Privacy policy

Created:

Annex 1 to the Data Management Policy


 

PRIVACY POLICY

ON THE RIGHTS OF THE NATURAL PERSON CONCERNED

REGARDING THE PROCESSING OF YOUR PERSONAL DATA


 

CONTENTS

INTRODUCTION

CHAPTER I - NAME OF THE DATA CONTROLLER

II. CHAPTER I - NAMES OF DATA PROCESSORS

1. Our company's IT service provider

III. CHAPTER IV - ENSURING THE LAWFULNESS OF DATA PROCESSING

1. Data management with the consent of the data subject

2. Data management based on the fulfillment of a legal obligation

3. Promoting the rights of the data subject

ARC. CHAPTER - VISITOR DATA MANAGEMENT ON THE COMPANY'S WEBSITE - INFORMATION ON THE USE OF COOKIES

CHAPTER V - INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED


 

INTRODUCTION

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (hereinafter "the Regulation") provides for the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46, that the Data Controller takes appropriate measures to provide the data subject with all information concerning the processing of personal data in a concise, transparent, comprehensible and easily accessible form, in a clear and comprehensible manner, and that the Data Controller facilitates the exercise of data subject's rights. 

The prior information obligation of the data subject on the right to information self-determination and freedom of information is set out in Act CXII of 2011. also required by law.

We comply with this legal obligation by reading the information below.

The information shall be published on the company's website or sent to the person concerned upon request.


 

CHAPTER I.

NAME OF DATA CONTROLLER

The publisher of this information, as well as the Data Controller:

Company name: University of Novi Sad Faculty of Hungarian Language Teacher Training, Subotica

Headquarters: Serbia, 24000 Subotica, Strossmayer Street 11.

Company registration number: 080670066

Tax number: 101636534

Representative: Prof. dr. Josip Ivanovic

Phone number: +381 24 624-444

Email address:  office@magister.uns.ac.rs

Website: https://magister.uns.ac.rs/

(hereinafter: the Company)


 

II. CHAPTER

NAME OF DATA PROCESSORS

Data processor: any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller; (Article 4 (8) of the Regulation)

The use of a data processor does not require the prior consent of the data subject, but requires his or her information. Accordingly, we provide the following information:

1. Our company's IT service provider

Our company uses a data processor to maintain and manage its website, which provides IT services (hosting services) and, within the framework of our contract with it, manages the personal data provided on the website, the operation is the storage of personal data on the server.

This processor is called:

Company name: ErdSoft doo

Head office: 24000 Subotica, Luja Pastera 5, Serbia

Company registration number: 21354619

Tax number: 110478829

Representative: Dániel Erdudac

Phone number: +381 60 44 60 555

Fax: none

Email address: daniel.erdudac@erdsoft.com      

Website: erdsoft.com


 

III. CHAPTER

ENSURING THE LAWFULNESS OF DATA PROCESSING

1. Data management with the consent of the data subject

(1) If the Company wishes to perform data processing based on consent, the data subject's consent to the processing of his or her personal data shall be requested with the content and information specified in the data request form specified in the data processing regulations.

(2) Consent shall also be deemed to be consent if the data subject tickes a box to this effect when making a visit to the Company's website, makes technical adjustments to it when using information society services, and makes any other statement or action in that context. clearly indicates the data subject's consent to the intended processing of his or her personal data. Silence, a pre-ticked box, or inaction do not therefore constitute consent. 

3. The consent shall cover all data processing activities carried out for the same purpose or purposes. If the data processing serves several purposes at the same time, the consent must be given for all data processing purposes.

4. If the consent of the data subject is given in the form of a written statement relating to other matters, such as the conclusion of a sales or service contract, the request for consent shall be made in a manner clearly distinguishable from those other matters, in a comprehensible and easily accessible form. and in simple language. Any part of such a statement containing the data subject's consent which infringes the Regulation shall not be binding.

(5) The Company may not enter into the conclusion or performance of a contract for the purpose of giving consent to the processing of personal data which is not necessary for the performance of the contract.

(6) Withdrawal of consent should be as simple as giving it.

(7) If personal data have been collected with the consent of the data subject, the data controller may process the recorded data for the purpose of fulfilling the legal obligation applicable to him or her without further consent and after the withdrawal of the data subject's consent, unless otherwise provided by law.


