International conference by the Public Procurement Authority of Hungary

Privacy policy

Privacy policy concerning data processing in relation to the international conference on 5-6 June 2019, titled Challenges in Sustainable Public Procurements, organised by the Public Procurement Authority of Hungary

 

Data of the controller and its representative:

Public Procurement Authority of Hungary (1026 Budapest, Riadó utca 5.), represented by Csaba Balázs Rigó, President of the Authority

 

Data of the data protection officer:

Tamás Attila Cseh data protection officer, e-mail: dpo@kt.hu; telephone: +36-1-882-85-32.

 

The event related to data management:

The Public Procurement Authority of Hungary organizes an international conference, titled Challenges in Sustainable Public Procurements, on 5-6 June 2019. After a few introducing words and lectures, the followings will be discussed at the conference:

 

  • Public procurement serving sustainability and innovation;
  • Green and innovative solutions;
  • The challenges of innovative procurements;
  • Public procurement remedies and efficiency;
  • Strategic aspects in public procurements.

 

In light of the foregoing, the representatives of the V4 countries, as well as Hungarian and international public procurement experts and chief officials of European Commission will be invited to the event. The official languages of the conference are English and Hungarian, simultaneous interpretation will be provided.

 

The purpose of the data management:

 

Fulfilment of the tasks relating to the participation of the speakers (organization of travel and accommodation):

The Public Procurement Authority organizes the travel and accommodation of the foreign speakers of the conference upon request. In order to obtain the necessary data, the Public Procurement Authority requests the speakers to fill in a registration form. The Public Procurement Authority forwards the requested data to the OTP Travel Ltd. (1051 Budapest, 21 Nádor Street; registration number: 01-09-060469) in order to book the travel and the accommodation, and for this reason the Public Procurement Authority hands out the Privacy policy of the OTP Travel Ltd. to the speakers.

 

Public information:

In order to inform the public about the event, the Public Procurement Authority or the Press officers may take videos/photos (appearing as individuals or in groups) on the attendees of the conferences of the Public Procurement Authority.

These events are considered public events (public appearance), where all records, photos on the attendees or group photos may be taken and used without the expressive consent of the subject (attendee) (Article 2:48. of the Civil Code).  

 

Group images are photos/videos taken to represent the event and from which the individual is not identifiable or recognizable.

 

However, photos or records can also be taken during the event or used later, which are individual portraits, thus these do not qualify as group photos, and the Public Procurement Authority requests the consent of the subject.

 

Tasks relating to the participation of a professional training and the registration of the training points:

The Public Procurement Authority intends to qualify its conferences as a professional training by the minister responsible for public procurements according to the Government Decree No. 217/2017 (31 July) in order to provide training points for the participation. Accordingly, the objective of the data management of the participants and the candidates is that the Public Procurement Authority can duly fulfil its obligations laid down in Government Decree No. 217/2017 (31July), including fulfilment of contact keeping and registration tasks relating to the applications, and recording the attendance sheet proving attendance at the training, and forwarding it to the minister responsible for public procurements. 

 

The range of managed data:

  • personal data provided in the registration form concerning foreign speakers and the curriculum vitae and photo concerning the speakers of the conference;
  • video recordings and photos taken at the conference concerning any participants of the conference;
  • personal identification data, contact details and billing information concerning those requesting training points scores according to Article 2 (2c) of Government Decree No. 217/2017 (31 July);
  • contact details: name, e-mail or telephone number and billing information provided concerning those not requesting training points.


Duration of data management:

The Public Procurement Authority of Hungary manages the data provided by the data subject until the withdrawal of the consent of the data subject, or in the absence thereof, concerning the speakers and attendees until 30 June 2019, excluding billing information (billing name, billing address, tax identification number) provided by the attendee, for which the duration of data management is 8 years.

