List of active policies
| Name | Type | User consent |
|---|---|---|
| Site policy | Site policy | All users |
Summary
Centre of Translational Medicine's data management on its elearning platforms
Full policy
DATA PROTECTION INFORMATION
About the Centre of Translational Medicine's (Semmelweis University) data management on its elearning platforms
Semmelweis University (from now on referred to as the University) and its departments pay particular attention to ensuring that in its data processing, the provisions of Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (from now on referred to as the General Data Protection Regulation), the Act on the Right to Information Self-Determination and Freedom of Information of 2011. CXII of 2011 (from now on: "Info tv."), Act XLVII of 1997 on the Management and Protection of Health and Related Personal Data (from now on: "Eüak."), other legislation and the data protection practices developed in the course of the activities of the National Authority for Data Protection and Freedom of Information (from now on: "NAIH").
1. Name of the controller
Name: Semmelweis University
Registered office and mailing address: 1085 Budapest, Üllői út 26.
Representative Dr Béla Merkely, Rector and Dr Lívia Pavlik, Chancellor
Data controller: the Centre of Translational Medicine (from now on referred to as CTM)
Representative Dr Péter Hegyi, Director
Contact name: Dr Andrea Harnos
E-mail address: CTM@semmelweis-univ.hu
Data Protection Officer name: Dr Sára Trócsányi
Contact: adatvedelem@semmelweis-univ.hu
2. Scope and source of personal data processed
The scope of the data processed includes the data collected about you or provided by you on the moodle e-learning interface, in particular: name, e-mail address, Neptun code, application data, academic results, data relating to the performance of work tasks, photo, field of study.
The source of the data is the information you provide and the activity you perform on the interface.
If there are any changes or modifications to the data subject's data during the processing period, please notify the contact person indicated in point 1 without delay.
3. Purpose, legal basis for processing
3.1. To fulfil its public task of education (according to Article 6 (1) (e) of the General Data Protection Regulation), the CTM must ensure the proper functioning of the institution, the exercise of the rights and obligations of applicants and students, and the organisation of training [Nftv. 18 § (1) a), b), c)], the institution shall process data concerning the students' activities related to education and research on the e-learning platforms, in particular their names, e-mail addresses, Neptun codes, completed study tasks and results, and examinations.
3.2. To fulfil its public task of education (according to Article 6 (1) (e) of the General Data Protection Regulation), the CTM must ensure the proper functioning of the institution, the organisation of training and the exercise of the rights of employers, as well as the exercise of the rights and fulfilment of the obligations of teachers, researchers and employees [Nftv. § 18 (1) a), c), d)], the institution processes data on the activities of its employees and other persons in employment relationships related to teaching, the organisation of teaching and research on the e-learning platform, in particular their names, e-mail addresses, work tasks and the results of such tasks.
3.3. With the explicit and voluntary consent of the data subject (Article 6(1)(a) of the General Data Protection Regulation), CTM processes information that the data subject may voluntarily provide, in particular their professional field, position, photograph, to tailor the user account to the user's needs and to inform other users.
3.4. The CTM uses "cookies" to ensure the proper functioning of the website [Article 18(1)(a) of the GDPR] to perform its public task (according to Article 6(1)(e) of the GDPR) and may also use other "cookies" with the explicit and voluntary consent of the data subject (Article 6(1)(a) of the GDPR). The list of 'cookies' used, their purposes and the duration of their processing are summarised in the table in point 7.
4. Duration of processing
In the case of points 3.1. and 3.2. the data management lasts for the period specified in the Nftv, in the case of point 3.3. until the consent is withdrawn or the data is deleted.
5. Data subjects, data processing, data transfer
Access to the data is restricted to staff of the University department whose staff need the data to perform their duties. Confidentiality obligations bind staff members with regard to the personal data they receive.
The University uses the following data processors:
Name: the Translational Medicine Foundation (TMA)
Registered office: 6725 Szeged, Pálfy utca 52/D.
Contact: tmalapitvany@gmail.com
For the storage of your data, the Foundation for the Study of Medicine uses Rackforest Ltd. as an additional data processor. Data of the additional data processor:
Name: Rackforest Ltd.
Address: 1132 Budapest, Victor Hugo utca 11. 5. em. B05001.
Contact: info@rackforest.hu
6. Data security
The
University shall ensure adequate security of the personal data of the subject,
including protection against unauthorised or unlawful processing, accidental
loss, destruction or damage, by implementing appropriate technical and
organisational measures. Further information on the data security measures
applied by the University can be found in the Semmelweis University Data
Protection Policy and Information Security Policy.
