Privacy Policy

Data processing information pertaining to castellum.hu website

1.Name of data controller:

Castellum Vagyonkezelő Igazgatóság

Address:                                          8200 Veszprém, Vár utca 18.; Hungary

E-mail:                                              press@castellum.hu

Telephone:                                     +36 1 201 5666

Website:                                          www.castellum.hu

Representative:                             György Dr. Udvardy, archbishop

2. Legal regulations forming the basis of data processing:

Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and on the repealing of Directive 95/46/EC (General Data Protection Regulation: GDPR);

Act CXII of 2011 on Informational Self-Determination and Freedom of Information.

3. Scope and duration of processed personal data, data subjects:

User: person taking advantage of website services (reading news and information material, viewing videos and image galleries, and sending messages), furthermore, natural person viewing the website.

Scope of processed personal data: name, e-mail address

4. Purposes, legal basis of data processing:

Purposes of data processing: online content provision, maintaining contact with the User

The Data Controller shall not use the personal data provided for any purposes other than those designated above.

Legal basis of data processing: voluntary consent as determined in Article 6. (1) a) of the GDPR, which occurs on the basis of the User’s voluntary, prior consent based on appropriate information. The User shall be entitled to withdraw consent at any time, the withdrawal of which does not in any way affect the legality of data processing prior to withdrawal.

The User warrants that in the course of using the services of the website it disposes of the appropriate legal grounds for handling the personal data given or made accessible by the User about other persons. All responsibility for User content uploaded and shared into the services by the User is borne solely by the User.

The Data Controller does not check the given personal data. The person providing such data shall be exclusively responsible for their accuracy.

The User personal data of a natural person not yet aged 16 years may be processed only with the consent of an adult exercising parental supervision over such person.

5. Data processing duration:

In the case of e-mails sent by the User, the contacted Data Controller shall delete the name and the e-mail address on the 90th day after closure of the case referred to in the request, with the exception, if in an individual case, where the legitimate interest of the Data Controller justifies continued handling of the personal data, for the duration of the existence of the legitimate interest of the Data Controller.

Data automatically, technically recorded during the operation of the system are stored in the system for a period of time – calculated from the time of their generation – justified from the point of view of ensuring the operation of the system.

6. Automatically collected data:

Data of the computer or mobile device used by the User to login, which are generated in the course of using the website and which the Data Controller’s system records as an automatic result of technical processes, thus in particular the Internet Protocol (IP) address, browser type, language setting, operating system, internet service provider (ISP) and time stamp.

The website automatically logs all data that are automatically recorded when entering or leaving the site without the User’s separate declaration or act. These data may not be linked with other personal User data, with the exception of cases mandated by law. Data may be accessed exclusively by the Data Controller.

Data automatically, technically recorded during the operation of the system are stored in the system for a period of time – calculated from the time of their generation – justified from the point of view of ensuring the operation of the system.

7. Use of Data Processor, data forwarding:

The services of another Data Processor may be taken advantage of in order to ensure the activity of the Data Controller.

The Data Controller may not reach a decision independently, it shall only be entitled to proceed on the basis of the contract signed with the Data Processor and instructions it has received. After 28 February 2021, the Data Processor shall record, handle and process the personal data forwarded and handled or processed by the Data Controller in compliance with the provisions stipulated in the GDPR, and shall make a declaration thereto to the Data Controller.

The Data Controller shall monitor the work of the Data Processor.

The Data Processor shall not be entitled to take advantage of further data processors.

The Data Controller is entitled and required to forward all those personal data at its disposal and stored by it in the correct way to the competent authorities, which personal data is required to be forwarded by it according to legal regulation or final and binding official order. The Data Controller shall not be liable for such mandated data forwarding or for any consequences arising thereto.

Data shall not be passed to any third country or international organization.

8. Data security measures:

The Data Controller stores personal data on its own server. The services of another company can be used for storage of data (v. Data Processor designated in Point 5.). The Data Controller and the contracted Data Processor shall take appropriate measures to ensure that personal data is protected, among other things, against unauthorized access.

9. Rights of Users in connection with data handling:

The right to request information

The User may request, via the contact details given in Point 1., information about which of his/her personal data are being handled, on what legal basis, for what data handling purpose, from which source and for how long, furthermore, to whom, when, on what legal basis and which of his/her personal data the Data Controller provided access or to whom it forwarded such personal data.

The Data Controller shall fulfil the request for information submitted by the User to the contact detail given by the User within one month.

The right to correction

The User may request, via the contact details given in Point 1., the Data Controller to correct any of his/her personal data. The Data Controller shall fulfil the request within one month and shall notify the User thereto at the contact detail given by the User.

The right to block (restricting data handling)

The User may request, via the contact details given in Point 1., the Data Controller to block his/her personal data (by clearly indicating the restricted nature of the data handling and providing handling separated from other data). The block remains in force as long as the reason given by the User makes it necessary to store the data.

The right to objection

The User may object, via the contact details given in Point 1., to data handling if, according to his/her standpoint, the Data Controller is not handling his/her personal data appropriately in connection with the purpose specified in the current data handling information. In such an instance, the Data Controller must prove that the handling of personal data is justified by compelling legitimate reason that takes precedence over the interests, rights and freedoms of the data subject, or that are related to the submission, enforcement or defence of legal claims.

The right to deletion

The User may request, via the contact details given in Point 1., deletion of his/her personal data.

The request for deletion may be rejected (i) for the purpose of exercising the right to freedom of expression and information, or (ii) if legal regulation on the processing of personal data authorizes such; furthermore (iii) for the submission, enforcement or defence of legal claims.

In every case, the Data Controller shall inform the User about the rejection of the request for deletion, indicating the reason for the rejection of deletion. Having fulfilled the request for the deletion of personal data, the previous (deleted) data can no longer be restored.

10. Opportunities for legal enforcement connected with data handling:

In the case of data handling judged to be illegal, the data subject may submit a complaint to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) Hungarian National Authority for Data Protection and Freedom of Information, address: 1055 Budapest, Falk Miksa u. 9-11. E-mail: ugyfelszolgalat@naih.hu, website: www.naih.hu,

or the data subject, in the interest of the protection of his/her data, may turn to the courts, which case is handled as a matter of urgency. In this case, the data subject may freely decide whether to submit the complaint to the court with competence according to his/her residence (permanent address) or temporary residence (temporary address), or the head office of the Data Controller. Courts can be searched by residence or temporary residence at http://birosag.hu/ugyfelkapcsolatiportal/birosag-kereso

11. Changes to information:

The Data Controller reserves the right to change, unilaterally, the current Information at any time. By opening the castellum.hu website and reading the contents therein the User accepts the prevailing provisions of the Information, beyond which there is no requirement to seek the consent of individual Users.

The currently prevailing Information can be accessed at the following link: www.castellum.hu

Most recent update: 15 August 2023