Data Processing Notice

File no.: 34000/9566-1/2021.

on the processing of personal data related to the operation of the online journal system operated by the University of Public Service

 

1. Controller’s name

  • University of Public Service
  • address: 1083 Budapest, Ludovika tér 2.
  • phone: +36 1 432 9000,
  • e-mail: nke@uni-nke.hu;
  • website: https://www.uni-nke.hu/.
  • Represented by: Dr. András Koltay, Rector

2. Name and contact details of the Data Protection Officer

  • Data Protection Officer of the University: Veronika Deák
  • Direct contact: adatvedelem@uni-nke.hu
  • Phone: +36 1 432 9000/ extension: 29833

3. Information on data subjects regarding the use of the services offered by the University of Public Service on the website at https://folyoirat.ludovika.hu/ (Open Journal System), when the personal data are provided directly by the data subjects (content under Article 13 of the GDPR[1]).

3.1. Data processing related to registration and submission of publications into the journals available through the website at https://folyoirat.ludovika.hu/

Categories of

data subjects

Scope of processed data

Purpose of data processing

Legal basis

Consequence of failure to provide the data

Natural persons who, in the context of their academic or cultural activities, register and create a user profile for the purpose of publishing their copyrighted works on the website at https://folyoirat.ludovika.hu/  (hereinafter as: Author)

Profile-related personal data: name, phone number, e-mail, institution, country, ORCID identifier, API key.

Log-in-related personal data: e-mail, user name, password.

To contact the editorial staff of the journal concerned through the website at https://folyoirat.ludovika.hu/ and to edit the publication.

Pursuant to Article 6 (1) (b) of the GDPR, registration shall be required to publish the publication.

The publication cannot be submitted on the OJS platform without registration.

3.2. Data processing related to the manuscript accepted for publication by the University of Public Service

Categories of data subjects

Purpose of data processing

Legal basis

Consequence of failure to provide the data

Authors who submitted a manuscript that was accepted and will be published by the editorial staff.

To consult regarding the manuscript accepted for publication by the editorial staff, to enter into the contract, liaise and arrange publication.

Performance of a contractual obligation pursuant to Article 6 (1) (b) of the GDPR.

Indication of name, workplace and title, pursuant to Article 6 (1) (a) of the GDPR, based on the author’s consent.

If this Section applies, there is a contractual relationship between the University and the Author. The required personal data are already available in this phase. The legal sanctions for failure to submit the manuscript are regulated under the contract entered into by and between the data subject and the University.

3.3. Conclusion of the contracts related to the author’s tasks

Categories of data subjects

Scope of processed data

Purpose of data processing

Legal basis

Consequence of failure to provide the data

The Author and the legal entities and organisations acting on their behalf.

All those personal data that are required for conclusion of the contract.

To arrange and regulate the legal relationship between the data subject and the University, to comply with the requirements laid down by legislation.

Pursuant to Paragraphs (b) and (c) of Article 6(1) of the GDPR, the contract concluded by and between the Parties, and for all other content not covered by the contract, the legislation stipulates mandatory provisions regarding the content of the contract.

Conclusion of the contract, hence also the performance of the task become impossible.

 

4. Notice to data subjects regarding the use of the services offered by the University of Public Service on the website at https://folyoirat.ludovika.hu/ (Open Journal System), when the personal data of the data subject are obtained by the University indirectly (content as per Article 14 of the GDPR)

4.1. Data processing related to the registration of reviewers

Categories of

data subjects

Scope of processed data

Purpose of data processing

Legal basis

Consequence of failure to provide the data

Person applying for professional reviewer tasks.

Profile-related personal data: name, phone number, e-mail, institution, country, ORCID identifier, API key.

Log-in related personal data: e-mail, user name, password.

To contact the editorial staff of the concerned journal through the website at https://folyoirat.ludovika.hu/, and to perform the tasks of the professional reviewer.

The University’s legitimate interest based on Article 6 (1) (f) of the GDPR.

The tasks of the professional reviewer cannot be performed through the OJS system without registration.

5. The recipients of the personal data

a) The Library and Information Centre of the Hungarian Academy of Sciences in terms of the performance of the DOI contracts.

b) Those employees of the University who are required to access the personal data concerned based on their employment relationship.

c) Co-workers of the journal having editorial staff authorisations.

6. Duration of data processing

Registration:

a) The data processed in the user account will be processed until the user deletes them, until the user becomes unavailable, or until the journal editor deletes them in the event of suspicious activity.

In terms of Authors:

a) the University shall process the data for the period of time during which it holds the right to use the published article or for the full term of the copyright protection,

b) if the article is not published by the University, the manuscripts shall be archived.

After the expiry of the above time limits, the published articles shall be archived for academic and statistical purposes.

7. Implementation of the data processing activity

The University operates the https://folyoirat.ludovika.hu website for the online management of the journal publishing process. The online management includes, among others, the management of tasks ranging from article submission and reviewing (proofreading) processes to the management of the copy editing and layout editing of the article accepted for publication, liaising with contributors, publishing, making available and disseminating the journal issues and articles to the academic and general readership, and storing the archives of these journals.

8. Data protection and security

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the University undertakes the appropriate technical and organisational measures to ensure a level of data security appropriate to the risk.

The University applies reasonable physical, technical and organisational security measures to protect the data subject’s data, in particular against accidental, unauthorised or unlawful destruction, loss, alteration, disclosure, use, access or processing. Access to data is limited; password protection is in place.

The University has a policy on the protection and security of personal data and data of public interest and also an IT Security Policy.

9. Automated processing (including profiling)

No decisions are made based on automated processing at the University.

10. Data transfers to third countries or international organisations

None.

11. Exercise of rights, legal remedies

The data subjects may exercise their rights ensured under the GDPR throughout the entire period of data processing, and these rights can be exercised through the contact details specified in Sections 1 and 2 at any time.

The data subject shall have the right to

a) request access to his/her personal data (the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information specified in the GDPR) (Article 15 of the GDPR),

b) request rectification of his/her personal data (the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement) (Article 16 of the GDPR),

c) request the erasure of his/her personal data (the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay, if this is justified pursuant to the GDPR; if processing is required by law, the request for erasure shall not be fulfilled) (Article 17 of the GDPR),

d) request the restriction of his/her personal data (the data subject shall have the right to obtain from the controller the restriction of processing, where the condition specified in the GDPR is met) (Article 18 of the GDPR),

e) exercise his/her right to data portability regarding his/her personal data (the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, if the conditions specified in the GDPR are met) (Article 20 of the GDPR),

f) object to the processing of his/her personal data (the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her that is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims; if processing is required by law, the objection shall not be fulfilled) (Article 21 of the GDPR).

The request must be submitted to the postal address of the controller or to the e-mail address at adatvedelem@uni-nke.hu. The controller shall provide written information as soon as possible, but within 1 month at the latest (within 15 days in the case of objections) (this deadline can be extended with 2 further months, taking the complexity of the request into account). If any rights of the data subject have been violated, the data subject may bring the case to court (at the data subject’s discretion, the legal action can be started at the regional court having competence according to the data subject’s domicile or habitual residence as well) or may turn to the Hungarian National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11., phone: 06-1-391-1400, website URL address: http://naih.hu, e-mail: ugyfelszolgalat@naih.hu).

 

[1] GDPR: General Data Protection Regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).