Privacy policy

Privacy Statement for the processing of personal data related to the project ‘PROFFORMANCE+ - Professionalism and high performance in Higher Education - Enhanced PROFFORMANCE toolkit for 21st century teachers’

1. The purpose of the statement

2. Purposes of data management

3. Data controller and data processor

4. Scope of processed personal data

• PROFFORMANCE Assessment Tool

5. The legal basis, objective, and method of data management

6. Scope of persons with access to the data

7. Duration of data management

8. Data transfer to a third country (outside the EU or the EEA)

9. Information about the data subject's rights in relation to data management

10. Other provisions

 

Annex No. 1: Interest Protection Test

 

Privacy Statement | PROFFORMANCE project “Assessment Tool and Incentive Systems for Developing Higher Education Teachers’ Performance”

 

ADATKEZELÉSI NYILATKOZAT a ’PROFFORMANCE+ ’Professionalism and high performance in Higher Education - Enhanced PROFFORMANCE toolkit for 21st century teachers’
projekthez kapcsolódó személyes adatok kezeléséhez

---

1. The purpose of the statement   

The purpose of this statement is to provide information on the protection of personal data
processed by the Ministry of Culture and Innovation (MIC), the TPF (Tempus Public Foundation) as an affiliated entity, the consortium partners, the European Commission and EACEA (Education, Audiovisual and Culture Executive Agency) in the PROFFORMANCE+ project (hereinafter: Project).

1. In order to implement the project supported by the European Commission and its delegate EACEA, the Tempus Public Foundation (TPF), designated by the Ministry of Culture and Innovation (MIC) as an affiliated entity, processes personal data in the PROFFORMANCE+ project.
2. This information sheet contains the data processing that is processed by the Tempus Public Foundation for the fulfillment of its tasks in the Project by the European Commission and the Educational, Audiovisual and Cultural Executive Agency authorized by it.
3. This information sheet also covers data processing by the consortium partners during the performance of the tasks included in the agreements.

The processing of personal data is based on the following legalizations:

• Regulation 2018/1725 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data by EU institutions, bodies, offices and agencies and on the free movement of such data,

• and European Regulation 2016/679 of the European Parliament and of
  the Council on the General Data Protection Regulation It is based on the Parliamentary and Council Regulation (hereinafter: GDPR) and Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information. 

2. Purposes of data management

The purposes of the data management are the preparation and implementation of the Project, as well as preparation of the reports, management of the contacts, concluding contracts, disseminating the results of the Project, compilation and submission of reports to the
European Commission and the EACEA authorized by it.

Furthermore, sending newsletters, communication, promotional and information material to those concerned.

The aim of the project is the dissemination of the project results, the further development of the previously developed Assessment Tool, the development of a teacher support system, the development of courses, the collection and distribution of good examples and practices to support and improve the performance of higher education teachers.

3. Data controller and data processor

3.1 Data controller:

Name: European Commission, and the Educational, Audiovisual and Cultural Executive Agency authorized by it.

Contact: information on data processing can be obtained from the contact points indicated in the Commission's privacy statements and from the European Data Protection Supervisor.

3.2 Data processor:

• Name: Tempus Public Foundation (TPF)
• Registered office: 1077 Budapest Kéthly Anna tér 1.
• Postal address: H - 1438 Budapest 70, POBox. 508.
• Phone number: +36-1-237-1300
• Represented by: Károly Czibere, president
• Data protection officer: dr. Gábor Ugrai
• E-mail address: adatvedelem@tpf.hu

 

4. Scope of processed personal data:

For the purpose of implementing the Project, the following personal data will be processed:

• the data of the non-natural person designated by the Contracting Party as the contact person in the contract for the preparation and fulfillment of the contract,
• the data of a natural person Contracting Party necessary for the preparation and performance of the contract,
• personal data of teachers and project coordinators applying for the "Good Practice" call for proposals,
• personal data of participants in events and working groups,
• personal data of representatives of the institutions participating in the Project activities
• personal data included in the reports based on the contracts concluded with the partner organizations and the experts involved in the implementation of the Project.

