Privacy statement

Privacy Statement of the World Science Forum 2024

  

Part I

General provisions

 

This Privacy Statement governs any personal information collected by the organizer of the World Science Forum 2024 in the course of the preparation and management of the event. The organizer involved in the processing of personal information is the Secretariat of the Hungarian Academy of Sciences. The Secretariat of the Hungarian Academy of Sciences as the Data Controller (hereinafter: Controller) based in Hungary is committed to the protection of the personal data of the data subjects (all registered participants of World Science Forum) and fully respects the right of informational self-determination of the data subjects. The Controller ensures that the processing of data is carried out in such a manner as to safeguard privacy and will take all security, technical and organisational measures that guarantee the security of data.

 

The Controller processes personal data and data of public interest in compliance with the Act CXII of 2011 on the Right to Informational Self-Determination and on the Freedom of Information (hereinafter: “Freedom of Information Act”) and in line with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR”).

 

This Statement lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

1. Controller and processor(s)

The Controller

The Secretariat of the Hungarian Academy Sciences as Controller (registered office: 1051 Budapest, Nádor utca 7.) declares that it considers itself legally bound by this Statement. During all processing activities related to its operation, the Controller shall make sure that processing complies with the requirements laid down in this Statement and in the relevant laws and regulations in force at the time of the data processing.

The Processor(s)

The Controller also involves a Processor in its activities relating to the processing of personal data. Processor(s) contracted by the Controller:

2. Disclosure

This Statement of the Controller may be consulted at any time online at the following webpage of the WSF website https://worldscienceforum.org/  (hereinafter: “website”): https://worldscienceforum.org/contents/privacy-statements-110015.
 

3. Modification and scope of this Statement

The Controller reserves the right to alter this Statement unilaterally, without any limitation in time. It shall inform the data subjects affected by processing of any such change in due time and manner. This Statement may need to be modified primarily in order to comply with the law. Data subjects shall have the right to object to any modification which is not based on the law and which establishes unfavourable conditions for them.

 

This Statement shall be valid until withdrawn and its scope shall cover the visitors of the website as well as all data subjects whose personal data are processed by the Controller for the purposes defined in this Statement.

 

4. Definitions

The terms defined in Article 4 of the GDPR and in Section 3 of the Freedom of Information Act shall be used during the application of this Statement.

 

Part II

Processing of personal data

                                                                                                     

The Controller shall perform the following activities with regard to the data subjects:

                                                                      

1. Registration for the events of the World Science Forum 2024

The Controller will organise events within the framework of the World Science Forum series. Participants of the World Science Forum are required to register in advance for the events.

 

Processed personal dataLegal basis (legal ground)ObjectiveDuration of processing

Name and title,

country of nationality, sex, email address, mobile and office phone, name, type and address of affiliated organisation, position in organisation

Performance of a task carried out in the public interest

Based on Section 3 (1) j) of Act XL of 1994 on the Hungarian Academy of Sciences

(Article 6 (1) e) of GDPR e));

consent of the data subject

Verification of the right to participate in the event, prior calculation about the number of participants, preparation for satisfying the requirementsFollowing the particular event, the supplied personal data shall be erased or, with the consent of the data subject, stored exclusively to issue future invitations to the events of the World Science Forum
Dietary preference

Performance of a task carried out in the public interest

Based on Section 3 (1) j) of Act XL of 1994 on the Hungarian Academy of Sciences

(Article 6 (1) e) of GDPR Article)

Preparation to satisfy participants’ special dietary needs.Following the particular event, the supplied personal data shall be erased
CV of max. 2500 characters, portrait photo

Performance of a task carried out in the public interest

Based on Section 3 (1) j) of Act XL of 1994 on the Hungarian Academy of Sciences

(Article 6 (1) e) of GDPR)

Verification of the right to participate in the event (eligibility), prior calculation about the number of participants, preparation for satisfying the requirements.

Making the profile of participants available on the website (voluntary).

Following the particular event, the supplied personal data shall be erased

 

2. Registration for the special events of the World Science Forum 2024

The Controller will organise special events within the framework of the World Science Forum 2024 where high-ranking officials and dignitaries will be present, who are provided protection by the Hungarian Security Services as stipulated by law. Participants can only attend special events of the World Science Forum 2024 if they pass a security screening conducted by the Hungarian Security Services. The Participants who during their registration do not provide the mandatory information (passport ID or ID card number, date of issue, date of expiry, country of issue of either of these documents and date of birth) required for this screening may still attend the other programme components of the World Science Forum 2024, but will not be able to attend its special events and will need to contact via e-mail at wsfinvitation@office.mta.hu the administrators of the WSF website in order to complete the registration process.

