Data protection notice | Háttér Society

Data protection notice

The hatter.hu website is operated by Háttér Society. With this statement, the  association informs the visitors of the website and the users of the services provided  by the association about its data processing practices, the organisational and  technical measures taken to protect the data, and the users' options for legal  enforcement. 

1. The data controller 

Háttér Society (head office: 1136 Budapest, Balzac u. 8-10. fszt. 1., registration  number: 11958/1995)

2. The Data Protection Officer 

dr. Tamás Pfiszter, e-mail: adatvedelem@hatter.hu 

3. The scope of the managed data 

When visiting the website, the start and end time of the user's visit is automatically  recorded, and in some cases - depending on the settings of the user's computer – also the browser, operating system data and the IP address of the user, as well as the name of the page from which the user came. The system automatically  generates statistical data from this data. The operator does not link this data with  other personal data, but only uses it to compile statistics. The website sends a  cookie to the visitor's computer. The cookie is necessary, among other things, to  display automatic messages to users. The data controller does not use cookies for  commercial purposes. Anyone can visit the website without having to enter personal  data beyond the technically automated data processing. 

The individual services of the association differ in terms of whether they manage personal data. 

Information and counselling hotline service. No personal data is required to use the service. Telephone and Skype calls are not recorded. The operators do not know the telephone numbers of the callers who connect via the telephone line, but the system  retains a call list containing the telephone numbers and the time of the calls. For  Skype calls, the system displays the user name and/or telephone number of the  caller, for calls via the telephone line, the system stores the call list with the telephone numbers and the time of the calls. A separate data protection notice applies to calls made via the lelkisegely.hatter.hu interface.

Personal counselling service. In order to use the service, it is necessary to provide the user's contact information (email and/or telephone number). The user is not  obliged to enter their real name; they can also use the service under a nickname of  their choice. Enquiries, email communications with users and notes from meetings  are stored by the data controller. 

Legal aid service. In order to use the service, it is necessary to provide the user's  contact information (email and/or telephone number). When calls are made to the  telephone number of the service, the system displays the telephone number and stores a call list containing the telephone numbers and the time of the calls. For legal  information and advice, users are not obliged to provide their real name; they can  also use the service under a nickname of their choice. In order to use higher-level  legal services (drawing up applications and documents, legal representation), it is  also necessary to provide the user's name and other personal data required for the procedure. The processing of special categories of personal data is based on the  express consent of the user of the service. Enquiries and documents created during the handling of the case are stored by the data controller. A separate data protection notice applies to reports made via the jelentsd-a-homofobiat.hu interface. 

HIV Peer Support Service. In order to use the service, it is necessary to provide the  user's contact information (email and/or telephone number). Users are not obliged to  enter their real name, they can also use the service under a nickname of their  choice. Enquiries and email communications with users are stored by the data  controller. The coordinator prepares anonymized statistics on the supporting events. 

HIV Hotline. No personal data is required to use the service. Calls are not recorded. The operators do not know the telephone numbers of the callers, but the system  stores the call list containing the telephone numbers and the time of the calls. 

Newsletters. To use the service, users must enter their email address. The users are  not obliged to enter their real name, they can also use the service under a nickname of their choice. The provision of further personal data is voluntary. 

Events and training courses. In order to participate in some events and training courses, it is necessary to provide personal data (name and contact information) and complete an attendance form. For other events and trainings, the provision of  personal data and the completion of the attendance form is voluntary. Before  participation in the event or training course, the data controller will inform the  participants whether the provision of personal data is required for participation. 

Research. Completion of the online questionnaires is anonymous, and it is not  necessary to provide any information that would allow the person to be identified. All personal data provided by the participants will be anonymised during the research. A  separate data processing information sheet applies to interview research and will be  presented to the participants before the interview begins. 

Correspondence. Háttér Society stores all e-mails, messages and transcripts of  telephone enquiries received not related to other data processing, together with the  name, e-mail address/telephone number, date, time and other personal data  provided in the message.

4. Purpose and legal basis of data  processing 

The time of the visit to the website, the IP address, and the collection and storage of  browser and operating system data are characteristics of the operation of the  system, their management is technically essential, and is carried out exclusively for  statistical purposes. 

The purpose of processing part of the personal data (contact details) provided to the  data controller is to enable the staff of the services operated by the association to  contact the users at their express request. The purpose of processing the other part of the data (demographic data) is to enable the data controller to obtain a more  accurate picture of the social background of the LGBTQI people who come into  contact with the services by analysing of the data obtained in this way. The aim of  the research is to find out the opinions of LGBTQI people and to assess the  knowledge and attitudes of professionals who come into contact with them. The  purpose of processing the data on the attendance lists is to keep the records  required by the funder and the tax authorities. 