• During the Project, the following data processing will be carried out by the European Commission, the EACEA acting on its behalf, the Ministry of Culture and Innovation, as well as the affiliated entity, the Tempus Public Foundation, and the consortium partners for the individual partnership tasks:

  Contracting

• the data of the non-natural person designated by the Contracting Party as the contact person in the contract for the preparation and fulfillment of the contract: name, position, telephone number, e-mail address;
• In the case of a contract concluded with a natural person Contracting Party, the data required by law and necessary for payments (application materials and reports also include: name of employer, curriculum vitae, professional experience (publications, positions held at previous workplaces, etc.) are processed;

• Good practice award call

  As a result of the "Good Practice" Call for Proposals, the following personal data will be processed during the operation of the free, publicly accessible online database: personal data included in the application documents, which are: name, institution, phone number, position, e-mail contact of the author(s).

  Of the above data, with the consent of the author(s), only data requested with a public designation are publicly available to anyone during the publication of the methodologies on the website created by the Data Controller.

  Experts involved in Project implementation:

  The following data will be published on the project’s website based on prior consent of the experts: name, organization, country, e-mail address, photo, short profile description;

• personal data of the experts directly involved in the performance by the partner organizations or the coordinator (data necessary for the documentation supporting the use of the support and travel organization – name, contact information, employer, curriculum vitae, professional experience (e.g., publications, positions held at previous workplaces)) is processed.

• Institutional contributions:

• During the Project, the data of the contact person(s) and the contributing persons in connection with institutional cooperation: name, institution, position, email address, telephone number, professional experience will be managed;
• The data provided in connection with the project activities, as well as the data collected during the institutional cooperation, will be used for scientific and statistical purposes, the identity of the person completing the questionnaire will not be identifiable after the processing of the responses received, it will be used anonymously.

PROFFORMANCE Assessment Tool

I. Scope of personal data processed

a.) User’s data in the system

• When registering for the PROFFORMANCE assessment tool, the following data are required and are processed:
• name,
• email address,
• country (optional)
• institution, institutional unit (when assigning the evaluation task),
• age and sex, for statistical purposes (when filling in the questionnaire).
• user role (User, Admin, SysAdmin),
• status (active or inactive, where was last active in the system, when was last active in the system, what was the last active IP address).

b.) Based on relative entitlement data

• to which unit the user is linked,
• type of entitlement (administrator or teacher),
• name (administrator or teacher),
• position (administrator or teacher's institutional position),
• email address (link to the user's basic data),
• status (active or inactive)

II. For access to personal data, different levels of access rights for data protection and information security purposes have been set as follows.

For surveys launched by external parties (teachers, institutional units, institutions, consortia), the personal data in the system are secured by the Tempus Foundation - the data are not used in any way and are not transmitted to third parties. The network creator and the survey initiator may access and have access to the personal data. The data generated in the framework of "networks" or "tasks" organised by the institutions are not used by Tempus Public Foundation, only the operational background is provided.

In the case of an individual task, the completed data is only visible to the organiser of the task. In the case of evaluation tasks launched at institutional unit level, personal data may be seen by the immediate supervisor, in the case of evaluations launched at consortium level, by the consortium's delegated administrator, data controller. Even in the case of multi-level evaluation tasks, only the immediate supervisor will see the data of the respondents under him/her, those at the higher levels will only see aggregated data.

The administrator and user roles have been separated in the following ways:

a.) User

This is the lowest level user role. Each user who is assigned to the system, will receive this role, and will be able to use all the "professional" functions of the Tool.

b.) Admin

Middle level user role. By registering or adding a User, but in any case by assigning the Admin role, one can become a user of this level. These users can be members of the TPF Profformance team.