 

Processed personal dataLegal basis (legal ground)ObjectiveDuration of processing

Title, first name, last name, country of nationality, date of birth, organisation name, organisation type,

position in organisation, address of organisation, e-mail address,

office phone, passport ID or ID card number, date of issue, date of expiry, country of issue of either of these documents

Performance of a task carried out in the public interest

Based on Section 3 (1) j) of Act XL of 1994 on the Hungarian Academy of Sciences

(Article 6 (1) e) of GDPR)

The data subject can only attend special events during the WSF2024 if the Hungarian Security Services are able to provide clearance for the data subject in accordance with the security measures in effect for the protection of high-ranking officials and dignitaries.

Following the particular event, the supplied personal data shall be erased.

 

The information is transferred to the Hungarian Security Services prior to the event.

The personal data specified in this point must be provided for processing for the purposes defined therein. If the data are not provided, the data subject may not use the service (that is, he or she may not participate at the conference).

 

 3. Disclosure of the list of participants on the website

In relation to the events organised by the Controller within the framework of the World Science Forum 2024, the lists of participants and speakers of the individual programme components (sessions) shall be disclosed on the website of World Science Forum 2024.

 

Processed personal dataLegal basis (legal ground)ObjectiveDuration of processing
Name, country of nationality, CV, photo, organisation, position in the organisation

Consent of the data subject

(Article 6 (1) a) of GDPR)

Disclosure on the website of WSF2024The personal data is disclosed to the public on the website of WSF2024 until the consent is withdrawn.

 

4. Photos and videos recorded at the event

During the individual events organised as part of WSF2024, the Controller may arrange for the recording of images and videos of the speakers, of the venue and of the data subjects present, and may publish such photos and video recordings on its own website and the website of WSF2024. During each event the Controller shall inform the data subjects about the relevant provisions of this Statement, particularly about the purpose of the processing of their personal data and shall explain to them the appropriate legal ground.

 

Processed personal dataLegal basis (legal ground)ObjectiveDuration of processing
Images of the data subjects

Processing is necessary for the purposes of the legitimate interests pursued by the Controller

(Article 6 (1) f) of GDPR)

Publication of details of the event through disclosure on the website of WSF2024 and on the Controller’s own website.

The photos and videos will be published on the website and social media channels of the Controller www.mta.hu, https://www.youtube.com/@MTA1825, https://www.facebook.com/MTA1825,  https://www.flickr.com/photos/mtasajto/albums/

for an indefinite period of time.

The data subject may object against the data processing (See Part IV, Section 5).

 

5. Organizing future events of World Science Forum and providing updates about the World Science Forum  

The Controller wishes to inform the participants of future events of the World Science Forum and to send them information updates about the World Science Forum in general.

 

Processed personal dataLegal basis (legal ground)ObjectiveDuration of processing

Title, first name, last name, country of nationality, organisation name, organisation type,

position in organisation, address of organisation, CV, photo

Consent of the data subject

(Article 6 (1) a) of GDPR)

Organizing future events of the WSF and sending information updates about the WSF

The personal data is processed until the consent is withdrawn.

 

If the consent is withdrawn the Controller may not be able to contact the data subject about future events and the data subject will have to verify their eligibility to attend the future event.

 

Consent of the data subject, conditions

Processing subject to consent requires an affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of data, such as by a written statement, including by electronic means, or by an oral statement. It shall also constitute consent to processing if the data subject ticks a respective box while viewing the Internet website. Silence, pre-ticked boxes or inactivity may not constitute consent. It shall also constitute consent if a user makes technical settings while using electronic services or issues a declaration or performs an act which, in the particular context, clearly indicates the consent of the data subject to the processing of their personal data. Where processing is based on consent, the Controller shall be able to demonstrate that the data subject has consented to the processing of their personal data. If the data subject's consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters. The data subject shall have the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of the processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.

 

Minors

No minors may register or attend WSF events.

 

  

Part III

Security of processing

 

The Controller shall make sure that the data of data subjects are kept securely, and it shall protect them against unauthorised or unlawful processing, accidental loss, destruction or damage, which also includes maintaining the confidentiality, integrity, availability and resistance, of the information systems and tools used for processing personal data with adequate technical and organisational measures that are commensurate with the degree of the risks. To that end, the Controller shall use IT tools, including especially firewalls, encryption and physical protection devices in its systems and shall provide physical protection at all sites where data are accessible. In determining the measures to ensure the security of processing, the Controller shall proceed taking into account the latest technical development and the state of the art of their implementation. Where alternate data processing solutions are available, the one selected shall ensure the highest level of protection of personal data, except if this would entail unreasonable hardship for the Controller.

 

Personal data breach

Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. A personal data breach may, if not addressed in an appropriate and timely manner, result in physical, material or non-material damage to natural persons such as loss of control over their personal data or limitation of their rights, discrimination, identity theft or fraud.