7. Used on " Cookiek "
|
"Cookie" name |
Objective of |
Duration of data processing |
Is it essential for the functioning of the website |
|
Preservation of user session state in page requests |
While the session lasts |
||
|
Preservation of user session state in page requests |
During the session |
||
|
Remember your username in case you log in again |
While the user does not delete it. |
8. Rights of data subjects and their exercise
8.1. The data subject shall have the right to access the information referred to in Article 15 of the General Data Protection Regulation (right of access) concerning the processing of personal data concerning them, including in particular the right to be informed by the University that.
▪ which contains your personal data,
▪ for what purpose and on what legal basis,
▪ the source from which it is collected;
▪ what is the intended duration of storage or what are the criteria for determining the duration;
▪ to whom, when, and to which personal data the University has given access or transferred personal data; and
▪ what rights, complaints and remedies the data subject has in relation to the processing.
8.2. The data subject has the right to rectification or correction of inaccurate (incorrect or incomplete) personal data relating to them according to Article 16 of the General Data Protection Regulation (right of rectification).
8.3. The data subject has the right to have their personal data erased (right to erasure) under Article 17 of the General Data Protection Regulation.
▪ the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
▪ where processing is based on consent, the data subject withdraws his or her consent and there is no other legal basis for the processing;
▪ the data subject has effectively objected to the processing on the basis of 7.7;
▪ the personal data have been unlawfully processed;
▪ the personal data must be deleted in order to comply with a legal obligation;
Data will not be deleted if the processing is necessary
▪ for the performance of a legal obligation, or in the exercise of a public task or authority;
▪ to bring, enforce or defend legal claims;
▪ to exercise the right to freedom of expression and information;
▪ on grounds of public interest in the field of public health;
▪ for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes, where the right of erasure would be likely to render such processing impossible or seriously jeopardise it.
8.4. The data subject shall have the right to obtain restriction of the processing of personal data concerning them as provided for in Article 18 of the General Data Protection Regulation (right to restriction) if:
▪ the data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the University to verify the accuracy of the personal data;
▪ the data subject has objected to the processing based on point 7.7; in this case, the restriction shall apply for the period until it is established whether the University upholds the objection.
▪ the processing is unlawful, and the data subject opposes the erasure of the data and instead requests the restriction of their use; or
▪ the University no longer needs the personal data for processing, but the data subject requires them for the establishment, exercise or defence of legal claims.
Personal data subject to restriction, except for storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or an important public interest of the Union or a Member State.
8.5. In the case of processing based on consent, the data subject has the right to withdraw their consent at any time without giving reasons based on Article 7(3) of the General Data Protection Regulation (right to withdraw consent). The withdrawal must be made in writing or in the form in which consent was given. Withdrawal does not affect the lawfulness of the processing before the withdrawal.
8.6. In the case of automated (electronic) processing based on consent or for the performance of a contract, the data subject has the right to receive personal data relating to him or her in a commonly used electronic format or to request the University to transfer the data to another controller, as provided for in Article 20 of the General Data Protection Regulation (right to data portability).
8.7. Where the processing is carried out for the performance of public tasks or in the exercise of public authority, or where processing is based on a balancing of interests, the data subject has the right to object to the processing on grounds relating to his or her particular situation (right to object). the University may no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
8.8. The data subject may exercise their rights free of charge at the contact details of the contact person indicated in point 1 or the Data Protection Officer. In most cases, the exercise of the data subject's rights may require the identification of the data subject, while in some cases (e.g. exercising the right to rectification), the verification of additional data. The University will deal with a request to exercise the right of access within one month at the latest. Where necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months, the extension being notified to the data subject within one month.
9. Complaints and redress
You can make any complaints regarding the processing your data using the contact details provided in point 1 or by contacting the University's Data Protection Officer. If you wish to make a complaint by post, you can do so to the address at 1085 Budapest, Üllői út 26, to the contact person indicated in point 1 or to the Data Protection Officer.
If you consider that you have suffered or are at imminent risk of suffering a legal damage in connection with the processing of your personal data, you may contact the National Authority for Data Protection and Freedom of Information (postal address: 1363 Budapest, Pf. 9. phone: +36 (1) 391-1400, email: ugyfelszolgalat@naih.hu, website: https://naih.hu).
You can also take your data protection rights to court, at your choice, in the courts for the place where you live or stay.