In addition to the functions used by the User level user, he/she can see the institutional structures (Network) created by all users and perform administrative activities in them. Furthermore, you can view the list of Users, edit User data, activate and deactivate a User if necessary. User can view Activity log and e-mail (email notification sent from the system) log.

c.) SysAdmin

Highest level user role (Tempus Public Foundation developers).

In addition to the two lower level functions, it sees the Users' Global Activity and Email logs. Can put the system into system maintenance mode. It can manage Language Translator Keys, Pages, Email Templates through the interface.

III. The data can be viewed by the following natural persons for surveys launched in each network:

If an institution or institutional unit, or a teacher, participates in more than one network, the assessment results launched in each network can only be seen by the administrators of that network.

a.) Individual use

The evaluations launched by a teacher at his/her own level in his/her own network are not visible to the administrator of the evaluation process organised by the institution.

b.) Departmental use

The results of an assessment initiated at departmental level are not visible at a higher level if they are created in a separate departmental network.

c.) Institutional use

Aggregate results:

If the institution launches an assessment, asking faculties or departments to create their sub-unit within the institutional network, the assessment results of the department will be seen in aggregated form at higher levels.

Individual results:

Individual results of assessment results initiated at the institutional/institutional unit level are only visible to the immediate supervisor (department, workgroup leader, etc.), in this case also only aggregated results are visible at the higher levels.

d.) Use at national level

If the Ministry/Tempus Public Foundation/Educaton Athority/Rectors’ conference launches a national survey using the system, a separate network will be set up to define the scope, purpose, duration, participants, method and duration of the survey, which will be communicated to the institutions. In this case, the privacy and data use issues will be made available in detail to all parties and, in that case, the nature and modalities of the agreement will be jointly agreed by the parties. In the case of a national or regional survey, only the data collected in that survey will be available, i.e. the initiating body will not have access to the results of surveys previously or subsequently launched by the institution in its own network.

IV. Relative access rights that may be granted to users

Two types of relative access rights can be associated with units:

• administrator
• teacher

Network Administrator:

With administrator rights, which are linked to a specific unit, the User can perform administrative tasks at the level occupied within the institutional structure and at the levels below.

• create and edit units under his/her own unit.
• link another administrator to his/her own unit as well as to a unit at a level below.
• link a teacher to his/her own unit and to a unit at a level below.
• create and edit an assessment cycle linked to your own unit or to a level below.
• view the self-evaluation results of teachers in their own unit at the end of the unit's evaluation cycle, compared to the peer and student evaluations received for that teacher (administrator as immediate supervisor)
• At the end of an evaluation cycle for a lower unit, you can view the results of that evaluation in aggregated form.

Network Teacher:

Having the teacher role, which is linked to a specific unit of a specific institutional structure, the user can do the following.

• He/she can conduct self-assessment, peer assessment in an active assessment cycle and share with his/her own students (non-users of the system) the link to his/her Student Feedback assessment.
• You can submit peer evaluations to teachers linked to the same unit.
• And at the end of the assessment cycle, you can view the results of your own assessment, compared to the results of the Self, Peer and Student assessments.
• You can create a Personal task (individual assessment) if it is linked to an institutional structure. In this case, the results of the Task can only be seen by the teacher who initiated it.

       The Network teacher does not see his/her own institutional structure.

