Default view
Education Students’ secretariat DATA PRIVACY NOTICE

DATA PRIVACY NOTICE

 

 

DATA PRIVACY NOTICE

concerning the processing the personal data of students

of the University of Veterinary Medicine Budapest

 

The University of Veterinary Medicine Budapest (hereinafter: University or Data Controller) is dedicated to protecting and ensuring the integrity of personal data. This Data Privacy Notice gives an overview on how the University processes students’ personal data, what the purpose and legal grounds of the activity are, what security measures are in place to prevent unauthorized persons from accessing the processed personal data of students as well as what rights students have in terms of their personal data and how they can exercise such rights against Data Controller.

Data Controller has prepared and releases this Data Privacy Notice in compliance with the provisions laid out in Regulation (EU) 2016/679 (27 April 2016) of the European Parliament and of the Council (EU) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation or GDPR) as well as Act CXII of 2011 of Hungary on the right to informational self-determination and on the freedom of information (hereinafter: Info Act).

 

A. DATA CONTROLLER

University of Veterinary Medicine Budapest

Institution’s identification code: FI 21261

Registered head office: 1078 Budapest, István u. 2.

P.O. Box: 1400 Budapest Pf. 2.

Phone number: +36-1478-4100

E-mail: [Click to see email]

Represented by: Dr. Péter Sótonyi, Rector

Data Protection Officer: Dr. Gyula Fonyó

Contacts of the Data Protection Officer: [Click to see email], +36-20/932-9144

 

B. PURPOSE OF DATA PROCESSING

With regard to the processing of personal data, the University’s purpose is to fully perform its tasks of public interest and to ensure its proper organizational operation. The other purpose of data processing is to ensure interaction and cooperation between the University and its students, to conduct the University’s administrative affairs in relation with students and perform its tasks connected to student status and relations, remunerations, grants and the enforcement of students’ duties.

 

 C. STUDENT DATA PROCESSED BY THE UNIVERSITY, LEGAL GROUNDS OF DATA PROCESSING

 I. Students’ personal data processed in connection with educational and education organizational affairs

Pursuant to Section I/B of Annex 3 of Act CCIV of 2011 on Hungary’s National Higher Education (hereinafter: Higher Education Act), the University stores and controls the following personal data:

1. Applicants’ data:

Name, né(e), mother’s name, date and place of birth, contacts: address and e-mail address, phone number, occupational health certificate.

Legal grounds: compliance with a legal obligation [GDPR Article 6 (1) c)].

2. Students’ data (active, inactive, cancelled):

On the enrolment form: name, né(e), mother’s name; gender, date and place of birth, citizenship, NEPTUN code, education ID number, contacts: address and e-mail address, phone number, bank account number,  social security number and copy of social security card, tax ID number and copy of tax ID card, data of identity card, high/secondary school certificate, A-level certificate, diploma, data and copies of diploma annex, training contract in case of fee-paying students; type of funding (state scholarship/fee-paying student), academic record books (with photo), applications, resolutions, documents related to preferential treatment for handicapped students, certificate of underprivileged status, death certificate of deceased parents, and data related to scholarships, students applying for student loan, resolutions regarding handicapped students.

Legal grounds: compliance with a legal obligation [GDPR Article 6 (1) c)].

3. Personal data related to student IDs:

Reception of student ID within the organizational unit: name of student, date of receipt, serial number of student ID, the education ID number, name of recipient, date of reception.

Handover of student ID sticker, also within the organizational unit: name of recipient, organizational unit, number and serial number of student ID validation sticker, which semester it pertains to, date of reception; name of person handing out the sticker.

Legal grounds: compliance with a legal obligation [GDPR Article 6 (1) c)].

4. Documents related to the final exam:

Final exam registration forms, discharge form (student’s name and date of birth)

Legal grounds: compliance with a legal obligation [GDPR Article 6 (1) c)].

5. Data of graduates in diploma registry:

Name, né(e), place and date of birth, registration number, education ID number, diploma, diploma annex, printing serial number of academic record book, serial number, grade and date of diploma, date of reception, name and address of recipient.

Legal grounds: compliance with a legal obligation [GDPR Article 6 (1) c)].

6. Documentation of alumni requesting a transcript of their diploma, copies:

Personal data indicated in the diploma.

Legal grounds: compliance with a legal obligation [GDPR Article 6 (1) c)].

II. Personal data required for using library services

Pursuant to Section 57 (1) of Act CLX of 1997, the University’s Hutyra Ferenc Library records the following personal data upon registration:

Name, place and date of birth, mother’s name, postal address, e-mail address, phone number, workplace, profession, identity card or passport number.

