Use of cookies

PRIVACY POLICY
on processing data by cookies on the SSNS’ main website (www.nbsz.gov.hu)

1. Name and address of the controller
Controller: Special Service for National Security (SSNS)
PO Box: 1399 Budapest 62. Pf.: 710.
Tel.: +36-1-325-7672

2. Name and contact of the data protection officer (DPO)
DPO: Tímea Soltész
E-mail: adatvedelmitisztviselo@nbsz.gov.hu

3. The legal basis of processing personal data
– REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data on the free movement of such data, and repealing Directive 95/46/EC (GDPR)

4. Cookie
HTTP cookies utilized by the SSNS are used to improve the data subjects’ web browsing experience. Cookies are text files with small pieces of data (e.g. username and password) that are used to identify the data subjects’ computer as he/she uses a computer network. Data stored in a cookie is created by the server upon the data subject’s connection, and the data is labeled with an ID unique to the subject and his/her device.

5. Function
With the aid of the HTTP cookies information is stored in the data subject’s web browser in order to identify the user upon his/her return to the webpage. Cookies help the administrators to understand the behaviour of the users to determine and develope the most useful part or function of the website.

6. Data collected by HTTP cookies
By visiting the website and clicking the „Accept” button the data subjects consent to use HTTP cookies and the processing of information and data described in this policy. Such data are the data of the user’s device that are generated visiting the website and/or the data that are recorded by the HTTP cookies.
These automatically recorded data are logged by entering and leaving the website without any further consent or any other action of the user. These automatically recorded data will not be combined to any other personal data, so that the user cannot be identified. These data are accessible only for the entitled personnel of the SSNS and third party members who are administrators of the cookies used by the visited website.

7. Types of cookies

Task Details
Cookies for base functions These cookies help to guarantee the proper functioning of the website by activating base functions. The website cannot be operated properly without such cookies.
Cookies for statistics Cookies help the administrators to understand the behaviour of the users to determine and develope the most useful part or function of the website. With these cookies the owner can determine also what contents are liked most by the visitors. These cookies collect only statistical data so that users cannot be identified. This website uses Google Analytics cookies.
Cookies for marketing Marketing cookies are used to target advertising to a user (behavioural targeting). They are often served by third party companies, and track a user across websites.

Details:

Name Description Task Storage period
PHPSESSID Technical cookie to identify routines For base functioning during the routine
wp-wpml_current_language Cookie for the actual language For base functioning 4 days
­_ga Google Analitics cookie For statistical data 18 months
_pk_id* Matomo For statistical data 13 months
_pk_ses* Matomo For statistical data 30 minutes
_ga Google Analytics For marketing data 2 years
_gid Google Analytics For marketing data 24 hours
_dc_gtm_UA-#* Google Tag Manager For marketing data 1 minute
_fbp Facebook Pixel For marketing data 30 days

8. Application of data collected by cookies
The collected data shall not be used to identify data subjects. These data would be combined to any other data in case the data subject gives an explicit consent. In this case the SSNS is entitled to utilize cookies that are capable of identifying statistical data.
These cookies help to guarantee the proper functioning of the website by activating base functions. The website cannot be operated properly without such cookies. To guarantee proper functioning the routines have to be distinguished, the visitors data have to be tracked and the misuse of the website has to be filtered.

9. Settings
According to the default settings of the web browser, use of cookies is enabled. Cookies can be deleted or disabled by the user. Disabling the cookies may result in inproper fuctioning of the website.

10. Disabling the cookies
Web users can consult in the user manual’s of the following websites linked below:
• Mozilla Firefox: Sütik engedélyezése és tiltása, amit a weboldalak használnak beállítások mentésére
• Google Chrome: A cookie-k be- és kikapcsolása
• Microsoft Internet Explorer: Cookie-k törlése és kezelése
• Microsoft Edge: A Microsoft Edge, a böngészési adatok és az adatvédelem
• Apple Safari: Sütik és webhelyadatok kezelése a Mac gép Safari alkalmazásában

11. Security measures
The personal data are processed by SSNS in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.
In case of analogue processing of personal data the data carriers are kept in closed places, and are accessible only for the entitled personnel.
In case of electronical processing of personal data the IT system, the software, and the data itself are only accessible for the entitled personnel only after secure and logged identification measures.

12. Rights of the data subject
12.1. Information to be provided
The controller shall provide the data subject with information about the processed personal data itself, the legal ground, the purpose, the source and the storage period of processing data. In addition to this the controller shall provide the data subject with information about who, and when are allowed to access to data, the types of accessible data, the legal basis of accessibility. Information is demandable wether a data breach is happened with the subject’s data.
The requested information shall be provided by the SSNS within 25 days to the contact address given by the data subject. In order to avoid unauthorised access, before the provision of the requested information, the data subject must be properly identified.

12.2. Right of access by the data subject
The data subject shall have the right to obtain from the controller confirmation as to wether or not personal data concerning him/her are being processed, and, where that is the case, access to the personal data and information (e.g. purpose, legal ground, storage period etc.).
The requested information shall be provided by the SSNS within 25 days to the contact address given by the data subject. In order to avoid unauthorised access, before the provision of the requested information, the data subject must be properly identified.

12.3. Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate data concerning him or her. The data subject shall have the right to have incomplete personal data completed.
The requested rectification is carried out by the SSNS within 25 days and it confirmes the fulfillment to the contact address given by the data subject. In order to avoid unauthorised processing, before the rectification of the requested personal data, the data subject must be properly identified.

12.4. Right to erasure
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him/her without undue delay.
The request of erasure can only be granted if the processing of personal data are no longer necessary based on legal regulation or organisational norm.

The requested rectification is carried out by the SSNS within 25 days and it confirmes the fulfillment to the contact address given by the data subject. In order to avoid unauthorised destruction, before the erasure of the requested personal data, the data subject must be properly identified.

12.5. Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

– the accuracy of the personal data is contested by the data subject;
– the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
– the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
– the data subject has objected to processing pursuant to GDPR Article 21(1)

The equity of the request for restriction shall be examined by the controller. The data subject who has obtained restriction of processing shall be informed in 25 days by the SSNS before the restriction of processing is lifted.

12.6. Right to data portability
The data subject shall have the right to receive the personal data concerning him/her, which he/she has provided to the SSNS, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the SSNS to which the personal data have been provided, where:
– the processing is based on consent on a contract,
– the processing is carried out by automated means.

The equity of the request for transmission shall be examined by the SSNS. In case of acceptance, the controller shall fulfill the request in 25 days and it confirmes the fulfillment to the contact address given by the data subject. In order to avoid unauthorised access/transmission, before the transmission of the requested personal data to the data subject, he/she must be properly identified.

12.7. Right to object
The data subject shall have the right to object, on grounds relating to his/ her particular situation, at any time to processing of personal data concerning him/ her. SSNS shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
In case of acceptance, the controller shall fulfill the request in 25 days and confirmes the fulfillment to the contact address given by the data subject. In order to avoid unauthorised destruction, before the erasure of the relevant personal data of the data subject, he/she must be properly identified.

13. Due process
In case the data subject presumes, that the processing is not GDPR compliant he/she is entitled to request information from the DPO, to file for action by the Hungarian Authority for Data Protection and Freedom of Information, or to bring a lawsuit.
Hungarian Authority for Data Protection and Freedom of Information
Contact: 1055 Budapest, Falk Miksa utca 9-11.
PO Box: 1363 Budapest, Pf. 9.
Website: https://www.naih.hu
E-mail: ugyfelszolgalat@naih.hu
Tele.: +36 (1) 391-1400