Privacy Policy

Privacy Policy

1. The Purpose of this Privacy Policy

The Hungarian Foundation for Corpus Callosum Disorders (AgCC) (hereinafter "the Foundation"), as a Data Controller, recognizes the content of this legal notice as binding upon itself. It undertakes that all data processing related to its activities shall comply with the requirements set out in this policy, in current national legislation, and in the legal acts of the European Union.

The data protection principles related to the Foundation's data processing are continuously available at: https://www.agykeregtest/adatkezelesi-tajekoztato/

The members of the Foundation's Board of Trustees reserve the right to change this policy. Naturally, they will notify their audience of any changes in a timely manner. If you have any questions related to this notice, please write to me.

The Foundation is committed to protecting the personal data of its partners, individuals affected by the disorder, their caregivers, and those interested in the condition. It considers respecting the right of its clients to informational self-determination to be of utmost importance. The Foundation handles personal data confidentially and takes all necessary security, technical, and organizational measures to guarantee data security.

The Foundation describes its data processing practices below:

2. The Data Controller's Details

If you wish to contact the Data Controller, you can do so at keregtestrendellenesseg@gmail.com or by phone at +36 20 289 92 85. 

The Foundation deletes all received emails after a period of 5 years.

Name: The Hungarian Foundation for Corpus Callosum Disorders (AgCC) 

Registered Office: 1124 Budapest, Németvölgyi út 87/C. fsz.2., 

Hungary Tax ID Number: 19340414-1-43 

Email: keregtestrendellenesseg@gmail.com

2.1 Data Protection Officer

  • Name: Eszter Szabóné Katona

  • Email: szabo.esther@gmail.com

3. Scope, Intended Use, and Retention Period of Personal Data Processed

3.1. Personal Data Generally Provided:

  • Name of the affected person or partner

  • Email address of the affected person or partner

  • Residential address or registered office of the affected person or partner - only in cases where the Foundation organizes a conference or wishes to send a product bearing the Foundation's logo to an affected person or their relative.

3.1.1. Data Related to Email Correspondence:

  • Processing Activity: For communication via the provided email address, the Foundation requests the following personal data: name of the affected person or partner, and their email address.

  • Email Service Provider: Gmail: Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

  • Purpose of Use: Establishing contact.

  • Legal Basis for Processing: The consent of the data subject or partner.**

  • Data Retention Period: Until the matter is concluded, or for 1 year from the initial contact.

3.1.2. Data Related to the Facebook Group:

  • Processing Activity: To join the Facebook group, the Foundation requests the following personal data: the name of the affected person, interested party, or partner.

  • Purpose of Use: Information sharing, statistics. The group is private (closed), and conversations within it are visible only to group members.

  • Legal Basis for Processing: The consent of the data subject.**

  • Data Retention Period: Until the member leaves the group.

3.1.3. Facebook Messenger:

  • Processing Activity: Establishing contact. The Foundation does not review the conversation partner's profile for consumer habits or for statistical purposes.

  • Purpose of Use: Providing help, sharing information. The conversation is visible only to the communicating parties.

  • Legal Basis for Processing: The consent of the data subject.**

  • Data Retention Period: Data is automatically stored in the Facebook account, but the Foundation does not use this stored data.

3.2. Technical Data
The Foundation selects and operates the IT tools used for processing personal data in such a way that the processed data is:

  • Accessible to those authorized (availability);

  • Its authenticity and verification are ensured (authenticity of processing);

  • Its integrity can be verified (data integrity);

  • Protected against unauthorized access (data confidentiality).

The Foundation protects data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental destruction.

The Foundation ensures the security of data processing through technical, organizational, and procedural measures that provide a level of protection appropriate to the risks associated with the processing.

During data processing, the Foundation preserves:

  • Confidentiality: Protects information so that only authorized persons can access it.

  • Integrity: Protects the accuracy and completeness of the information and the processing method.

  • Availability: Ensures that when the authorized user needs it, they can genuinely access the desired information and the related tools are available.

3.3. Cookies

3.3.1. The Function of Cookies

  • They collect information about visitors and their devices.

  • They remember visitors' individual settings, which can be used, for example, during online transactions, so they do not have to be re-entered.

  • They facilitate the use of the website.

  • They provide a quality user experience.

To provide customized service, a small data packet, a so-called cookie, is placed on the user's computer and read back during a subsequent visit. If the browser returns a previously saved cookie, the service provider handling the cookie has the opportunity to link the user's current visit with previous ones, but only in relation to its own content.

3.3.2. Strictly Necessary Session Cookies
The purpose of these cookies is to allow visitors to browse the Foundation's website, www.agykeregtest.hu, fully and smoothly, and to use its functions and available services. The validity of these types of cookies lasts until the end of the session (browsing). When the browser is closed, this type of cookie is automatically deleted from the computer or other device used for browsing.

Activity Purpose Legal Basis Retention Period
Website Statistics See point 3.3.3 1 year
Email Contact, Information The data subject's consent** Until the matter is resolved or 1 year from contact
Facebook Group Information, Statistics The data subject's consent** Until leaving the group
Facebook Page Information, Statistics The data subject's consent** Until the "Like" is removed from the Page

The data subject's consent pursuant to Section 5 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Info Act).