Legal grounds: compliance with a legal obligation [GDPR Article 6 (1) c)].

The registration card is also applied for registering visitors to use the cloakroom, the group room and the histological sections.

Legal grounds: compliance with a legal obligation [GDPR Article 6 (1) b)].

III. Pre-enrolment medical examination before the practical semester

In compliance with Ministry of Welfare Decree No. 33/1998 (24 June) on the medical examination and assessment of occupational, professional and personal hygienic suitability, the University’s students must undergo a medical examination before the practical training. The examination is conducted by the assigned physician, as a contracted private entrepreneur.

Legal grounds: compliance with a legal obligation [GDPR Article 6 (1) c)].

IV. Photo board displays of graduates

Upon graduation, the University issues a photo board display, subject to the graduates’ decision. The board display shows the photos, names and graduation year of the students. Subject to the students’ approval, the University puts the board on display in the buildings of the University.

Legal grounds: the students’ consent [GDPR Article 6 (1) a)].

V. Vet card for graduate veterinarians

Graduates receive a vet card from the University.

In order to issue the card, the University needs the following personal data:

Name, mother’s name, date and place of birth, serial number of diploma and a copy thereof, date of diploma, postal address, e-mail address, phone number.

The data are processed by the associates of the Students’ Secretariat and S-Card Ltd as card manufacturer and data processor.

Legal grounds: the graduate student’s consent [GDPR Article 6 (1) a)].

VI. Management of travel affairs

With regard to the management of official travels of persons having a student status at the University, the University’s travel organizer shall process the following personal data:

Name, date of birth of student; number, validity period and place of issuance of identity card or passport; phone number.

Legal grounds: the student’s consent and/or performance of a contract [GDPR Article 6 (1) a) and b)].

 

D. DATA STORAGE AND PLANNED RETENTION PERIOD

The data listed in Chapter C above shall be stored for the periods and in the manner indicated below:

The data listed in Section I are stored in the Neptun data processing system on the University’s computer network. Registration data are recorded in the Poseidon electronic filing system on a protected computer network in compliance with the security regulations laid down in the data and filing policies and the data processing agreement. Paper-based documents are stored in locked filing cabinets by the Students’ Secretariat, then in the University Archives and are destroyed after the expiry of the storage time defined in the effective Filing Policy.

The data listed in Section II are registered in the Huntéka system developed and operated by Monguz Information Technology LLC. Access to the data is regulated by the access authorization settings of the associates working in the library system. The data of readers inactive for at least 12 months are deleted from the system each summer.

The data listed in Section III are securely processed and stored for 30 years under the supervision of the physician conducting the examination. The medical certificates are safeguarded in locked filing cabinets by the Students’ Secretariat. These files are destroyed after the expiry of the storage time defined in the effective Filing Policy.

The board displays defined in Section IV are stored by the University indefinitely.

The personal data indicated in Section V are destroyed by the card manufacturer after the order is delivered. The University stores the data until the cards are revoked.

The personal data described in Section VI are registered electronically in the Central Travel Administration Portal operated by Travel Soft Ltd and are retained for no longer than 8 years after the financial settlement related to the particular travel.

 

E. DATA SECURITY

The University has taken and will continue to take all the appropriate technical and organizational measures which, considering the current development level of science and technology, the costs of implementation, the nature of the particular data processing activity as well as the risks to the freedom and rights of natural persons, guarantee the necessary level of data security appropriate to the extent of the risk.

The personal data shall always be processed confidentially with limited access, in an encrypted form and with the maximum available resistance capability. In the event of a problem, data recoverability is guaranteed. Our system is regularly tested to ensure security.

With regard to determining the appropriate level of security, the University considers the potential risks arising from the data processing activity, especially from the accidental or unlawful destruction, loss, modification as well as unauthorized disclosure of or unauthorized access to the personal data stored or otherwise processed.

 

 F. DATA PROCESSORS

With regard to each data processing activity, we use the services of the following data processors:

Activity Name/Company name Registered head office
Administration of applications for financial hardship funds UVMB Student Council 1078 Budapest, István u. 2.
Administration of applications for on-campus accommodation UVMB Campus Student Committee 1078 Budapest, István u. 2.
University application of the Higher Education Information System (Neptun) Educational Authority 1055 Budapest, Szalay utca 10-14.
Hutyra Ferenc Library reader registry Monguz Információ-technológiai Kft. (”Monguz Information Technology Ltd.”) 6726 Szeged, Jobb fasor 6-10.
Production of vet cards S-Card Kft. (”S-Card Ltd.”) 1033 Budapest, Hévízi út 9/II.
Administration of student travels organized by the University TRAVELSOFT Idegenforgalmi-Számítástechnikai Kft. (”TRAVELSOFT Tourism Information Technology Ltd.”) 1056 Budapest, Belgrád rkp. 21.

