Information on the rights of the applicant submitting a request for data of public interest and of the data subject

Dear Visitor,

In compliance with Section (2) of Article VI of the Fundamental Law of Hungary, every person shall have the right to access data of public interest. Each citizen shall gave the right to access information possessed by state or local government, or other body or institution carrying out public duties. In accordance with legal provisions, public institutions are obliged to respond to data requests. Accessibility of the data shall not depend on the discretion of the body carrying out public duties (with the exception of certain special situations).

The data applicant is not required to specify the reason and object of the data request, the body carrying out public duties may not request such information. Therefore, the body carrying out public duties shall fulfil the data request, or – in the event of legal restrictions – deny it with specifying the grounds for denial.

The data subject has the right to the following: 

  • requesting information on the control of his/her personal data,
  • requesting correction or deletion of his/her personal data,
  • protesting the control of his/her personal data,
  • initiating legal proceedings in the case of infringement of the data subject’s rights.

Pursuant to the request of the data subject, the controller is entitled to provide information on the subject’s data they control, as well as the data processed by the data processor they contracted, the objective of the control, its legal grounds and duration, the name and address (headquarters) of the data processor and the activities they undertake in connection with control, and a list of who received the data subject’s personal data and why.

A complete summary of the rights of data subjects can be found in Sections 14 to 19 of the Information Act and Section 21 of the University’s Data Protection, Data Safety and Data Control Regulations.

Information on legal redress opportunities

Should his/her rights pertaining to data control be infringed, the data subject may contact the data protection officer who shall investigate the complaint, and if it is substantiated, the data protection officer shall initiate a procedure with the dean of the specific department or the head of an independent organisational unit that is not part of any departmental body. If the complaint is unfounded, the data protection officer shall deny the complaint and inform the claimant within 30 days from receipt of the complaint in writing, specifying the factual and legal grounds for the denial. The data protection officer also notifies the claimant of the opportunities available to seek legal redress via the courts and on the help available from the Authority.

The applicant submitting the request for data of public interest may request an investigation from the National Authority for Data Protection and Freedom of Information (hereinafter: Authority) on the grounds of exercising rights relating to access to data of public interest, or in the event of such immediate threat to the above.

In the event that the request for data of public interest is denied, or the original deadline or the deadline extended by the data controller as per Subsection (2) of Section 29 of the Information Act is not observed, or – if the applicant has not paid the reimbursement – for the revision of the reimbursement charged for the copies, the applicant may initiate legal proceedings. The legal proceedings shall be initiated within 30 days from the notification of the request’s denial, the missed deadline or the end of the deadline for reimbursement, against the body carrying out public duties that denied the request at the Pest Central District Court.

If the applicant makes a claim to the Authority in order to request an investigation by the Authority in relation to the denial of or the failure of compliance with the request or to the amount of the reimbursement charged for making copies, the legal proceedings may be initiated within 30 days from receipt of the notification of the denial of substantial investigation of the claim, or the termination of the investigation, or the closure of the investigation as per Item b) of Subsection (1) of Section 55 of the Information Act, or from receipt of the notification issued as per Subsection (3) of Section 58 of the Information Act. Justification must be provided should the deadline period available for launching litigation expire.

Legal relations and proceedings of the University as a data controller

Appendices of the Data Protection, Data Safety and Data Control Regulations

Appendix No. 1
Information for persons entering a public servant employment contract with the University to be provided at the time of the signing of the employment agreement

DOC

Appendix No. 2
Information for persons entering an agreement for services or for other types of work to be provided at the time of the signing of the agreement

DOC

Appendix No. 3
Information and data control statement for persons entering into an agreement on doctoral candidate status with the University

DOC

Appendix No. 4
Information for persons applying for admission to the University to be provided along with admission information for training programmes for further education

DOC

Appendix No. 5
Information for persons applying for employment to the University to be provided in the call for job applications

DOC

Appendix No. 6
Information for persons participating in training programmes for further education organized by the University, persons applying for or participating in a habilitation procedure that does not constitute a legal relationship as per subsection a) of section (3) of article 1 of the University’s regulations on data protection, data security and data control, or persons applying for or participating in a doctoral procedure that does not constitute a legal relationship as per section (3) of article 1 of the University’s regulations on data protection, data security and data control, and persons using the University’s library system who are not in a legal relationship with the University described in section (3) of article 1 of the University’s regulations on data protection, data security and data control.

DOC