Privacy Policy - Header image

Privacy Policy

Privacy Policy

Privacy Notice and information on the data processing of the www.salto-et.net website


The Data Controller and the Data Processor provides the following information to you as the Data Subject of personal data processed by the Tempus Public Foundation (hereinafter: "Privacy Policy") in accordance with Regulation of 2018/1725 (EU) on the protection of individuals concerning the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002 / EC and Act CXII. of 2011 on Informational Self-Determination and Freedom of Information ("Info Act").


Further glossary:

“Consent” means a voluntary, specific, and informed and unambiguous indication of the Data Subject's wishes by which they, by a statement or by an explicit, affirmative action, indicate their consent to the processing of personal data concerning them.

“Data Controller” means the Union institution or body or directorate-general or any other department that determines the purposes and means of processing personal data independently or together with others; where a specific Union act determines the purposes and means of such processing, the Controller or particular criteria for the designation of the Controller may be determined by Union law.

“Data Processor” means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.

"Data Subject" means an identified or identifiable natural person.

"EU institutions and bodies" means the Union institutions, bodies, offices, and agencies established by or based on the TSA, the TSMS or the Euratom Treaty;

“National Supervisory Authority” means an independent public authority established by a Member State pursuant to Article 51 of Regulation (EU) 2016/679 or Article 41 of Directive (EU) 2016/680. 

“Personal data” means any information related to an identified or identifiable natural person ('Data Subject'); a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.

“Personal data breach” means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access to personal data transmitted, stored, or otherwise processed.

“Processing” means any operation or set of operations carried out on personal data or files by automated or non-automated means, such as collection, recording, organisation, layout, storage, conversion or alteration, query, consultation, use, transmission, dissemination or making it available in any other ways, alignment or interconnection, restriction, deletion, or destruction.

"SALTO Education and Training TCA Resource Centre" : a centre that was established by the European Commission in 2018 to support Erasmus+ National Agencies to improve their Training and Cooperation Activities (TCAs) – formerly known as Transnational Cooperation Activities until 2020. The acronym SALTO stands for Support, Advanced Learning and Training Opportunities. The Resource Centre is hosted by the Hungarian Erasmus+ National Agency, Tempus Public Foundation (TPF).

'TCA”: “Training and Cooperation Activity” is a training programme aimed at supporting the implementation of the Erasmus+ Programme to the highest possible standard. This type of training is coordinated by the SALTO Education & Training TCA Resource Centre.

“website”: the www.salto-et.net operated by the SALTO Education and Training Centre


The principles of the Data Protection Fund for the processing of personal data are:

Personal data

- handled lawfully, fairly and in a transparent manner for the Data Subject ("lawfulness, due process and transparency")

- collected for explicit, clear, and legitimate purposes and should not be further addressed in a manner incompatible with those objectives; further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes ('purpose limitation') in accordance with Article 13 shall not be considered incompatible with the original purpose;

- appropriate and relevant for the processing and limited to what is necessary ("data saving");

- accurate and, if necessary, up to date; all reasonable measures must be taken to ensure that inaccurate personal data are deleted or rectified without delay given the purposes for which they are processed ("accuracy");

- stored in a form that allows the identification of Data Subjects only for the time necessary for the processing of personal data; personal data may be stored for a more extended period only to the extent that the personal data will be processed for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes in accordance with Article 13, subject to the implementation of the appropriate technical and organisational measures provided for in this Regulation to protect the rights and freedoms of the Data Subject ('restricted storage');

- processed in such a way as to ensure the adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage to personal data, using appropriate technical or organisational measures ("integrity and confidentiality").

 

Data Controller:  European Commission

Directorate-General for Education, Youth, Sport and Culture 

Address: B-1049 Brussels Belgium

E-mail address: eac-data-protection@ec.europa.eu


Data Processor:  Tempus Public Foundation,

Address: 1077 Budapest Kéthly Anna Square 1, Hungary

Data Protection Officer: Dr. Gábor Ugrai

E-mail address: gdpr@tpf.hu


Source of personal data:  Persons concerned

Personal Data transmission: To the competent authorities upon request.