 

G. TRANSFER OF PERSONAL DATA

The University shall only transfer the personal data of students to the data processors and data controllers identified in this Data Privacy Notice.

Apart from the above, the processed personal data shall not be transferred to any third party, except for proceedings instituted by a public authority, in which case Data Controller shall transfer the data to and/or allow access for the competent authority as required by law.

Data Controller shall not transfer students’ personal data to any third country and/or international organization other than the Member States of the European Union.

 

H. THE RIGHTS OF STUDENTS AS DATA SUBJECTS

Data subjects, i.e., students may exercise their legal rights via any of the Data Controller’s contacts indicated in this Statement.

Withdrawal of consent:

In case of consent-based data processing, data subjects, i.e., students have the right to withdraw their consent free of charge at any time.

Right to request information (right to access):

Data subjects, i.e., students may request information from the University regarding whether their data are being processed; they may also obtain information as to what data are processed by the Data Controller, on what legal grounds, for what data processing purposes, from what source, for how long; furthermore, which of their personal data were transferred or granted access to whom, under what regulation and when. Students may send their written request for information to [Click to see email] or by mail to the UVMB’s P.O. Box at Állatorvostudományi Egyetem, 1400 Budapest, Pf. 2 and/or to the following address: 1078 Budapest, István u. 2.

Right to rectification:

Data subjects, i.e., students may request the modification or completion of any of their data.

Right to erasure (right to be forgotten):

Data subjects, i.e., students may request the erasure of their personal data if

  1. a) their personal data are no longer necessary in relation to the purposes for which they were processed by the University;
  2. b) the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
  3. c) the data subject, i.e., student objects to the processing and there are no other legitimate grounds for the processing;
  4. d) their personal data have been unlawfully processed;
  5. e) their personal data have to be erased for compliance with a legal obligation to which Data Controller is subject.

Right to restriction of processing:

Data subjects, i.e., students may request the restriction of their personal data if

  1. a) the accuracy of the personal data is contested by the data subject, in this case the restriction applies for a period enabling Data Controller to verify the accuracy of the personal data;
  2. b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. c) Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject, i.e., student for the establishment, exercise or defence of legal claims; or
  4. d) the data subject, i.e., student has objected to processing, pending the verification whether the legitimate grounds of the Data Controller override those of the data subject.

The restriction shall apply as long as the indicated reason necessitates the restriction of the data.

Right to object:

Data subjects, i.e., students may object to their data being processed for public interest or legitimate interests via the contacts indicated herein. In such cases, the University shall no longer process the personal data unless they demonstrate such compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. The Data Controller shall deliberate the objection within the shortest possible time but no later than 15 days after the submission of the request, in order to determine whether it is justified, and send feedback on the decision within 25 days to the data subject’s contacts provided.

If you have further questions regarding the processing of your personal data, do not hesitate to contact the University’s appointed data protection officer, dr. Gyula Fonyó at [Click to see email].

If you wish to file a complaint in connection with the lawful processing of personal data, you can contact the data protection officer or the Head of the Rector’s Office at the following e-mail and postal addresses below: [Click to see email] or  University of Veterinary Medicine Budapest, 1400 Budapest, Pf.: 2 or 1078 Budapest, István u. 2.

Upon such requests from data subjects, the University shall, without undue delay but no later than within 25 days of receipt of the request, inform the affected student as required. The Data Controller performs its duty of informing the data subject via a secure online system.

 

I. LEGAL REMEDY IN RELATION WITH THE DATA PROCESSING:

If the subject’s personal data are processed in a manner that violates the GDPR or the provisions of any other data privacy regulation, the data subject may file a complaint to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).

Contact information of supervisory authority:

Hungarian National Authority for Data Protection and Freedom of Information

Mailing address: 1363 Budapest Pf. 9.

Address: 1055 Budapest, Falk Miksa utca 9-11.

Phone: +36 (1) 391 -1400

Fax: +36 (1) 391 -1410

E-mail: [Click to see email]

URL: https://naih.hu

 

In the event of an infringement of their rights, data subjects, i.e., students may turn to a court. The court shall grant the case an expedited procedure. Data subjects, i.e., students can, in their own discretion, file a lawsuit with the court competent at the data subject’s permanent or temporary place of residence.

Issues not provided for in this Data Privacy Notice shall be governed by the content of the data privacy regulations published on the University’s website.

Budapest, 31 August, 2021

 

UNIVERSITY OF VETERINARY MEDICINE BUDAPEST

Data Controller