V. Other provisions concerning the Profformance Evaluation Tool

• The database administrator and the Tempus Public Foundation, which provides the system, shall, in its role as a careful host, protect the data collected at individual and institutional level and kept in the database. It will not be transferred to third parties and will not be used without authorisation, and therefore third parties will not have access to institutional and personal data in the case of assessment surveys launched by the institution.
• 2. If the Tempus Public Foundation is commissioned to conduct a higher level, national or international evaluation process, in this case, it may involve institutions in the evaluation process, communicating and coordinating this accordingly, but in this case, too, personal data may only be used by the persons' immediate supervisor. All levels above can only see aggregated data.
• 3. Surveys initiated by users (individuals, institutions, consortia, etc.) are voluntary and free of charge. The processing of data in this context is governed by the Data Management and Use Policy. The agreement for the use of the system is a unilateral legal declaration by the user, made at the time of registration, by accepting the appropriate point and by using the system, means accepting the privacy statement and the terms and conditions set out in the privacy policy and terms of use. The data of the "networks" created by the user are at the user's disposal and may be used for his/her own purposes, subject to full information of the participants.
• 4. The data of surveys launched by external parties, users (institutions, consortia, institutional units, individuals, working groups) will be at the disposal of the network creator and survey initiator. Consequently, the survey initiator has access to and can use the name, institution, email address, age, gender, position and the individual's evaluation results. Therefore, in all cases, before participating in an assessment, you should make sure that you know the identity of the person who is initiating the assessment and the purpose of the assessment and how the data will be handled. The Tempus Public Foundation, the European Commission, the PROFFORMANCE consortium partners do not take any responsibility for the use of data generated by assessments initiated by external individuals or organisations - it is based on an agreement between the participant and the network administrator and legal disputes will need to be settled between them.
• 5. The data and functions in the system are given, and can only be extended by the developer in a separate development round.
• 6. Data can be deleted from the system at the user's request. For certain personal data, the retention period is 10 years according to § 101 of the General Data Protection Act.

For sending a newsletter:

• The name and e-mail address of the person concerned.
• By subscribing to the newsletter, the person concerned agrees to receive information material on the Project and related topics from the PROFFORMANCE+ project
• representatives, unless otherwise requested, i.e., unsubscribe.

5. The legal basis, objective, and method of data management

5.1 The legal basis for processing is the legitimate interest of the Data Controller
based on Article 6 (1) point f) of the GDPR in the preparation and performance of the contract, on the basis of the data of the person indicated by the non-natural person Contracting Party as a contact person in the contract.

The purpose of the data processing is to maintain contacts, dissemination and reporting necessary for the preparation and fulfillment of the contract for the implementation of the Project.

The Data Controller examined its legitimate interest in an interest assessment test, the interest assessment test is Annex No. 1 of this information sheet.

5.2 The legal basis for the processing is the processing of personal data necessary for the preparation and performance of the contract with the natural person contracting party in the preparation and conclusion of the contract pursuant to Article 6(1)(b) of the GDPR. The purpose of data management is to prepare and fulfill the expert contracts necessary for the implementation of the Project.

5.3 The legal basis for the processing of the data of applicants for the "Good Practice" call for proposals and respondents involved in the Project activities is the voluntary consent of the data subject pursuant to Article 6(1)(a) of the GDPR. The purpose of data management is to share the good experience with interested public.

5.4 The legal basis of the data processing is the legitimate interest according to Article 6 (1) point f) of the GDPR regarding the management of the personal data of the experts involved in the completion of the project by the partner organizations. The Data Controller examined its legitimate interest in an interest assessment test, the interest assessment test is Annex No. 1 of this information sheet. The purpose of data management is to involve the experts of the partner organizations in the implementation of the Project.

5.5 During the implementation of the Project, the Data Controller and the Data Processor manage personal data for the purpose specified in point 5 of this statement.

5.6 The legal basis for data processing in connection with the sending of the newsletter is the voluntary consent of the data subject in accordance with Article
6(1)(a) of the GDPR.

6. Scope of persons with access to the data

Personal data can be accessed by the TPF staff members whose job it is to implement the project, the Higher Education Policy, Research and Development Unit, the IT Directorate, the Communication Directorate, the Directorate of Finance, the Legal and Operational Directorate, the Secretariat, the Board of Trustees, MIC, the bodies entitled to audit the data controller, the accounting office and auditors requested by the European Commission.

TPF will make personal data available to the European Commission and the EACEA, as well as consortium partners of the PROFFORMANCE+ Project on the basis of points a) and c) of Article 5 (1) of EU Regulation No 2018/1725.

