatically recorded technically by the system during operation are stored in the system for a justified period necessary to ensure the system's operation from the time of their generation. The Data Controller ensures that these automatically recorded data cannot be linked with other personal data, except as required by law.
If a court or authority orders the deletion of personal data by final decision, the Data Controller shall execute the deletion. Instead of deletion—and with the Data Subject’s notification—the Data Controller restricts the use of personal data if the Data Subject requests this or if available information indicates that deletion would harm the Data Subject’s legitimate interest. Personal data shall not be deleted as long as the data processing purpose preventing deletion exists.
X. Use of Data Processors
Data processing may be performed on behalf of the Data Controller by others. The Data Controller may only engage data processors who provide adequate guarantees to comply with the GDPR requirements for data processing and technical and organizational measures ensuring the protection of Data Subjects’ rights. A data processor may not subcontract further data processors without the Data Controller’s prior written authorization.
More detailed information about data processors engaged by the Data Controller is available in the privacy notice on the Hungarian Pentacon Museum's website.
XI. Possibility of Data Transfer
The Data Controller is entitled and obliged to transfer any personal data in its lawful possession to the competent authorities if required by law or binding official order. The Data Controller cannot be held liable for such data transfers or their consequences.
The Data Controller may transfer your data outside your country of residence and outside the European Economic Area. Data is transferred only to third-country companies that ensure an adequate level of data protection.
XII. Data Security
On our website, we take the necessary steps to protect Personal and/or special data transmitted from the computer, particularly to prevent unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as accidental destruction and damage, and to avoid inaccessibility caused by changes in the applied technology. To protect electronically processed data files in various registers, appropriate technical solutions must ensure that data stored in the registers — except where permitted by law — cannot be directly linked or attributed to the data subject.
We inform you that we use data networks protected by appropriate firewalls and password security; however, please note that internet data transmission cannot be perfectly secure or error-free. You are responsible for the security of passwords, identifiers, or other special access methods, except if the damage was caused by the Data Controller through unlawful processing of the Data Subject’s data or by breaching data security requirements.
XIII. The Data Subject’s Rights and Remedies
The Data Subject may request information regarding the Data Processing by sending an email to iroda@ecomosaic.hu or by sending a registered or certified letter to the Data Controller’s above address.
The Data Subject may request to be informed whether the Data Controller processes their Personal Data, and if so, access to the Personal Data processed. The request may cover the scope of the Personal Data processed, their source, the purpose, legal basis and duration of the Data Processing, identification of Data Processors, and activities related to the Data Processing.
The Data Subject may request the correction or modification of their Personal Data processed by the Data Controller. Considering the purpose of the Data Processing, the Data Subject may request the completion of incomplete Personal Data.
The Data Subject may request the deletion of their Personal Data processed by the Data Controller. Deletion may be refused (a) for the exercise of freedom of expression and information rights, or (b) if a legal authorization exists for processing the Personal Data, and (c) for the establishment, exercise or defense of legal claims. In every case of refusal, the Data Controller will inform the Data Subject about the reason for the refusal. After fulfilling a deletion request, the previously deleted data cannot be restored. Newsletters sent by the Data Controller may be unsubscribed via the unsubscribe link contained therein. Upon unsubscribing, the Data Controller deletes the Data Subject’s Personal Data from the newsletter database.
The Data Subject may request that the Data Controller restrict the processing of their Personal Data if the Data Subject disputes the accuracy of the Personal Data. The restriction applies for the duration allowing the Data Controller to verify the accuracy of the Personal Data. The Data Controller marks the Personal Data processed if the Data Subject disputes its accuracy but the inaccuracy cannot be clearly established. The Data Subject may also request restriction if the Data Processing is unlawful but opposes deletion and instead requests limitation of use. The Data Subject may also request restriction if the purpose of the Data Processing has been fulfilled but they require the Data Processing for establishing, exercising, or defending legal claims.
The Data Subject may request that the Data Controller provide the Personal Data they supplied and that is processed automatically in a structured, widely used, machine-readable format and/or transfer it to another data controller.
The Data Subject may object to the processing of their Personal Data (a) if processing is solely for fulfilling a legal obligation of the Data Controller or for the Data Controller’s or a third party’s legitimate interests; (b) if the purpose is direct marketing, opinion polling, or scientific research; or (c) if processing is for the performance of a public interest task. The Data Controller will review the objection’s legitimacy, and if justified, will terminate the processing, block the data, and inform all recipients of the Personal Data of the objection and the measures taken.
We recommend that the Data Subject contact the Data Controller’s staff at bakogabor@interspect.hu for any questions, comments, or complaints before resorting to official or judicial remedies regarding data processing.
In case of violation of their Personal Data rights, the Data Subject is entitled to turn to the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c., phone: +36 (1) 391-1400, fax: +36 (1) 391-1410, email: ugyfelszolgalat@naih.hu).
The Data Subject has the right to go to court in case of rights violation. The court having jurisdiction is the court of the place of residence or habitual residence of the Data Subject, at the Data Subject’s choice.
Date of closing: 2023.04.11.