Any unlawful control or processing of personal data must be notified to the Supervisory Authority. The Controller shall without undue delay and, where feasible, not later than 72 hours after having become aware thereof, notify the Supervisory Authority of the personal data breach, unless the personal data breach is unlikely to result in a risk adversely affecting the rights and freedoms of natural persons.

 

Data transfer

When describing the various types of processing, the Controller shall list the recipients of transferred data and their categories, as and when necessary.

The Controller is entitled and obliged to transfer any personal data which it has access to and which it lawfully stores to the competent authorities if the Controller is obliged by law or by a definitive decision of a competent authority to transfer such data. The Controller may not be held liable for such data transfer or any consequences thereof.

 

 

Part IV

Rights of the data subject, legal remedies

 

The data subjects may exercise the rights granted to them in this Statement or by law, by using any of the contact details of the Controller indicated in this Statement.

 

Rights of the data subject

1. Right to request information (right of access)

Any data subject may request information from the Controller as to whether or not their personal data are being processed and the categories of personal data concerned, the legal ground, the purposes of the processing, the source of data, the envisaged period for which the personal data will be processed; the recipients of the data transfer, its date, the underlying legal regulations and the categories of personal data in relation to which access was granted, or the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries and international organisations.

The information thus requested must be sent immediately, but at any rate within 30 days at the latest, using the provided contact details.

 

2. Right to rectification

Any data subject may request the modification or completion of any data. When requested, the information must be sent immediately, but at any rate within 30 days at the latest, using the contact details provided.

 

3. Right to erasure (right to be forgotten)

Any data subject may request their data to be erased when a) the personal data are no longer necessary in relation to the purposes for which they were processed by the Controller; b) the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing; c) the data subject objects to the processing and there are no other legitimate grounds for the processing; d) the Controller has processed their personal data unlawfully; e) the personal data have to be erased for compliance with a legal obligation to which the Controller is subject; f) the personal data have been collected in relation to an offer of information society services to children.

When requested, it must be done immediately, but at any rate within 30 days at the latest and the data subject must be notified using the contact details they have provided.

 

4. Right to blocking and restriction of processing

Any data subject may request their data to be blocked when a) the accuracy of the personal data is contested by the data subject, in which case the blocking/restriction applies for a period during which the Controller verifies the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; d) the data subject has objected to processing, in which case the restriction applies until it has been verified whether the legitimate grounds of the Controller override those of the data subject.

Blocking lasts as long as the indicated reason makes data storage necessary. When requested, it must be done immediately, but at any rate within 30 days at the latest and the data subject must be notified using the contact details they have provided.

 

5. Right to object

Any person may object to processing based on legitimate interest, using the provided contact details. In this case the Controller may no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. The objection shall be assessed within the shortest possible time but at any rate within 15 days following the submission of the request, a decision shall be adopted as to its merits and notification shall be sent thereof using the provided contact details.

 

6. Right to data portability:

The data subject shall have the right to receive the personal data concerning them, which they have provided for the Controller, in a structured, commonly used and machine-readable format and shall also have the right to transfer those data to another Controller when processing is based on the consent of the data subject or on a contract and processing takes place in an automated manner. In exercising their right to data portability, the data subject shall have the right to have the personal data transmitted directly from one Controller to another, where technically feasible.

The Controller shall comply with the data subject’s request within no more than 30 days and shall inform the data subject about it in a letter sent to the address provided by the data subject.

 

Law enforcement options relating to processing:

Supervisory authority:

National Authority for Data Protection and Freedom of Information

Postal address: 1363 Budapest, Pf.: 9., Hungary

Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary 

Phone: +36 (1) 391-1400 

Fax: +36 (1) 391-1410 

E-mail: ugyfelszolgalat@naih.hu 

Web: https://naih.hu  

 

Data Protection Officer:

Dr. András György, Attorney at law

SBGK Attorneys at Law

Postal address: 1369 Budapest, Pf. 360., Hungary

Address: H-1062 Budapest, Andrássy út 113.

Phone: +36-1-461-1000

Fax: +36-1-461-1099

E-mail: andras.gyorgy@sbgk.hu 

Web: https://sbgk.hu/en/ 

 

In the event of any infringement of their rights, the data subject may bring proceedings before a court against the Controller. The court shall hear such cases in priority proceedings. Based on the choice of the data subject, the litigation may be instituted before the regional court having competence at the place of either permanent or temporary residence of the data subject.

The Controller shall provide information on action taken for the data subject without undue delay and in any event within no more than one month of receipt of the request. This period may be extended with an additional period of two months where necessary, taking into account the complexity of the request and the number of requests. The information obligation may be fulfilled by operating a safe online system through which the data subject can have easy and fast access to the required information.

 

Done at Budapest, on 4 July 2024.

‹ Back