DATA MANAGEMENT INFORMATION
for Respondants of international survey „Focus areas on social innovation”

The University of Pannonia, the Eötvös Lóránd University, the University of Miskolc and Hálózat a Regionális Fejlesztésért Alapítvány (HÁRFA) as joint data controllers, pursuant to the General Data Protection Regulation 2016/679 of the European Parliament and of the Council („GDPR”) and Act CXXII of 2011 on the Right to Information Self-Determination and Freedom of Information („Act on Information”), informs the respondents of international survey „Focus areas on social innovation” („Data Subject”) about the circumstances of the processing of personal data:

1.THE DATA CONTROLLERS

1.1.    Name: University of Pannonia
Institutional Identifier: FI80554
Headquarters: 8200 Veszprém, 10. Egyetem Street
Website: www.uni-pannon.hu

Correspondence name: Tourism Department, Faculty of Economics
Address for correspondence: 8200 Veszprém, 10. Egyetem Street (building A)
Email: madarasz.eszter@gtk.uni-pannon.hu
Telephone number: +36-88-626-311

Data Protection Officer at the University of Pannonia:
EU-Tender Gazdasági Szaktanácsadó Kft.
Company registration number: 01-09-980262
Tax number: 23830619-2-41
Registered office: 1024 Budapest, 20. Retek Street
Contact: adatvedelem@uni-pannon.hu

Data Protection Contact of the University of Pannonia:
Adrienn Zsargó – Legal Expert, Legal Lecturer
Contact: 8200 Veszprém, 10. Egyetem Street
Phone: +36 (88) 624-000 /6234
E-mail: adatvedelem@uni-pannon.hu

1.2.   Név: Eötvös Lóránd Tudományegyetem
Adószám: 15308744-2-41
Székhely: 1053 Budapest, Egyetem tér 1-3.
Honlap: https://www.elte.hu/

1.3.    Név: Miskolci Egyetem
Adószám: 15308809-4-05
Székhely: 3515 Miskolc Egyetemváros
Honlap: https://www.uni-miskolc.hu/

1.4.     Név: Hálózat a Regionális Fejlesztésért Alapítvány
Adószám: 19331492-2-05
Székhely: 3530 Miskolc, Leiningen Károly u. 3.
Honlap: http://harfaalapitvany.hu/

Data controller defined in 1.1. is eligible for contacting concerned persons.

2. THE LEGISLATION, PRINCIPLES AND CONCEPTS UNDERLYING DATA PROCESSING

2.1. Legislation

2.2. Principles of data management

Personal data must be processed in a lawful and transparent manner, ensuring that natural persons are treated fairly with regard to the processing of personal data relating to them („lawfulness, fairness and transparency”).

Personal data may only be processed for specified lawful purposes, for the exercise of a right and the performance of an obligation. At all stages of processing, the purpose of the processing must be fulfilled and the collection and processing of data must be fair and lawful („purpose limitation”).

Only personal data which is necessary for the purpose of the processing and is adequate for the purpose of achieving that purpose may be processed. Personal data may be processed only to the extent and for the time necessary for the purposes for which they are collected („data minimisation principle” and „limited storage”).

The University must ensure that personal data is accurate and up to date, bearing in mind that inaccurate personal data is corrected („accuracy”).

The University should process personal data in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage („availability, integrity and confidentiality”), by implementing appropriate technical or organisational measures.

2.3. Basic terminology

Personal Data: any information relating to an identified or identifiable natural person („data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special Data:

a) personal data revealing racial or ethnic origin, nationality, political opinions or political party affiliations, religious or other philosophical beliefs, membership of an interest group or membership of a representative body, sex life;

b) personal data concerning health, pathological addiction and personal data concerning criminal offences.

Consent of the data subject: a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she gives his or her consent to the processing of personal data concerning him or her.

Information: the controllers shall inform the data subject, without undue delay and in any event within one month of receipt of the request, whether or not his or her personal data are being processed and, if such processing is taking place, the data subject shall have the right to obtain access to the personal data and to the following information:

Correction: the data subject is entitled to have inaccurate personal data relating to him or her corrected by the controller without undue delay upon request.