Scope of the data management:

Tempus Public Foundation is processing your following personal data:


Affected persons:

1. Registered persons on the www.salto-et.net  website 

Scope of personal data processed:

(categories marked with * are compulsory required data)

- First name *

- Last name *

- Username *

- Password

- E-mail *

- Contact number

- Sending National Agency *

- Country of residence

- Sector*

- confirmation that he is an adult *

 

The legal basis for the processing of personal data is Article 6 (1)(a) : the Data Subject has given their consent to the processing of their personal data for one or more specific purposes. 

Retention period of personal data: 10 years (under legal obligations) 

The purpose of personal data management is to manage the registration and the application process on the SALTO Education and Training www.salto-et.net  website.

Transfer of personal data: No specific data transfer takes place. If data are requested by an authority (police, public prosecutor's office, court, national security service), it happens based on a separate law.

Who has access to the personal data: The personal data of the Data Subjects can be accessed by the persons who are employees of the Data Controller or Data Processor or, in the case of online applications, employees of all national agencies of the respective TCA concerned or the contact persons provided on the website. They have been given special data protection training and are bound by a confidentiality obligation concerning the personal data they learn during their work. 


2. Affected persons: Employees of the National Agencies involved in TCA management

Scope of personal data processed:

 - Title

- First name

- Last name

- Username

- E-mail

- National agency

- Password

- Working Group membership

- Additional information

- Sector

Legal basis for the processing of personal data: Article 6(1)(a) : the Data Subject has given their consent to the processing of their personal data for one or more specific purposes.

Retention period of personal data: 10 years (based on a legal obligation) after that the personal data are anonymised.

The purposes of the processing of personal data are: to ensure the full provision of TCA management on the website, to maintain contact between colleagues involved in TCA management.

Transfer of personal data: no specific data transfer takes place. If data are requested by an authority (police, public prosecutor's office, court, national security service), it happens on the basis of a separate law.

Who has access to the personal data: The personal data of the Data Subjects can be accessed by the persons who are employees of the Data Controller or Data Processor or, in the case of online applications, employees of all national agencies of the respective TCA concerned or the contact persons provided on the website. They have been given special data protection training and are bound by a confidentiality obligation with regard to the personal data they learn during their work. 


b.) sending newsletters

Scope of personal data processed:

-name

-e-mail address

Legal basis for the processing of personal data: Article 6(1)(a): the Data Subject has given their consent to the processing of their personal data for one or more specific purposes.

Retention period of personal data: with regard to receiving the newsletter, the Data Subject may withdraw their consent at any time, so this personal data must be deleted regarding this processing.

The purposes of the processing of personal data: to stay in contact and send newsletters to the Data Subjects, in which they are informed about news and programmes. 

Transfer of personal data: No specific data transfer takes place. If data are requested by an authority (police, public prosecutor's office, court, national security service), it happens based on a separate law.

Who has access to the personal data: The personal data of the Data Subjects can be accessed by persons who are employees of the Controller or Processor or, in the case of an online application, employees of all national agencies related to a relevant TCA and the contact persons listed on the website. They have been given special data protection training and are bound by a confidentiality obligation with regard to the personal data they learn during their work.


3. Affected persons: experts recommended by the National Agencies involved in TCA management

Scope of personal data processed:

(categories marked with * are compulsory required data)

Profile: *

- First Name, Last Name*

- Email*

- Contact number*

- Country of residence*

Profiency

Sector(s):*

- AE (adult education)

- HE (higher education)

- VET (veterinary education)

- SE (school education)

- YH (youth)


Professional Profile:*

- Trainer

- Facilitator

- Researcher

- Key speaker, lecturer

- Coach

- Moderator

- Other, please specify:


Years of experience in the Erasmus and predecessor programmes:*

- Novice (less than 1 year)