7. Duration of data management

The Data Controller shall keep the data until the deadline for the exercise of the right of control by the bodies performing his/her inspection. Pursuant to § 101 of the Public Finances Act, the retention period is 10 years.

In the case of processing personal data related to the newsletter, until the consent of the data subject is withdrawn.        

8. Data transfer to a third country (outside the EU or the EEA)

TPF may transfer the data to third country. The data will be transferred - to Georgia and Serbia - to countries outside the European Union or EEA Member States if necessary for the implementation of the Project. The legal basis for the transfer is laid down in Article 46 (1) and (2) (b) of the GDPR: the controller or processor may transfer data to a third country if it has provided adequate guarantees to the data owner. The application of the general data protection clauses adopted by the Commission in accordance with the examination procedure is an appropriate guarantee.

9. Information about the data subject's rights in relation to data management

9.1 You have the right to request information about your personal data managed by the Data Controller or the Data Processor at any time and also modify them at any time by sending an e-mail request to the contact details in point 3.2.

9.2 At your request, the Data Controller or the Data Processor must provide you with information regarding your personal data it manages:

• about your data,
• the source of such data,
• the purpose, legal basis and duration of the data management,
• the name, address and activities related to data management of the data processor,
• the circumstances and effects of the data protection incident, the measures taken to remedy the incident, and – in the case of transmission of the personal data – the legal basis and the recipient of the data transfer.

9.3 You are entitled at any time to:

• request the correction of any incorrectly recorded data
• obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay when GDPR doesn’t apply.

The Data Controller - through its data protection officer – and the Data Processor keep a record to supervise and keep you informed of any measures taken in connection with the data protection incident including the scope of personal data concerned, the scope and number of persons affected by the data protection incident, the date, circumstances and effects of the data protection incident and the measures implemented in order to remedy the incident, as well as any other data specified in the laws governing the management of data.

9.4 You are entitled at any time to address to data protection officer of Data Processor or Data Controller with any questions or concerns.

9.5 The data subject has the right at its request to delete personal data concerning him or her without undue delay, and the data controller is obliged to delete personal data concerning him or her without undue delay if one of the reasons under the GDPR exists

9.6 You can make a complaint:

• to the data protection officer of the data processor (adatvedelem@tpf.hu) and
• the European Data Protection Supervisor or the Hungarian National Authority for Data Protection and Freedom of Information.

In the event of a possible violation of his or her rights, the data subject may initiate an investigation by the Hungarian National Authority for Data Protection and Freedom of Information according to point a) of § 22 of the CXII (Information Act^[1].) of 2011 and may request the conduct of the authority's official data protection procedure based on point b).

National Authority for Data Protection and Freedom of Information:  

• postal address: H - 1363 Budapest, PO Box 9.
• address: H - 1055 Budapest, 9-11. Falk Miksa street
• Phone: +36 (1) 391-1400
• Fax: +36 (1) 391-1410
• E-mail: ugyfelszolgalat@naih.hu
• Web: www.naih.hu 

The data subject may take legal action to enforce his or her rights under Article 23 of the Info Act.

9.7 If you have provided the data of a third party in order to use the service, the Data Controller is entitled to enforce compensation against you. In such a case, the controller shall provide all possible assistance to the competent authorities in order to establish the identity of the infringer.

10. Other provisions

10.1 In all cases where the Data Controller intends to use the data provided for purposes other than the purpose of the original data collection, it will notify and obtain from you your prior expressed consent and will provide you the opportunity to prohibit such use.

10.2 The Data Controller and the Data Processor undertake to ensure the security of the data, to implement technical measures to ensure the protection of the recorded, stored or managed data, and to do everything in its power to prevent the destruction, unauthorized use and unauthorized alteration of the data. The Data Controller and the Data Processor also undertakes to call on any third party to whom the data may be transferred or handed over to comply with these obligations.

10.3 The Data Controller reserves the right to unilaterally modify the rules and information on its website regarding the management of data.