Deletion: the data subject shall have the right to obtain from the controllers the erasure of personal data relating to him or her without undue delay, and the controllers shall be obliged to erase personal data relating to him or her without undue delay, if:

Restriction: the data subject has the right to obtain, at his or her request, the restriction of processing by the controllers – indicating the personal data stored – in order to limit their future processing.

Objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the processed data.

Data subject: any specified natural person who is identified or can be identified, directly or indirectly, on the basis of personal data.

Data controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law.

Data processors: a natural or legal person or an unincorporated body which processes data on the basis of a contract with a controller, including a contract concluded pursuant to a legal provision

Third party: a natural or legal person or unincorporated body other than the data subject, the controller or the processor.

Data processing: any operation or set of operations which is performed upon data, whatever the procedure used, in particular any collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data or any prevention of their further use, taking of photographs, sound recordings or images and any other physical means of identification of a data subject (e.g. fingerprints, palm prints, DNA samples, iris scans).

Data Transfer: when the data is made available to a specified third party. Disclosure: when the data is made available to any person.

Erasure: the rendering of data unrecognisable in such a way that it is no longer possible to recover it.

Destruction of data: the total physical destruction of the data medium containing the data. Processing of data: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.

Pseudonymisation: processing of personal data in such a way that it is no longer possible to identify the natural person to whom the personal data relate without further information, provided that such further information is kept separately and technical and organisational measures are taken to ensure that no natural person can be identified or identified with that personal data.

3. CATEGORIES OF PERSONAL DATA PROCESSED

 3.1. Personal data content of the questionnaire

 Personal data will be used only for contacting concerned partners. Occurent personal data are in public databases as institutional data, only these type of database is used. In case of concerned persons, we proceed according to the university / institutional data regulation. The questionnaire survey is realized by using https://limesurvey.gtk.uni-pannon.hu

ABCDEF
Data subjectData categoryData sourcePurpose of data processingLegal basis for data processingDuration of data processing
person applying to participate at the surveynameconcerned
person		identifying the industries/sectors of the respondentsThe data subject's consent in accordance with Article 6(1)(a) GDPRPersonal data will be eliminated after closing data collection, but on 31 December 2024 the latest.
person applying to participate at the surveye-mailconcerned
person		identifying the industries/sectors of the respondentsThe data subject's consent in accordance with Article 6(1)(a) GDPRPersonal data will be eliminated after closing data collection, but on 31 December 2024 the latest.

3.2. Cookie information:

 Cookies are short entries in a special directory on your computer that are used to exchange or archive information.

ABCDEF
Types of cookiesLegal basisPurposeDescriptionExpiryName
Session cookies essential for providing the serviceLegitimate interestensuring proper workflow of the webpagesession ID, users status of the page requestsuntil the end of visitors sessionhash value (Session id)

4. THE SOURCE OF THE DATA PROCESSED

 The data subject is the concerned person.

5. THE PURPOSE OF THE DATA PROCESSING

The Social Innovation National Laboratory (NKFIH-875-2/2020) 5 years long program was launched under the coordination of University of Pannonia.

The main objective of the Social Innovation National Laboratory is to elaborate the national level framework of social innovation. Main goal is to define social innovation and to prepare thematic forums where academic, non-governmental, governmental and industry partners can cooperate in new research and innovation programmes.

One of the main directions of the project is to determine the focus areas of social innovation. The purpose of the questionnaire is to define the focus areas and their characteristics.

By completing the questionnaire, a scientific analysis is carried out on the basis of the responses provided to the Data Controllers.

During analyzing the data, the statistical data that can be extracted on the basis of personal data and responses are managed and processed in a single document.

Once the scientific analysis has been carried out, it is not possible to link the questionnaire data to a specific person.

6. LEGAL BASIS FOR PROCESSING

The data subject’s consent in accordance with Article 6(1)(a) GDPR.

7. DURATION OF DATA PROCESSING

The Data Controller shall process the data provided for a limited period of 5 years from the date of their collection.

8. THE METHOD OF DATA PROCESSING

Personal data will be used by the Data Controllers on the basis of the consent of respondents and used solely for purpose by processing data and information.