- Explorer (1-2 years)

- Insider (3-5 years)

- Advanced (6-9 years)

- Expert (10+ years)


Experience with Key Action(s):*

- Key Action 1 : Mobility of individuals

- Key Action 2.: Cooperation for Innovation and Exchange of Good Practices

- Key Action 3.: Support for Policy Reform


Experience with the Erasmus + priorities:*

- Impact (2014-20)

- Inclusion (2014-20)

- Internationalisation (2014-20)

- Professionalisation of teachers and staff (2014-20)

- Inclusion and Diversity (2021-27)

- Digital transformation (2021-27)

- Environment and fight against climate change (2021-27)

- Participation in democratic life (2021-27)

- Increase the quality of programme implementation (2021-27)

- Other


Experience with target groups:*  

- School leaders, directors

- Teachers

- Trainers

- Professors

- Volunteers

- Education professionals

- Experts

- Other support staff

- Students

- School authorities

- Policy makers

- Representatives of non-governmental institutions

- Other


Spoken languages:* 

- English

- Spanish

- French

- German

- Other


Social media profiles (e.g. LinkedIn, Instagram, Facebook), website, blog

Background: *

CV upload (preferably Europass format)


References*

Title of reference:

professional role:

Start date – End date:

Countries:

Description:

Link to files or video

Experience with TCAs:*

(activity URL, if any)


Legal basis for the processing of personal data: Article 6(1)(a) : the Data Subject has given their consent to the processing of their personal data for one or more specific purposes.

Retention period of personal data: 10 years (based on a legal obligation) after that the personal data are anonymised.

The purposes of the processing of personal data are: to collect and manage information about the experts for creating and maintaining an expert pool on the website and to ensure the full provision of national agencies in their need of experts involved in TCA management.

Transfer of personal data: no specific data transfer takes place. If data are requested by an authority (police, public prosecutor's office, court, national security service), it happens on the basis of a separate law.

Who has access to the personal data: The personal data of the Data Subjects can be accessed by the persons who are employees of the Data Controller or Data Processor or employees of all national agencies registered on the website. They have been given special data protection training and are bound by a confidentiality obligation with regard to the personal data they learn during their work. 


YOUR DATA PROTECTION RIGHTS:

Subject to certain legal conditions, you may request access to, rectification, deletion, or restriction of processing your personal data. You may also object to processing or request data portability. In particular, you have the right to request a copy of the personal data that we hold about you. If you make this request repeatedly, we may make an adequate charge for this. 


You may exercise the following rights in relation to your personal data management:


Information and access to personal data (Article 15)

Where personal data relating to the Data Subject are collected from the Data Subject, the Controller at the time of obtaining the personal data provides the Data Subject with all the following information:

(a) the identity and contact details of the Controller;

(b) the contact details of the Data Protection Officer;

(c) the purpose of the intended processing of personal data and the legal basis for the data processing;

(d) the recipients of the personal data or the categories of recipients, if any;

(e) where appropriate, the fact that the Controller intends to transfer personal data to a third country or an international organisation, the existence or absence of a Commission adequacy decision, and the indication of the appropriate and suitable guarantees in the case of the transfer referred to in Article 48 and a reference to the means of obtaining copies or their availability.


Right of access of the Data Subject (Article 17) 

The Data Subject has the right to receive feedback from the Controller as to whether or not his personal data are being processed and, if such data processing is in progress, to have access to the personal data and the following information:

(a) the purposes of the data processing;

(b) the categories of personal data concerned;

(c) the categories of recipients or recipients to whom the personal data have been or will be communicated, including particularly third-country recipients or international organisations.

(d) where appropriate, the planned period for which the personal data will be stored or, if this is not possible, the criteria for determining that period;

(e) the right of the Data Subject to request from the Controller the rectification, deletion or restriction of the processing of personal data related to them and to object to the processing of such personal data;

(f) the right to lodge a complaint to the European Data Protection Supervisor (EDPS).


