• contact@dya.hu
Facebook Instagram

Data Protection Guidelines for Associations Based in Hungary with International Activities

Introduction The European Union’s General Data Protection Regulation (GDPR), adopted on April 27, 2016, applies to all member states, including Hungary. Effective since May 25, 2018, GDPR safeguards personal data and ensures its free movement across the EU. Hungarian associations comply with GDPR through national regulations, including Act CXII of 2011 on Informational Self-Determination and Freedom of Information (“Privacy Act”).

Fejlődő Fiatalok Egyesülete, as an association based in Hungary and organizing events across various EU countries, has implemented measures to ensure full compliance with these data protection requirements.

Applicability of GDPR GDPR applies to all organizations within the EU, including associations in Hungary. It also extends to entities outside the EU offering goods or services to EU residents. Key requirements include:

  • Data Breach Notifications: Associations must promptly report breaches to Hungary’s National Authority for Data Protection and Freedom of Information (NAIH) to mitigate risks to affected individuals.

  • Transparency in Data Use: Organizations must provide clear, accessible explanations about how they process personal data.

  • Broader Definition of Personal Data: GDPR covers identifiers like names, addresses, and IP addresses, alongside sensitive data such as genetic and biometric information.

Key Principles for Data Processing To ensure compliance, Fejlődő Fiatalok Egyesülete adheres to these principles:

  1. Purpose Specification: Collect data only for clearly stated, lawful purposes that are communicated to individuals.

  2. Transparency and Fairness: Process data in a lawful, fair, and transparent manner.

  3. Data Minimization: Gather only the information necessary for specific activities or events.

  4. Accuracy: Keep data up to date, offering mechanisms for individuals to correct inaccuracies.

  5. Data Security: Protect data with robust technical and organizational measures against unauthorized access, loss, or damage.

Categories of Personal Data Processed

  1. Event Participants and Community Members

    • Data collected: Names, contact details, CVs, professional backgrounds, medical information, and parental consent for minors.

    • Purpose: To manage participation in events, maintain member profiles, and provide updates.

  2. Partner Organizations

    • Data collected: Representative details (names, emails, phone numbers), legal documents, and organizational information.

    • Purpose: To facilitate collaborations and meet administrative requirements.

  3. Staff Members

    • Data collected: Personal details, professional records, identification documents, and legal compliance data.

    • Purpose: To manage employment and legal obligations.

  4. Real Beneficiaries

    • Data collected: Personal and professional information of board members, executives, and associates, as required by Hungarian law.

    • Purpose: To comply with reporting obligations under Act V of 2013 on the Civil Code.

Purposes for Data Processing

  1. Participants and Members

    • Data is used to coordinate projects, maintain profiles, and share necessary details with volunteers or partner organizations under strict legal terms.

  2. Partner Organizations

    • Data facilitates collaboration and may be included in EU databases for grant applications or audits.

  3. Staff Members

    • Data supports operational needs and remains stored for a limited time post-employment to fulfill legal requirements.

  4. Real Beneficiaries

    • Data is reported to Hungarian authorities, as mandated by law.

Rights of Individuals Under GDPR, individuals have the right to:

  • Access: Obtain information about how their data is processed.

  • Rectification: Correct inaccurate or outdated data.

  • Deletion: Request removal of their data.

  • Restriction: Limit data processing in specific situations.

  • Portability: Transfer their data to another entity upon request.

Data Protection Measures

  1. Consent-Based Processing:

    • Consent is obtained explicitly through registration forms or agreements, and individuals can withdraw consent at any time.

  2. Centralized Data Management:

    • Implement systems to store data securely, allowing individuals to update or delete their information as needed.

Data Protection Authority For data protection inquiries or complaints, individuals may contact Hungary’s National Authority for Data Protection and Freedom of Information (NAIH):

  • Website: naih.hu

Regarding data protection, contact us: contact@dya.hu or president@dya.hu