4. Purpose, Method, and Legal Basis of Data Processing

4.1. General Data Processing Principles
The data processing activities of the Foundation are based on voluntary consent. In the case of data processing based on voluntary consent, data subjects may withdraw their consent at any stage of the processing.

In certain cases, the processing, storage, and transmission of a range of provided data are made mandatory by law, of which we notify our clients.

We draw the attention of data providers to the Foundation that if they do not provide their own personal data, it is the duty of the data provider to obtain the consent of the data subject.

Our data processing principles are in accordance with current data protection legislation, in particular with the following:

  • Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Info Act);

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR);

  • Act V of 2013 on the Civil Code (Ptk.);

  • Act C of 2000 on Accounting (Számv. tv.);

  • Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (Pmt.);

5. Physical Storage Locations of Data
Your personal data (i.e., data that can be associated with your person) may come into our possession as follows: on the one hand, technical data related to the computer, browser program, internet address, and pages you visit are automatically generated in our computer system in connection with maintaining the internet connection. On the other hand, you may also provide your name, contact information, or other data if you wish to contact us while using the website.

Data technically recorded during the operation of the system: data that is automatically recorded is logged by the system upon opening or closing the window without any separate statement or action from the data subject. This data cannot be linked to other personal user data, except in cases made mandatory by law. Only the Board of Trustees of the Foundation has access to this data.

6. Data Transfer, Data Processing, Scope of Persons Who May Access the Data
Only the Board of Trustees of the Foundation has access to the data, and it is not transferred.

7. Rights of the Data Subject and Legal Remedies
The data subject may request information about the processing of their personal data, request the rectification of their personal data, and—except for mandatory data processing—request its erasure or withdrawal, and exercise their right to data portability and objection in the manner indicated at the time of data collection or via the controller's contact details above.

7.1. Right to Information
The Foundation takes appropriate measures to provide data subjects with all information mentioned in Articles 13 and 14 of the GDPR and all communications under Articles 15-22 and 34 regarding the processing of personal data in a concise, transparent, intelligible, and easily accessible form, using clear and plain language.

7.2. Right of Access by the Data Subject
The data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning them is being processed. If such processing is underway, they are entitled to access the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be stored; the right to rectification, erasure, or restriction of processing, and the right to object; the right to lodge a complaint with a supervisory authority; information on the data sources; and the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. The controller shall provide the information within a maximum of one month from the submission of the request.

7.3. Right to Rectification
The data subject may request the rectification of inaccurate personal data concerning them processed by the Foundation and the completion of incomplete data.

7.4. Right to Erasure ('Right to be Forgotten')
The data subject has the right to obtain from the Foundation the erasure of personal data concerning them without undue delay if one of the following grounds applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

  • The data subject withdraws the consent on which the processing is based, and there is no other legal ground for the processing.

  • The data subject objects to the processing, and there are no overriding legitimate grounds for the processing.

  • The personal data have been unlawfully processed.

  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

  • The personal data have been collected in relation to the offer of information society services.
    Data erasure cannot be initiated if the processing is necessary for: exercising the right of freedom of expression and information; compliance with a legal obligation requiring processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; reasons of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes; or for the establishment, exercise, or defense of legal claims.

7.5. Right to Restriction of Processing
At the request of the data subject, the Foundation shall restrict processing if one of a series of conditions is met:

  • The accuracy of the personal data is contested by the data subject, in which case the restriction applies for a period enabling the verification of the accuracy of the personal data.

  • The processing is unlawful, and the data subject opposes the erasure of the data and requests the restriction of their use instead.

  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.

  • Or the data subject has objected to the processing; in this case, the restriction applies for the period until it is verified whether the legitimate grounds of the controller override those of the data subject.
    If processing is restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

7.6. Right to Data Portability
The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller.

7.7. Right to Object
The data subject has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them which is based on processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling (remarketing) based on those provisions. In case of an objection, the controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

7.8. Automated Individual Decision-Making, Including Profiling (Remarketing)
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

7.9. Right to Withdraw Consent
The data subject has the right to withdraw their consent at any time.

7.10. Right to Turn to the Courts
In the event of a violation of their rights, the data subject may take the controller to court. The court shall act on the matter out of turn.

7.11. Data Protection Authority Procedure
Complaints can be lodged with the National Authority for Data Protection and Freedom of Information:

  • Name: National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)

  • Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C., Hungary

  • Mailing Address: 1530 Budapest, Pf.: 5.

  • Phone: +36 1 391 1400

  • Fax: +36 1 391 1410

  • Email: ugyfelszolgalat@naih.hu

  • Website: https://naih.hu/

8. Other Provisions
Information on data processing not listed in this policy will be provided at the time of data collection.

We inform our clients that courts, prosecutors, investigative authorities, misdemeanor authorities, administrative authorities, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, as well as other bodies authorized by law, may contact the data controller to request information, the disclosure or transfer of data, or the provision of documents.

The Foundation shall disclose personal data to authorities only to the extent and in the manner that is absolutely necessary for the purpose of the request, provided that the authority has specified the precise purpose and scope of the data.