Right to rectification and deletion (Article 18-19) Article 111)

The Data Subject shall have the right, at his request, to rectify inaccurate personal data concerning him or her without undue delay. Considering the purpose of the processing, the Data Subject has the right to request that incomplete personal data be completed, including a supplementary statement.


Right to delete ('right to be forgotten')

1. The Data Subject has the right, at their request, to delete the personal data relating to them without undue delay and the Controller deletes the personal data relating to the Data Subject without undue delay if one of the following reasons occurs:

(a) the personal data are no longer necessary for the purposes from which they were collected or otherwise processed;

b) the Data Subject withdraws the consent on which the processing is based, and there is no other legal basis for the data processing;

c) the Data Subject objects to the processing, and there is no overruling legitimate reason for the processing;

(d) the personal data have been processed unlawfully;

(e) the personal data must be deleted in order to fulfil the legal obligation applicable to the Controller;

(f) personal data have been collected in connection with the provision of services of information society.


Right to restrict data processing (Article 20) 

The Data Subject has the right to restrict the processing of data at the request of the Controller if one of the following is fulfilled:

- the Data Subject disputes the accuracy of the personal data, in which case the restriction applies to the time that allows the Controller to verify the accuracy of the personal data, including their completeness;

- the processing is unlawful, and the Data Subject opposes the deletion of the personal data and instead, requests the restriction of their use;

- the Controller no longer needs the personal data for the purposes of data processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims;

- the Data Subject objected to the processing pursuant to Article 23(1); in this case, the restriction applies for the period until it is established whether the legitimate reasons of the Controller take precedence over the legitimate reasons of the Data Subject

 

Right to data portability (Article 22) 

The Data Subject has the right to receive the personal data concerning them which they have provided to a Controller in a planned, widely used, machine-readable format, and has the right to transmit such data to another Controller without being prevented from doing so by the Controller to whom he provided the personal data if:


- the processing is based on consent under Article 5(1)(d) or Article 10(2)(a) or on a contract under Article 5(1)(c); and

- the processing is carried out in an automated way.


Right to object (Article 23) 

The Data Subject has the right to object at any time to the processing of their personal data based on Article 5(1)(a), including profiling based on that provision, for reasons relating to their situation. In this case, the Controller may no longer process the personal data unless the Controller proves that the processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the Data Subject or which relate to the establishment, exercise or defence of legal claims.


If you have given us your consent for processing your personal data, you can withdraw the consent at any time with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. In case the consent is withdrawn, we may only further process the personal data if there is another legal ground for the processing.

If you have any concerns about how your personal data is handled by us or wish to make a complaint, you can contact us at the contact details below to have the matter investigated (gdpr@tpf.hu). If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the competent data protection supervisory authority in your country.


Security of data processing:

The Controller and the Processor implement suitable technical and organisational measures, considering the current state of the science and technology, the costs of implementation, the nature, scope, circumstances, and purposes of the data processing and also the varying probability and severity of the risks concerning the rights and freedoms of natural persons, to ensure a level of data security appropriate to the level of risk, including


- pseudonymisation and encryption of personal data;

- ensuring the continuous confidentiality, integrity, availability and resilience of the systems and services used for processing personal data;

- in the event of a physical or technical incident, the ability to restore the availability and access to personal data promptly;

A procedure for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures taken to ensure data processing security.


Legal Remedy:

To make a complaint on data processing operation by the Data Processor you may apply to the Data Processor's data protection officer:  gdpr@tpf.hu. You can apply to the Hungarian National Authority for Data Protection and Freedom of Information (contact details: (www.naih.hu), address: 1055 Budapest, Falk Miksa utca 9-11. , postal address: 1363 Budapest, Pf. 9. ., +36 (1) 391-1400, fax: +36 (1) 391-1410, e-mail address:  ugyfelszolgalat@naih.hu) or to the competent court with a complaint regarding the processing of your personal data by Tempus Public Foundation or by any data processor assigned thereby.

Budapest, 10. December 2021