The data controller does not process personal data for purposes other than those  described above. 

The legal basis for data processing related to the use of services is that it is either  necessary in order to take the steps requested by the data subject prior entering into  the contract or that it is necessary in order to to fulfill the contract for the provision of  the service. The processing of special categories of personal data is based on the  express consent of the data subject. The legal basis for the processing of the data  on the attendance lists is that it is necessary to fulfill a legal obligation. The legal  basis for data processing in connection with the newsletter and research is the  voluntary consent of the user. 

5. The duration of data processing 

The so-called session IDs which enable the identification of website users are  automatically deleted when the browser is closed. The user can delete their own  cookies at any time. Cookies are automatically deleted after 24 days. 

The data controller deletes the call list of the Skype line of the information and  personal assistance service within 3 months of the call. The data controller deletes  the call lists of the HIV hotline and the legal aid service within 12 months of the call. 

In the case of the personal assistance service and the legal aid service, the personal  data will be deleted by the controller within 5 years after the end of the use of the  service (substantial closure of the case). 

The personal data on the attendance lists will be deleted immediately by the data  controller after the expiry of the retention period required by the funder or after the  expiry of the statutory retention period.

In the case of newsletters, personal data is processed until the user unsubscribes  from the newsletter. The user can do this at any time. 

In the case of correspondence, personal data that is not affected by other data  processing will be deleted by the data controller after a maximum of three years from  the date of communicating the data. 

6. The circle of persons with access to the  data, data processors 

Only the data controller’s employees, volunteers and contractual partners bound to  confidentiality, as well as by the service providers offering storage, email and  document management services, have access to the personal data provided by the  users, as well as to data automatically acquired due to technical operation. The hosting service is provided by 3 in 1 Hosting Bt. (http://megacp.com/), the email and  document management service is provided by Google Cloud EMEA Limited  (http://google.com), the newsletter service is provided by Elastic Email SP Z OO  (https://elasticemail.com). 

The data controller will only disclose personal data to third parties if the user has  given the data controller their express written consent to do so. 

After anonymisation, the data controller prepares analyses of the users of the  services and makes these analyses publicly accessible. The data disclosed does not contain any personal data. 

In the case of data transfers required by law, the data controller examines each  personal data item whether the legal basis for the data transfer actually exists before  fulfilling each official data request, and if necessary, obtains an opinion from the  National Authority for Data Protection and Freedom of Information. 

7. Rights of users in relation to the management of their personal data, erasure of data  

All users are informed about the handling of their personal data. Within 30 days of a  request for access, the data controller shall provide the data subject with written  information about the data it processes, the purpose, legal basis and duration of the  data processing, the name and address (head office) of the data processor and its  activities related to the data processing, as well as who receives or has received the data and for what purpose. Anyone can request this information via the postal  address of the data controller or via the e-mail address hatter@hatter.hu, stating  their postal address.

Users may object to the processing of their personal data and, in this context, may  also request the correction and deletion of their personal data by writing to the postal  address of the data controller or to the e-mail address hatter@hatter.hu

The data controller does not carry out automated decision-making or profiling as part of its data processing. 

8. Options for legal enforcement 

We ask users to contact us if they believe that the data controller has violated their  right to the protection of personal data so that we can remedy the possible violation.  We hereby inform the users that they may assert their claim before a civil court (at  their choice before the competent court of their place of residence or domicile), or  they may also initiate proceedings before the National Authority for Data Protection  and Freedom of Information (head office: 1055 Budapest, Falk Miksa utca 9-11; e mail: ugyfelszolgalat@naih.hu). The detailed legal provisions regarding this and the  obligations of the data controller, are contained in Regulation (EU) 2016/679 on the  protection of natural persons with regard to the processing of personal data and on  the free movement of such data, and repealing Directive 95/46/EC (General Data  Protection Regulation) and in Section 13/A of Act CVIII of 2001 on Electronic  Commerce and on Information Society Services. 

If you have any further questions regarding personal data protection, please send  them to the e-mail address hatter@hatter.hu or contact the Data Protection Officer of  Háttér Society by e-mail (pfiszter.tamas@hatter.hu). 

9. Clause 

The data controller reserves the right to amend its data protection notice. This may  occur in particular if the range of services is expanded or if this becomes necessary  due to a change in legislation or an individual obligation. A change in data  processing may not result in personal data being used for a different purpose. The  data controller will publish the relevant information on its website 15 days in  advance. 

 

Last modified: November 14, 2023.

The sample data protection notice was provided  to us by the Hungarian Civil Liberties Union.

Tag Cloud