Data about concerned persons is gathered from public available sources. The collected data is stored, and forwarded if necessary to conduct the work in a database accessible via password. Personal data is accessible exclusively for those parties who are responsible for data collection, or for persons contacting concerned persons via phone. Personal data will be eliminated after closing data collection, but on 31 December 2024 the latest.

9. DATA PROCESSOR, ACCESS TO THE PERSONAL DATA PROCESSED

Incoming responses are aggregated by the Faculty of Econmics of Unevrsity of Pannonia as a Data Controller and transfer them to the Eötvös Lóránd University, the University of Miskolc and Hálózat a Regionális Fejlesztésért Alapítvány (HÁRFA).

The data serve solely as the basis for statistical analysis, and only anonymised statistical data are published as the results of the survey.

The aggregated results of the survey are published in conferences organised in the topic, special materials, books, publications and on the online channels of Social Innovation National Laboratory.

Data collected in the questionnaire are used only within the project. The information is not transferred to third party outside the consortium of the project.

10. DATA SECURITY

10.1. Rights in relation to the processing of personal data

10.1.1. Right to request information

You may request information from the University in written form, using the contact details provided in section 1, so that the University can inform you:

The University will respond to your request within a maximum of 25 days by letter to the contact details you have provided.

10.1.2. Right to rectification

You may request, in written form, that the University amend any of your personal data (for example, you may change your email address or postal address at any time) by using the contact details provided in section 1. The University will comply with your request within a maximum of 25 days and will notify you by letter to the contact details you have provided.

10.1.3. Right to erasure

You may request the deletion of your personal data by writing to the University using the contact details provided in section 1.

However, where there is no such obligation, the University will comply with your request within a maximum of 25 days and will notify you by letter to the contact details you have provided.

10.1.4. Right to blocking

You may request, in writing, that your personal data be blocked by the University using the contact details provided in section 1. The blocking will last as long as the reason you have given requires the data to be stored.

For example, you may request the blocking of your data if you believe that your submission has been unlawfully processed by the University, but you believe that it is necessary for the purposes of the administrative or judicial proceedings you have initiated that your submission should not be deleted by the University. In such a case, the University will continue to store the personal data (for example, your submission) until the authority or court requests it, after which it will delete the data.

10.1.5. The right to object

You may object in writing, using the contact details provided in Section 1, to the processing of personal data that the University may transfer or use for direct marketing, public opinion polling or scientific research purposes. For example, you may object to the University using your personal data for scientific research without your consent.

You may also object to processing if you consider that the processing is necessary for the sole purpose of complying with a legal obligation or pursuing a legitimate interest pursued by the University, except for processing based on a legal authorisation. For example, you may not object to the transfer of your submission of your personal data to the Archives, together with the case file, under our internal rules on document retention.

10.1.6. Data security measures

The Data Controller shall make every effort to ensure the secure handling and storage of data. The processed data is hosted in a high-availability, reliable dedicated server environment.

11. DATA SUBJECT’S RIGHTS, JUDICAL REMEDIES

11.1. Initiation of legal proceedings

You may bring a civil action against the University in the event of unlawful processing of your personal data. The tribunal has jurisdiction to hear the case. You may also bring the case before the court of your place of residence (for a list of courts and their contact details, please visit http://birosag.hu/torvenyszekek).

11.2. Notification to the authorities

Anyone may lodge a complaint with the National Authority for Data Protection and Freedom of Information (www.naih.hu; 1530 Budapest, Pf.: 5.; phone: +36-1-391-1400; fax: +36-1-391-1410; e-mail: ugyfelszolgalat@naih.hu), in order to initiate an investigation on the grounds that a violation of rights has occurred or is imminent in connection with the processing of personal data or the exercise of the right to access data of public interest or data in the public interest.

11.3. Disconnection

The controller reserves the right to change its privacy notice. In particular, this may occur if required by law. A change in the processing shall not imply a processing of personal data for purposes other than those for which they were intended. The controller shall publish the relevant information on its website 15 days in advance.

In matters not covered by this Information Notice, the provisions of the GDPR and the Infotv. shall apply.

Date: Veszprém, 03. 03. 2022.