 

2. Data management based on the fulfillment of a legal obligation

(1) In the case of data processing based on a legal obligation, the provisions of the underlying legislation shall apply to the scope of data that can be processed, the purpose of data processing, the duration of data storage and the recipients.

(2) Data processing based on the fulfillment of a legal obligation is independent of the consent of the data subject, as the data processing is defined by law. In this case, the data subject shall be informed before the start of the data processing that the data processing is obligatory and shall be clearly and in detail informed of all facts concerning the processing, in particular the purpose and legal basis of the data processing, the data subject and the data controller, the duration of the data processing, whether the personal data of the data subject are processed by the data controller on the basis of the legal obligation applicable to him or her, and who can get acquainted with the data. The information should also cover the data subject's rights and remedies.

3. Promoting the rights of the data subject

The Company is obliged to ensure the exercise of the rights of the data subject during all data processing.


 

ARC. CHAPTER

VISITOR DATA MANAGEMENT ON THE COMPANY'S WEBSITE - INFORMATION ON THE USE OF COOKIES

1. The visitor to the website must be informed about the use of cookies on the website and, with the exception of technically necessary session cookies, his / her consent must be sought.

2. General information about cookies

2.1. A cookie is a piece of data that a website you visit sends to a visitor's browser (in the form of a variable name value) so that it can store and later load content on the same website. The cookie can be valid, it can be valid until the browser is closed, but it can also be valid indefinitely. Subsequently, for each HTTP (S) request, this information is also sent by the browser to the server. This modifies the data on the user's machine.

2.2. The essence of a cookie is that, by the nature of website services, it is necessary for you to flag a user (e.g., that you have logged in to the site) and be able to handle them accordingly in the following. The danger is that the user is not always aware of this and may be able to be followed by the website operator or other service provider whose content is embedded in the site (eg Facebook, Google Analytics), thus creating a profile. in this case, the content of the cookie is considered personal data.

2.3. Types of cookies:

2.3.1. Technically essential session cookies: without which the site would simply not function functionally, they are used to identify the user, e.g. needed to manage whether you entered, what you put in the cart, and so on. This is typically the storage of a session-id, the rest of the data is stored on the server, making it more secure. It has security implications, if the session cookie value is not generated well, there is a risk of a session-hijacking attack, so it is imperative that these values ​​are generated properly. Other terminology calls a session cookie any cookie that is deleted when you exit the browser (a session is a browser usage from startup to exit).

2.3.2. Usage cookies: This is the name given to cookies that remember the user's choices, such as how the user wants to see the page. These types of cookies essentially represent the setting data stored in the cookie.

2.3.3. Performance cookies: although they do not have much to do with "performance", they are usually called cookies that collect information about the user's behavior, time spent, clicks on the website you are visiting. These are typically third-party applications (e.g. Google Analytics, AdWords, or Yandex.ru cookies). These are suitable for profiling a visitor.

Learn more about Google Analytics cookies here:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Learn more about Google AdWords cookies here:

https://support.google.com/adwords/answer/2407785?hl=en_US 

You can find out more about Facebook cookies here:

https://www.facebook.com/policy/cookies/

You can find out about the Here maps cookies here:

https://legal.here.com/hu-hu/privacy/policy

 

2.4. Acceptance and authorization of the use of cookies is not mandatory. You can reset your browser settings to reject all cookies or to indicate when a cookie is being sent. Although most browsers automatically accept cookies by default, they can usually be changed to prevent automatic acceptance and offer a choice each time.

For information about cookie settings for the most popular browsers, visit the following links
: • Google Chrome:  https://support.google.com/accounts/answer/61416?hl=en
• Firefox:  https://support.mozilla.org/en/kb/sutik -approve-and-disable-what-web-pages
• Microsoft Internet Explorer 11:  http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
• Microsoft Internet Explorer 10:  http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
• Microsoft Internet Explorer 9:  http://windows.microsoft. com / en-us / internet-explorer / delete-manage-cookies # ie = ie-9
• Microsoft Internet Explorer 8: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-8
• Microsoft Edge:  http://windows.microsoft.com/en-us/windows-10 / edge-privacy-faq
• Safari:  https://support.apple.com/en-us/HT201265

However, please note that certain website features or services may not work properly without cookies.