---

Annex No. 1

Interest Protection Test

on personal data processing in connection with the experts and the contact persons involved in the PROFFORMANCE+ project

1. The reason for carrying out an interest protection test:

The reason of the present interest protection test is to determine whether the linked third party, the Tempus Public Foundation (hereinafter: TPF) handles the expert’s and contact person’s personal data (hereinafter: data subject) in PROFFORMANCE+ project is in compliance with the law in cases (GDPR[2] and Info Act[3]) when using them in preparation and performance of contract and agreements, dissemination of project result, compiling and submitting reports where personal data have not been obtained from the data subject. In the test TPF identify the legitimate interests of TPF, and balance these against the data subject’s and participant’s interests, as well as the relevant fundamental rights. Ultimately, because of the balancing, TPF can determine that such data can be handled in compliance with the law in cases (GDPR and Info Act.)

2. Subject of the interest protection test

TPF manages the subject’s personal data under the legal base of GDPR in point f) paragraph 1 Article 6. TPF will examine in present test its own and its contractual Partner legitimate interest in data management.

3. Relevance of data management

TPF examines whether personal data are absolutely necessary to achieve its purpose: are there any alternative solutions that can be used to achieve the intended purpose without the need for personal data management?

TPF handles the following personal data of the data subject:

contact person’s data: contact person’s name and email address, contact person’s employer;

expert’s data: expert’s name and availability, place of birth, date of birth, personal identification numbers (e.g.: tax ID number, social security number, ID numbers), bank account number, full time employer, professional experience, (e.g.: CV, publication, positions at former employer).

These personal data are necessary to implement project activities and to fulfil the contract and keep in touch with the contact person. The contract concluded between TPF and the Organization (hereinafter: Partner, collectively referred to as Parties) who is in legal connection with the data subject (btw. employment contract or other type of agreements).

Parties manage the personal data of data subject to perform the contractual tasks in PROFFORMANCE+ project, (contracting, to disseminate result, for reporting, keeping contact).

TPF cannot perform the contractual tasks without managing the subject’s personal data in other alternative way.

4. Defining TPF’s legitimate interest as precisely as possible

TPF has a real and legitimate interest for managing the personal data. Both Parties -TPF and Partner - have common goals in connection with their contractual obligations to implement the activities of PROFFORMANCE+ project.

The personal data are necessary for the aim of data processing, for the fulfilment the PROFFORMANCE+ project activities determined in the contract between the Parties (TPF and Partner).

5. Duration of processing personal data

The retention period of the Affected Personal Data stipulated in the contract is 10 years after the closure of the PROFFORMANCE+ project. Reason for the retention period (keeping personal data): the bodies authorized to audit the TPF may audit the PROFFORMANCE+ project for 10 years after the closure of the program.

6. Guarantees of the data management and source of personal data

Guarantees for data management: TPF assures the Data Subject that the data management principles set out in Article 5 of the GDPR Regulation will apply during the period of data processing. The purpose, legal basis, duration of the data processing are and rights and right of appeal of Data Subjects are detailed in the Privacy Statement.

Source of the personal data:

The personal data of the Data Subject shall be made available to TPF by the Contracting Partner, who shall transfer them to TPF for the purpose of data management.

The Personal Data of the Data Subject is taken over and processed by TPF for the legitimate interests of itself and the Contracting Partner.

7. Determining why the legitimate interest of TPF - and the data management carried out on such basis - constitutes a proportionate restriction

In the course of data management, TPF takes into account the following principles: While handling personal data, TPF applies the least restrictive method of privacy rights.

TPF during its data management ensures that the Data Subject exercises the rights to which he or she is entitled.

The data management of TPF does not cause a significant degree of interest violation to the data subject.

8. Result

TPF has carried out a so-called interest balancing test, in which it has determined that the TPF’s interest is legitimate, real and clear. Therefore, a legitimate interest under Article 6 (1) (f) of the GDPR Regulation could serve as a basis for data processing.