on the processing of data gathered for the purpose of social assistance, donations, offered regarding the novel coronavirus.
Your privacy is important to us, thus we would like to inform you, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: Regulation), in connection with the processing of your personal data protected by the Regulation.
Municipality of Budapest, Mayor’s Office of Budapest (hereinafter: Data Controller)
Address: 1052 Budapest Városház utca 9-11.;
Mailing address: 1840 Budapest
Hosting service provider, web developer: MediaCenter Hungary Kft.
Address: 6000 Kecskemét, Sosztakovics utca 3. II/6
Data Protection Officer
dr. Katalin Molnár
Legal rules regarding data processing
•Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
Act CXII of 2011 on Informational Self-Determination and Freedom of Information
Act CXVIII of 2011 on Disaster Management and on the Amendment of the Related Acts
Scope and purpose of data processing
The novel coronavirus is a major challenge for all of us, but it is good to see that people can help where it’s needed. As a result, we’ve created the https://koronavirus.budapest.hu website, so that if you want to help, you can do it easily.
The form on the webpage only asks you for information that is important to process your donation as quickly as possible, and to make sure your donation reaches the recipient as quickly as possible.
It is important to know that currently we are not accepting material or monetary funds at the Municipality of Budapest, but we are happy to forward your donations to the appropriate districts or institutions.
After submitting the form, we will contact you and try to get the donation to where they need it most, as soon as possible.
The following data will be requested to make sure your donation reaches those in need as soon as possible:
processing of personal data for the purpose of data management
name of the donor, contact person of the donating institution, mobile number, email address, details of the donation are needed to get in touch with the data subject – donor – and process the donation
name of the donor, contact person of the donating institution, mobile number, email address, details of the donation
data transfer: the assistance offered by the data subject – the donor – is necessary to reach the selected recipients
Legal basis of data processing
The processing of personal data is required in compliance with paragraph e) of Section (1) of Article 6 of the Regulation in order to perform the public interest tasks of the Data Controller.
The personal data are transferred to recipients defined by the Municipality of Budapest based on the nature of the received requests and donations.
Duration of data processing
The Data Controller stores the personal data for the duration set out in Decree 78/2012 (XII.28.) of the Minister of Interior on issuing a single archive plan for municipal offices and in the internal policies.
Persons entitled to process data, access to data and data security measures
Data processing is carried out exclusively by the authorized staff of the Data Controller, in order to perform their duties. Access to the stored data is restricted to the designated personnel. The Data Controller takes all reasonable technical and organizational measures to protect your personal data against, among others, unauthorized access.
Rights and available remedies of the data subject related to data processing
The data subject may request (at the contact details specified in Section 1):
information on the processing of his/her personal data
the rectification of his/her personal data,
the deletion of his/her data,
the restriction of the processing of his/her personal data,
object to the processing of his/her personal data.
At the request of the data subject, the Data Controller
Provides information on whether your personal data is being processed, and if yes, the information shall include the following: the purpose of data processing, the categories of personal data affected by data processing, the name of the recipients in case of data transfer, the duration of the data processing, the rights of the data subject, the remedy rights of the data subject, and if the data are not from the data subject, the indication of the source of data.
Provides the information in writing, in a comprehensible form, in the shortest possible time from the submission of the request, but at the latest within 1 month of the receipt of the request. This information is free of charge. If the Data Controller can prove that the data subject’s request is unfounded or excessive, the Data Controller may charge a fee, or reject the request.
If the data subject requests a copy of the personal data being processed, the Data Controller provides it. The Data Controller may charge a reasonable fee based on administrative costs for any additional copies requested by the data subject.
The Data Controller corrects inaccurate personal data concerning the data subject at the request of the data subject without undue delay, or supplements the incomplete personal data on the basis of a supplementary statement.
The Data Controller
Deletes the personal data, if its processing is unlawful, if the purpose of the data processing is terminated, if the personal data shall be deleted in order to fulfil the legal obligation of the data controller, or if the data subject objected to the data processing and there is no overriding legitimate reason for the data processing. The Office may reject the request for deletion in the case, if the time limit set out by the legal rule on archiving has not yet expired.
Restricts the data processing at the request of the data subject, if the data subject disputes the accuracy of the personal data, if the data processing is unlawful and the data subject objects to the deletion of the data, if the processing of personal data is no longer necessary for the purpose of the data processing, but for the enforcement of the legal claim of the data subject it is required, or if the data subject objected to the data processing. In this case, the data controller may process the personal data, with the exception of storage, only with the consent of the data subject, or for the submission, enforcement or protection of a legal claim, or for the protection of the rights of another natural person or legal entity, or for the purpose of important public interest.
The data subject
is entitled to object to the processing of his/her personal data for reasons related to his/her situation. In this case, his/her personal data may not be further processed unless there are compelling legitimate reasons for the data processing which take precedence over the interests, rights, freedoms, or claims of the data subject, or which are related to the submission, enforcement or protection of legal claims.
The Data Controller informs without undue delay, but in any case, within one month of the receipt of the request, the data subject of the measures taken in response to his/her request for rectification, deletion or restriction of the personal data concerned. If the Data Controller fails to take action in response to the request of the data subject, it informs the data subject, within one month of the receipt of the request, of the reasons for not taking action and the right of the data subject to submit a complaint to the Supervisory Authority and to exercise his/her judicial remedy right.
The Data Controller notifies the data subject of the correction, the restriction of the data processing or the deletion, as well as all to whom or to which it previously disclosed personal data, unless this proves impossible or requires a disproportionate effort. At the request of the data subject, the Data Controller informs him/her of these recipients.
If you wish to file a complaint regarding the data processing, it is advised to send it first to the data protection officer’s contact details as specified above, which will be promptly examined after receipt, but no later than within 1 month, and the complainant will be informed in writing of the result of the examination.
The data subject may submit a complaint to the National Authority for Data Protection and Freedom of Information, if he/she believes that there has been an infringement with regard to the processing of his/her personal data.
Place of submission for complaints:
National Authority for Data Protection and Freedom of Information
1125 Budapest Szilágyi Erzsébet fasor 22/C
Right to judicial remedy
The data subject is entitled to judicial remedy, if in his/her opinion the data controller has not processed his/her personal data in compliance with the rules of the Regulation, and the rights of the data subject have therefore been infringed.
The lawsuit may be brought before the court pursuant to the permanent address or usual residence of the data subject.
Right to compensation and general damages for infringement of personal rights
If the data controller causes damage due to the violation of the legal rules pertaining to data processing, it is required to compensate it. If the personal rights of the data subject are also infringed due to the data processing not complying with the rules, the data subject is entitled to general damages.
If you need further information, please contact us via email: firstname.lastname@example.org.
Effective from March 20, 2020