 

3.  Information about the cookies used on the Company's website and the data created during the visit

3.1. Data managed during the visit: Our company's website can record and manage the following data about the visitor and the device used to browse it when using the website:
• IP address used by the visitor,
• type of browser,
• operating system characteristics of the device used for browsing ( language set),
• the date of
the visit , • the page, function or service you are visiting,

• click.

This data is retained for up to 90 days and can be used primarily to investigate security incidents.

3.2. Cookies used on the website

3.2.1. Technically essential session cookies

The purpose of data management is to ensure the proper functioning of the website. These cookies are necessary for visitors to browse the website, to use its functions smoothly and fully, the services available through the website, such as, in particular, to note the visitor's actions on those pages or to identify the logged-in user during a visit. . The duration of the data management of these cookies only applies to the current visit of the visitor, this type of cookies is automatically deleted from your computer when the session is closed or the browser is closed.

The legal basis for this data management is Act CVIII of 2001 on certain issues of electronic commerce services and information society services. Act (Elkertv.) 13 / A. § (3), according to which the service provider may process the personal data that are technically essential for the provision of the service in order to provide the service. If the other conditions are the same, the service provider must choose and in all cases operate the means used in the provision of the information society service in such a way that personal data is processed only if it is necessary for the provision of the service and other purposes specified in this Act. necessary, but in this case only to the extent and for the time necessary.

3.2.1. Useful cookies:

They remember the user's choices, such as what form the user wants the page to see. These types of cookies essentially represent the setting data stored in the cookie.

The legal basis for data management is the visitor's consent.

The purpose of data management: To increase the efficiency of the service, to increase the user experience, to make the use of the website more convenient.

This data is more on the user's computer, the website only accesses and recognizes the visitor. 

3.2.2. Performance cookies:

They collect information about the user's behavior, time spent, clicks within the visited website. These are typically third party applications (e.g. Google Analytics, AdWords).

Legal basis for data processing: consent of the data subject.

The purpose of data management: to analyze the website, to send advertising offers.


 

CHAPTER V.

INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED

I. Brief summary of the data subject's rights:

1. Facilitate transparent information, communication and the exercise of the data subject's rights 

2. Right to prior information - if personal data are collected from the data subject

3. Informing the data subject and the information to be provided if the personal data have not been obtained from him or her by the controller

4. The data subject's right of access

5. Right to rectification

6. Right of cancellation ("right to forget")

7. Right to restrict data processing

8. Obligation to notify in connection with the rectification or erasure of personal data or restrictions on data processing

9. The right to data portability

10. Right to protest

11. Automated decision making in individual cases, including profiling

12. Restrictions

13. Informing the data subject about the data protection incident

14. Right to complain to the supervisory authority (right to an official remedy)

15. The right to an effective judicial remedy against the supervisory authority

16. The right to an effective judicial remedy against the controller or the processor

II. The rights of the data subject in detail:

1. Facilitate transparent information, communication and the exercise of the data subject's rights 

1.1. The controller shall provide the data subject with all information and any information relating to the processing of personal data in a concise, transparent, comprehensible and easily accessible form, in a clear and comprehensible manner, in particular for any information addressed to children. The information shall be provided in writing or by other means, including, where appropriate, by electronic means. Oral information may be provided at the request of the data subject, provided that the identity of the data subject has been otherwise established.

1.2. The controller must facilitate the exercise of the data subject's rights.

1.3. The controller shall, without undue delay, but in any case within one month of receipt of the request, inform the data subject of the action taken on his / her request to exercise his / her rights. This period may be extended by a further two months under the conditions laid down in the Regulation. which the data subject must be informed of.

1.4. If the controller does not take action on the data subject's request, it shall inform the data subject without delay, but no later than one month after receipt of the request, of the reasons for the non-action and of the data subject's right to appeal to a supervisory authority.

1.5. The data controller shall provide the information and information and action on the rights of the data subject free of charge, however, a fee may be charged in the cases provided for in the Regulation.

Detailed rules can be found in Article 12 of the Regulation.


