Privacy policy

PRIVACY POLICY
on processing of personal data of the visitors of SSNS’ main website (www.nbsz.gov.hu)

1. Name and address of the controller
Controller: Special Service for National Security (SSNS)
PO Box: 1399 Budapest 62. Pf.: 710.
Tel.: +36-1-325-7672

2. Name and contact of the data protection officer (DPO)
DPO: Dr. István Rück
E-mail: adatvedelmitisztviselo@nbsz.gov.hu

3. The legal basis of processing personal data
– REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data on the free movement of such data, and repealing Directive 95/46/EC (GDPR)

4. Other legal basis of processing personal data
– Government decree no. 346/2010. (XII. 28.) on the networks for governmental purpose

5. Purpose of processing data
Website management and creating website visitor statistics.

6. Personal data to be processed
The following data of website visitors’ are processed by SSNS:
– date of visit,
– IP address of the visitors’ device,
– the type of the web browser and the operation system (in case of it is enabled on the visitors’ device)
The last two types of data might be processed only for statistical purposes, it will not be combined to any other types of recorded data.

7. Special categories of personal data
None.

8. The legal ground of processing data
Given consent of the data subject (see Cookie policy).

9. Storage period
As per the Cookie policy the maximum storage period is 18 month.

10. The means of processing data
The data are processed and stored only electronically.

11. Access to personal data and transfer of personal data
The National Infocommunications Service Company Ltd. is the contracted processor of data with regard to the management of www.nbsz.gov.hu website.
In addition to this, only the designated personnel of SSNS are entitled to access to personal data.
The processed personal data would be transfered to any other persons or entities only in case of a legal obligation based on other regulations.

12. Security measures
The personal data are processed by SSNS in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.
In case of analogue processing of personal data the data carriers are kept in closed places, and are accessible only for the entitled personnel.
In case of electronical processing of personal data the IT system, the software, and the data itself are only accessible for the entitled personnel only after secure and logged identification measures.

13. Rights of the data subject
13.1. Information to be provided
The controller shall provide the data subject with information about the processed personal data itself, the legal ground, the purpose, the source and the storage period of processing data. In addition to this the controller shall provide the data subject with information about who, and when are allowed to access to data, the types of accessible data, the legal basis of accessibility. Information is demandable wether a data breach is happened with the subject’s data.
The requested information shall be provided by the SSNS within 25 days to the contact address given by the data subject. In order to avoid unauthorised access, before the provision of the requested information, the data subject must be properly identified.

13.2. Right of access by the data subject
The data subject shall have the right to obtain from the controller confirmation as to wether or not personal data concerning him/her are being processed, and, where that is the case, access to the personal data and information (e.g. purpose, legal ground, storage period etc.).
The requested information shall be provided by the SSNS within 25 days to the contact address given by the data subject. In order to avoid unauthorised access, before the provision of the requested information, the data subject must be properly identified.

13.3. Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate data concerning him or her. The data subject shall have the right to have incomplete personal data completed.
The requested rectification is carried out by the SSNS within 25 days and it confirmes the fulfillment to the contact address given by the data subject. In order to avoid unauthorised processing, before the rectification of the requested personal data, the data subject must be properly identified.

13.4. Right to erasure
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him/her without undue delay.
The request of erasure can only be granted if the processing of personal data are no longer necessary based on legal regulation or organisational norm.

The requested rectification is carried out by the SSNS within 25 days and it confirmes the fulfillment to the contact address given by the data subject. In order to avoid unauthorised destruction, before the erasure of the requested personal data, the data subject must be properly identified.

13.5. Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

– the accuracy of the personal data is contested by the data subject;
– the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
– the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
– the data subject has objected to processing pursuant to GDPR Article 21(1)

The equity of the request for restriction shall be examined by the controller. The data subject who has obtained restriction of processing shall be informed in 25 days by the SSNS before the restriction of processing is lifted.

13.6. Right to data portability
The data subject shall have the right to receive the personal data concerning him/her, which he/she has provided to the SSNS, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the SSNS to which the personal data have been provided, where:
– the processing is based on consent on a contract,
– the processing is carried out by automated means.

The equity of the request for transmission shall be examined by the SSNS. In case of acceptance, the controller shall fulfill the request in 25 days and it confirmes the fulfillment to the contact address given by the data subject. In order to avoid unauthorised access/transmission, before the transmission of the requested personal data to the data subject, he/she must be properly identified.

13.7. Right to object
The data subject shall have the right to object, on grounds relating to his/ her particular situation, at any time to processing of personal data concerning him/ her. SSNS shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
In case of acceptance, the controller shall fulfill the request in 25 days and confirmes the fulfillment to the contact address given by the data subject. In order to avoid unauthorised destruction, before the erasure of the relevant personal data of the data subject, he/she must be properly identified.

14. Due process
In case the data subject presumes, that the processing is not GDPR compliant he/she is entitled to request information from the DPO, to file for action by the Hungarian Authority for Data Protection and Freedom of Information, or to bring a lawsuit.

Hungarian Authority for Data Protection and Freedom of Information
Contact: 1055 Budapest, Falk Miksa utca 9-11.
PO Box: 1363 Budapest, Pf. 9.
Website: https://www.naih.hu
E-mail: ugyfelszolgalat@naih.hu
Tele.: +36 (1) 391-1400