 

Legal basis of data management:

  • Article 6 (1) a) of the GDPR (voluntary consent of the data subject) concerning the speakers of the conference
  • Article 6 (1) a) of the GDPR (voluntary consent of the data subject) concerning the other attendees of the conference and Article 6 (1) c) of the GDPR (fulfilment of legal obligation) concerning those requesting training points according to Government Decree No. 217/2017 (31 July)
  • Article 6 (1) c) of the GDPR (fulfilment of legal obligation) concerning billing information provided by the conference attendees

 

Addressees of personal data:

The visitors of the website and the Facebook profile of the Public Procurement Authority of Hungary, users of the Daily Public Procurement mobile application, and the readers of the official publications of the Public Procurement Authority of Hungary, and the minister responsible for public procurements concerning the registration data according to Article (2) 2c) of the Government Decree No. 217/2017 (31 July) and the attendance sheet, and OTP Travel Ltd. concerning speakers who requested travel and accommodation arrangements.

 

International data transfer:

Data transfer to foreign countries will not take place from the side of the Public Procurement Authority of Hungary – not including the sending of the official publications of the Public Procurement Authority of Hungary to partner authorities of EU Member States.

The data subject may withdraw his consent as below:

In writing, addressed to the data protection officer of the Public Procurement Authority:

 

  • in email: dpo@kt.hu,
  • via post: 1026 Budapest, Riadó utca 5.

 

The rights of the data subjects

The data subject has the following rights concerning the processing of his personal data:

 

Transparent information

The Public Procurement Authority is obliged to provide the data subject information about the processing of personal data, in compliance with the GDPR. Such obligation is fulfilled by the present privacy policy. Please note that should you have any questions concerning the processing of personal data, you may exercise your right of access.

 

Right of access

The data subject may request information whether the Authority process his personal data and if yes, he may request detailed information from the Authority including

  • for which reasons,
  • which data is processed,
  • what is the source of the personal data,
  • with whom is the data processed disclosed,
  • the period for which the processed data is stored, respectively
  • if data is transferred in the framework of international data transfer, its guarantees, furthermore,
  • repeated information is provided about his rights related to the processing of personal data and that he may also file a complaint at the data protection authority.

 

A copy of the personal data processed is provided to you free of charge upon request.

A reasonable fee may be charged based on administrative costs for further copies. Information is provided electronically upon request.

 

Information may also be provided orally upon request, upon credible documentary evidence of identity.

 

Right to rectification

Inaccurate personal data will be rectified, corrected or complemented upon your request (e.g. if your date of birth is not correct, your email address changed in the meantime, change of name occurred etc.).

 

Right to deletion

You may request us to delete your personal data processed without delay, if

  • the purpose of processing no longer justifies the processing of your data,
  • processing is based on consent and such consent is withdrawn (and there is no additional legal basis for data processing),
  • you object to data processing and there is no overriding legitimate interest for data processing,
  • data was processed unlawfully, or
  • the deletion of data is obligatory under the law.

 

The deletion of data shall not be initiated if data processing is necessary for: exercising the right to the freedom expression and information; the performance of a legal obligation of the Authority or a task carried out in the public interest; public health related or archiving, scientific and historical research purposes, based on the public interest; or the submission, enforcement or protection  of legal claims.

 

Right to restrict data processing

Should you exercise such right and restriction is justified under the law, then we may only store your personal data, however, no further action shall be taken (data shall not be forwarded or structured) – unless you consent to such actions or there is a legal obligation to be fulfilled.

 

When can you exercise such right?

  • Where you contest the accuracy of the personal data stored, for the period during which we review the accuracy of the data.
  • Where we process your personal data unlawfully, nevertheless you request not to delete, but to block such data.
  • Where we do not need your data any more, however, you request to store such data as it is necessary e.g. for exercising your rights in the future.
  • Where you object to processing your personal data, for the period during which we review whether the legitimate interests of the Authority override your legitimate interests.

 

You will be informed in all cases in advance, if in the cases above the restriction of data processing is lifted (e.g. because inaccurate data is rectified or the request for restriction is rejected).

 

Right to data portability

Where data processing is based on the consent of the data subject or it is necessary for contract performance and data processing is automatized, the data subject may request to obtain the personal data concerning him and provided by him to the Authority in a structured, widely used machine readable format and is entitled to forward these data to another controller.