 

2. Right to prior information - if personal data are collected from the data subject

2.1. The data subject has the right to be informed of the facts and information related to the data processing before the data processing starts. In this context, the data subject shall be informed:

a) the identity and contact details of the controller and his representative,

(b) the contact details of the Data Protection Officer (if any); 

c) the purpose of the intended processing of personal data and the legal basis for the processing,

d) in the case of data processing based on the enforcement of a legitimate interest, the legitimate interests of the controller or a third party,

(e) the recipients of the personal data to whom the personal data are communicated and the categories of recipients, if any;

(e) where applicable, the fact that the controller intends to transfer the personal data to a third country or to an international organization.

2.2. In order to ensure fair and transparent data management, the controller shall provide the data subject with the following additional information:

(a) the period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;

(b) the data subject's right to request the controller to access, rectify, delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data and the data subject's right to data portability;

(c) in the case of processing based on the consent of the data subject, the right to withdraw the consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal;

(d) the right to lodge a complaint to the supervisory authority;

(e) whether the provision of personal data is based on a legal or contractual obligation or a precondition for the conclusion of a contract, whether the data subject is obliged to provide personal data and the possible consequences of not providing such data;

(f) the fact of automated decision-making, including profiling, and at least in such cases, the logic used and comprehensible information on the significance of such data processing and the expected consequences for the data subject.

2.3. If the controller intends to carry out further processing of personal data for a purpose other than the purpose for which they were collected, it must inform the data subject of this different purpose and any relevant additional information before further processing.

 The detailed rules for the right to prior information are set out in Article 13 of the Regulation.


 

3. Informing the data subject and the information to be provided if the personal data have not been obtained from him or her by the controller

3.1. If the controller did not obtain the personal data from the data subject, the data subject shall be informed by the data controller no later than one month after the acquisition of the personal data; if the personal data are used for the purpose of contacting the data subject, at least at the time of the first contact with the data subject; or, if the data are expected to be communicated to another recipient, at the latest at the time of the first communication of personal data, the facts and information set out in point 2 above, the categories of personal data concerned and the source and, where applicable, from publicly available sources.

3.2. The additional rules are governed by point 2 above (Right to prior information).

Detailed rules for this information are set out in Article 14 of the Regulation.


 

4. The data subject's right of access

4.1. The data subject has the right to receive feedback from the data controller as to whether the processing of his / her personal data is in progress, and if such data processing is in progress, he / she has the right to access the personal data and the above 2-3. access to the related information described in (Article 15 of the Regulation).

4.2. If personal data are transferred to a third country or to an international organization, the data subject is entitled to be informed of the appropriate guarantees for the transfer in accordance with Article 46 of the Regulation.

4.3. The controller must make a copy of the personal data which are the subject of the processing available to the data subject. For additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. 

The detailed rules for the data subject's right of access are set out in Article 15 of the Decree.


 

5. Right to rectification

5.1. The data subject has the right to have inaccurate personal data concerning him / her rectified at his / her request without undue delay.

5.2. Taking into account the purpose of the data processing, the data subject has the right to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary statement.

These rules are set out in Article 16 of the Regulation.


 

6. Right of cancellation ("right to forget")

6.1. The data subject shall have the right, at the request of the controller, to delete personal data concerning him or her without undue delay, and the controller shall be obliged to delete the personal data concerning him or her without undue delay if:

(a) personal data are no longer required for the purpose for which they were collected or otherwise processed;

(b) the data subject withdraws his or her consent on which the processing is based and there is no other legal basis for the processing;

(c) the data subject objects to the processing and there is no overriding legitimate reason for the processing,

(d) personal data have been processed unlawfully;

(e) personal data must be deleted in order to fulfill a legal obligation under Union or Member State law applicable to the controller;

(f) personal data have been collected in connection with the provision of information society services directly to children.

6.2. The right of cancellation cannot be exercised if data management is required

(a) for the purpose of exercising the right to freedom of expression and information;

(b) for the performance of an obligation under Union or Member State law applicable to the controller or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(c) on grounds of public interest in the field of public health;

(d) for the purposes of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, where the right of erasure would be likely to make it impossible or seriously jeopardize such processing; obsession

e) to submit, assert or defend legal claims.

Detailed rules on the right of cancellation are set out in Article 17 of the Regulation.


 

7. Right to restrict data processing

7.1. Where data processing is restricted, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of making, asserting or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State.

