Privacy Policy

1. Purpose of the Privacy Policy

The Association of the European Network on Victims’ Rights (hereinafter referred to as: the Association) respects personal data and entirely acts in accordance with the Regulation of No. 2016/679 of the European Parliament and of the Council (EU) dated on 27^th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data; as well as the ordinance of repealed Regulation of No. 95/46 (EK) /General Data Protection Regulation/ (henceforth: GDPR).

The purpose of the below declaration is to provide information on the privacy and data process principles used by the Association in connection with registration to the website and sending newsletters.

The Association process the data of the registered users on its website and of the subscribers to its newsletters.

1. Definitions applied in this Privacy Policy
   1. Data processing means any operation or set of operations performed regarding personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
   2. Personal data means any information relating to an identified or identifiable natural person (‘data subject’); the identifiable natural person is who can be identified directly by reference to one or more identifiers such as name, job, position, place of work, e-mail address, official telephone number;
   3. Data subject means any individual person who can be identified directly, via one or more identifier such as a name, job, position, place of work, e-mail address, official telephone number;
   4. Data controller can be natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
   5. Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
   6. Supervisory authority means an independent public authority which is established by a Member State pursuant to Article 51 of GDPR;
   7. Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
   8. Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
   9. Website means the www.envr.eu website operated by the data controller;
   10. European Network on Victims’ Rights (ENVR) is a cooperation of national experts for discussing victims’ rights. ENVR was established by the Amsterdam Council Conclusions Nr. 9997/16 on 9 June 2016. ENVR is being operated by the Association of the European Network on Victims’ rights through operative grant provided from the Justice Programme of the European Commission.
   11. Newsletter means the newsletter prepared and sent by the data controller;
   12. User means the natural person who registers on the website or registers on the website and subscribes to the newsletter, and in this context provides its personal data listed below;
   13. Privacy Policy means this privacy policy issued by the data controller.
2. Name of data controller

Name: Association of the European Network on Victims’ Rights

Registered by the Metropolitan Court of Justice under registration number 01-02-0016515

Registered office and postal address: 6 Somogyi Béla utca, 1085 Budapest (Hungary)

E-mail: envr@envr.eu

1. The processed personal data

In order to ensure the registrations by the experts and other collaborators of the European Network on Victims’ Rights (henceforth: ENVR) to the website and to ensure the receiving of newsletters sent by the Association, the data controller process the one or more of the following personal data on its servers being run in Hungary:

• First name
• Family name
• Job / Position
• Work of place
• E-mail address
• Office telephone number

1. Legal basis, purpose and method of the data processing
   1. The data provision shall be voluntary and the processing of the personal data shall be based on the consent of the data subject. Please note that by accepting the Privacy Policy you give your consent to the data processing as it is described in this Privacy Policy;
   2. The purpose of the data processing is the identification of the registering user during website registration, and the sending of newsletters to the e-mail address provided by the subscriber to the newsletter. The gathered personal and non-personal data will be stored securely. The data controller shall not manage the data provided beyond the purposes defined in this Privacy Policy.
   3. The release of the gathered data to a third party can be possible only under the prior consent of the data subject unless otherwise required by law.
   4. The data provider is exclusively responsible for the real content of data and the data controller will not do such control of the received data.
2. Duration of the data processing
   1. The duration of processing of the gathered data in case of the website registration exists from the date of the website registration until the date of deleting the website registration.
   2. The duration of processing the gathered in case of newsletter subscription is from the date of subscription to the newsletter until the time of unsubscribe from the newsletter as defined in Point 9.
3. Circle of persons get known the personal data

The personal data will be known by the employees of the data controller under whose responsibility falls the processing of the concerned data.

1. Your rights and opportunities for enforcement data protection
   1. The right of access to your personal data;
   2. The right to request information from the data controller on the purpose, the legal basis and the duration of the data process (on the planned duration of the storage of personal data or, if this is not possible, the criteria for determining this period);
   3. The right to request a copy of the information you provided to the data controller in machine-readable format;
   4. The right to request information on the circumstances and effects of the eventual personal data breach and the measures taken to prevent it (under certain legal conditions, the data controller shall inform you, without any specific request, on the possible personal data breach);
   5. The right to request rectification or deletion of your personal data;
   6. The right to object to the processing of your personal data;
   7. The right to withdraw your consent to any processing that is solely reliant upon your consent;
   8. The right to make a complaint to the Supervisory Authority (National Authority for Data Protection and Freedom of Information 1125 Budapest, Szilágyi Erzsébet fasor 22/C. (phone: +36 (1) 391-1400 fax: +36 (1) 391-1410, e-mail: ugyfelszolgalat@naih.hu, website: www.naih.hu);
   9. The data subject also has the right to file lawsuit at court against the data controller in case of violations of your rights, by filing a lawsuit at the Fővárosi Törvényszék /Metropolitan Court of Justice) / (postal address: 1363 Pf. 16, address: 1055 Budapest, Markó utca 27. – Hungary, central number: +36 1 354 6000, fax: +36 1 354 6041) or at the courthouse of the place of residence or the place of habitation of the data subject. If the place of residence or habitation is not in Hungary but in the territory of another Member State of the European Union, the data subject can also issue legal proceedings at the courts of Member State of residence or habitation;
   10. If the data subject wants to review, verify or correct its personal information subject to the data processing on the basis of this Privacy Policy, please contact the data controller via e-mail to envr@envr.eu.
   11. The above rights for data protection are based on the GDPR, on the Hungarian Act CXII of 2011 on the right to informational self-determination and on the freedom of information, and on the Hungarian Act V of 2013 on the civil code.
2. Deleting the website registration and unsubscribe from the newsletter
   1. Website users can delete their account on the website anytime by clicking the “delete account.” Deletion of personal account can also be initiated by sending request for that via e-mail to the envr@envr.eu, or the request for deletion can be sent via post to the following postal address: 6 Somogyi Béla utca, 1085 Budapest, Hungary. Any of the above manners of deleting can alone result in the deletion of the user’s account.
   2. Newsletter subscribers can initiate unsubscribe by using the Unsubscribe button placed at the bottom of the newsletter. Moreover, subscribers can initiate the unsubscribe by sending request for unsubscribe via electronic letter to envr@envr.eu, or by sending request for unsubscribe via post to the Association of the European Network on Victims’ Rights to the following postal address: 6 Somogyi Béla utca, 1085 Budapest, Hungary.

***