However, the GDPR stipulates that this right shall not be exercised where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 

Right to object

You may object to the processing of personal data due to reasons related to your particular situation, if data processing is based on the legitimate interest of the Authority. Upon your objection we continue data processing only if compelling legitimate grounds justify the processing which override your interests or fundamental rights and freedoms.

Where personal data is processed for direct marketing, public opinion polls or scientific research purposes, you shall have the right to object to such processing at any time. The Authority does not pursue data processing for such purposes upon your objection.

Please be informed that where the Authority process personal data for statistical purposes, you shall not have the right to object, if data processing is need for the performance of a task carried out in the public interest.

 

Right to withdraw the consent

You are entitled to withdraw your consent to data processing at any time.

Please be informed that the withdrawal of consent does not affect the lawfulness of data processing based on the consent prior to the withdrawal.

 

You may exercise your rights as below:

Email:dpo@kt.hu

Via post: the postal address of the seat of the Authority: 1026 Budapest, Riadó u. 5.

 

Procedural rules

Please be advised that you will be informed on the measures taken upon your request without unjustified delay, but in any case, within one month from the receipt of your request. Considering the complexity and number of the requests, if necessary, this deadline may be extended with two months. You will be informed on the extension of the deadline within one month from the receipt of your request.

If you submitted your request electronically, the information will be provided to you electronically (unless preferred otherwise).

Should the Authority not take any measures upon your request, then you will be informed without delay, but within one month from the receipt of your request about the justifying reasons and that you may file a complaint with the National Authority for Data Protection and Freedom of Information and that you may also seek judicial redress.

Please be informed that the Authority provides the information requested free of charge. Should your request be clearly unjustified or excessive, especially considering repetitiveness, then the Authority may charge you a reasonable fee for administrative costs or may reject to take any measures upon your request.

The Authority informs all addressees with whom the personal data was disclosed about the rectification, deletion of personal data or restriction of data processing, unless this proves impossible. You are informed about the addresses upon request.

 

Damages and compensation

The Authority shall reimburse the damages caused by unlawful data processing or violation of data protection requirements. You may claim compensation pursuant to the provisions of the Civil Code upon the violation of your rights relating to personality.

Please be informed that for any damage caused during the processing of your data by the data processor assigned by the Authority, the Public Procurement Authority and the data processor assigned by it or proceeding upon its request, furthermore, the joint controllers and data processors assigned by them or proceeding upon their request

  1. shall be jointly and severally liable to the person concerned, respectively
  2. shall jointly and severally pay the compensation due upon the violation of rights relating to personality to the person concerned.

The Public Procurement Authority shall be exempted from this liability if the damage is caused by a force majeure outside the sphere of data processing.

The Public Procurement Authority shall not pay damages or compensation if the damage or the violation of rights relating to personality is caused by you intentionally or with gross negligence.

 

Right of appeal

 

Complaint to the data protection officer

Should you consider that the Public Procurement Authority violated data protection rules, you may file a complaint to the data protection officer of the Authority, Mr Tamás Attila Cseh. Please submit your complaint to the address below, the data protection officer is obliged to answer it within one month.

Email: dpo@kt.hu

Postal address: 1026 Budapest, Riadó u. 5.

 

Right to judicial redress

Should an infringement occur during exercising your rights concerning the processing of personal data (e.g. you are unable to enforce your rights above, there was no information provided about data processing), you may launch a court procedure. You may launch the court procedure against the Authority either at the competent court of your address or residence, according to your choice. The controller or data processor shall prove in the trial that it proceeded in compliance with the applicable regulations and obligatory legal provisions of the EU law.

 

Data protection authority procedure

Should an infringement occur during exercising your rights concerning the processing of personal data, upon your discretion, you may also contact the National Authority for Data Protection and Freedom of Information.

The contact details of the Authority:

Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Mailing address: 1530 Budapest, Pf.: 5.

 

Automatized decision making

The Public Procurement Authority does not use the processed personal data for automatized decision making.