7.2. The data subject has the right to restrict the data processing at the request of the Data Controller if one of the following is met:

(a) the data subject disputes the accuracy of the personal data, in which case the restriction shall apply for a period which allows the Data Controller to verify the accuracy of the personal data;

(b) the processing is unlawful and the data subject opposes the erasure of the data and instead requests that their use be restricted;

c) the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims; obsession

(d) the data subject has objected to the processing; in that case, the restriction shall apply for as long as it is established whether the legitimate reasons of the controller take precedence over the legitimate reasons of the data subject.

7.3. The data subject shall be informed in advance of the lifting of the restriction on data processing.

The relevant rules are set out in Article 18 of the Regulation.


 

8. Obligation to notify in connection with the rectification or erasure of personal data or restrictions on data processing

The controller shall inform all recipients to whom or with whom the personal data have been communicated of any rectification, erasure or restriction of data processing, unless this proves impossible or requires a disproportionate effort. Upon request, the controller shall inform the data subject of these recipients.

These rules are set out in Article 19 of the Regulation.


 

9. The right to data portability

9.1. Under the conditions set out in the Regulation, the data subject has the right to receive personal data concerning him or her made available to a data controller in a structured, widely used machine-readable format and to transfer such data to another data controller without hindering it. the controller to whom the personal data have been made available, if

(a) the processing is based on consent or contract; and

(b) the data processing is automated.

9.2. The data subject may also request the direct transfer of personal data between data controllers.

9.3 . The exercise of the right to data portability shall be without prejudice to Article 17 of the Regulation (Right of cancellation ("right to be forgotten"). This right must not adversely affect the rights and freedoms of others.

The detailed rules are set out in Article 20 of the Regulation.


 

10. Right to protest

10.1. The data subject shall have the right at any time to object to the processing of his or her personal data in the public interest, in the performance of a public task (Article 6 (1) (e)) or in a legitimate interest (Article 6 (f)), including profiling based on those provisions. is. In that case, the controller may not further process the personal data unless the controller demonstrates that the processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which are necessary to bring, assert or defend legal claims. are related.

10.2. Where personal data are processed for the purpose of direct business acquisition, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for that purpose, including profiling, in so far as it relates to direct business acquisition. If the data subject objects to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for this purpose.

10.3. These rights shall be explicitly brought to the attention of the data subject at the latest at the time of first contact and information on this shall be displayed clearly and separately from any other information.

10.4. The data subject may also exercise the right to object by automated means based on technical specifications.

10.5. Where personal data are processed for scientific and historical research or statistical purposes, the data subject shall have the right to object to the processing of personal data concerning him or her on grounds relating to his or her situation, unless such processing is necessary for the performance of a task carried out in the public interest.

The relevant rules are set out in Article 21 of the Regulation.


 

11. Automated decision making in individual cases, including profiling

11.1. The data subject shall have the right not to be covered by a decision based solely on automated data processing, including profiling, which would have legal effects on him or her or would be similarly significant.

11.2. This right shall not apply if the decision:

(a) necessary for the conclusion or performance of a contract between the data subject and the controller;

(b) is governed by Union or Member State law applicable to the controller, which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; obsession

(c) is based on the express consent of the data subject.

11.3. In the cases referred to in points (a) and (c) above, the controller shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention, to express his views and to oppose the decision. file an objection.

Further rules are set out in Article 22 of the Regulation.


 

12. Restrictions

EU or Member State law applicable to the controller or processor may limit the scope of rights and obligations (Articles 12-22, 34, 5 of the Regulation) by legislative measures, provided that the restriction respects the essential content of fundamental rights and freedoms.

The conditions for this restriction are set out in Article 23 of the Regulation.


 

13. Informing the data subject about the data protection incident

13.1. If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject of the data protection incident without undue delay. This information shall clearly and intelligibly describe the nature of the data protection incident and shall include at least the following:

(a) the name and contact details of the data protection officer or other contact person for further information;

(c) a description of the likely consequences of the data protection incident;

(d) a description of the measures taken or planned by the controller to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences arising from the data protection incident.

13.2. The data subject need not be informed if any of the following conditions is met:

(a) the controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular measures such as the use of encryption which make it incomprehensible to persons not authorized to access personal data; make the data;

(b) the controller has taken further measures following the data protection incident to ensure that the high risk to the data subject's right

This site uses cookies to personalize content and ads, to enable social media features and to analyze website traffic. You can read more about the "Show details" button.
This site uses cookies to personalize content and ads on the site.