Privacy policy

Privacy Statement for the processing of personal data related to the project ‘PROFFORMANCE+ - Professionalism and high performance in Higher Education - Enhanced PROFFORMANCE toolkit for 21st century teachers’

1. The purpose of the statement

2. Purposes of data management

3. Data controller and data processor

4. Scope of processed personal data:

5. The legal basis, objective, and method of data management

6. Scope of persons with access to the data

7. Duration of data management

8. Data transfer to a third country (outside the EU or the EEA)

9. Information about the data subject's rights in relation to data management

10. Other provisions

 

Annex No. 1: Interest Protection Test

 

Privacy Statement | PROFFORMANCE project “Assessment Tool and Incentive Systems for Developing Higher Education Teachers’ Performance”

---

1. The purpose of the statement   

The purpose of this statement is to provide information on the protection of personal data
processed by the Ministry of Culture and Innovation (MIC), the TPF (Tempus Public Foundation) as an affiliated entity, the consortium partners, the European Commission and EACEA (Education, Audiovisual and Culture Executive Agency) in the PROFFORMANCE+ project (hereinafter: Project).

1.1 In order to implement the project supported by the European Commission and its delegate EACEA, the Tempus Public Foundation (TPF), designated by the Ministry of Culture and Innovation (MIC) as an affiliated entity, processes personal data in the PROFFORMANCE+ project.

1.2 This information sheet contains the data processing that is processed by the Tempus Public Foundation for the fulfillment of its tasks in the Project by the European Commission and the Educational, Audiovisual and Cultural Executive Agency authorized by it.

1.3 This information sheet also covers data processing by the consortium partners during the performance of the tasks included in the agreements.

The processing of personal data is based on the following legalizations:

• Regulation 2018/1725 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data by EU institutions, bodies, offices and agencies and on the free movement of such data,
• and European Regulation 2016/679 of the European Parliament and of
  the Council on the General Data Protection Regulation It is based on the Parliamentary and Council Regulation (hereinafter: GDPR).

2. Purposes of data management

The purposes of the data management are the preparation and implementation of the Project, as well as preparation of the reports, management of the contacts, concluding contracts, disseminating the results of the Project, compilation and submission of reports to the
European Commission and the EACEA authorized by it.

Furthermore, sending newsletters, communication, promotional and information material to those concerned.

The aim of the project is the dissemination of the project results, the further development of the previously developed Assessment Tool, the development of a teacher support system, the development of courses, the collection and distribution of good examples and practices to support and improve the performance of higher education teachers.

3. Data controller and data processor

3.1 Data controller:

Name: European Commission, and the Educational, Audiovisual and Cultural Executive Agency authorized by it.

Contact: information on data processing can be obtained from the contact points indicated in the Commission's privacy statements and from the European Data Protection Supervisor.

3.2 Data processor:

• Name: Tempus Public Foundation (TPF)
• Registered office: 1077 Budapest Kéthly Anna tér 1.
• Postal address: H - 1438 Budapest 70, POBox. 508.
• Phone number: +36-1-237-1300
• Represented by: Károly Czibere, president
• Data protection officer: dr. Gábor Ugrai
• E-mail address: adatvedelem@tpf.hu

4. Scope of processed personal data:

For the purpose of implementing the Project, the following personal data will be processed:

• the data of the non-natural person designated by the Contracting Party as the contact person in the contract for the preparation and fulfillment of the contract,
• the data of a natural person Contracting Party necessary for the preparation and performance of the contract,
• personal data of teachers and project coordinators applying for the "Good Practice" call for proposals,
• personal data of participants in events and working groups,
• personal data of representatives of the institutions participating in the Project activities
• personal data included in the reports based on the contracts concluded with the partner organizations and the experts involved in the implementation of the Project.

During the Project, the following data processing will be carried out by the European Commission, the EACEA acting on its behalf, the Ministry of Culture and Innovation, as well as the affiliated entity, the Tempus Public Foundation, and the consortium partners for the individual partnership tasks:

Contracting

• the data of the non-natural person designated by the Contracting Party as the contact person in the contract for the preparation and fulfillment of the contract: name, position, telephone number, e-mail address;
• In the case of a contract concluded with a natural person Contracting Party, the data required by law and necessary for payments (application materials and reports also include: name of employer, curriculum vitae, professional experience (publications, positions held at previous workplaces, etc.) are processed;

Good practice award call

As a result of the "Good Practice" Call for Proposals, the following personal data will be processed during the operation of the free, publicly accessible online database: personal data included in the application documents, which are: name, institution, phone number, position, e-mail contact of the author(s).

Of the above data, with the consent of the author(s), only data requested with a public designation are publicly available to anyone during the publication of the methodologies on the website created by the Data Controller.

Experts involved in Project implementation:

The following data will be published on the project’s website based on prior consent of the experts: name, organization, country, e-mail address, photo, short profile description;

• personal data of the experts directly involved in the performance by the partner organizations or the coordinator (data necessary for the documentation supporting the use of the support and travel organization – name, contact information, employer, curriculum vitae, professional experience (e.g., publications, positions held at previous workplaces)) is processed.

Institutional contributions:

• During the Project, the data of the contact person(s) and the contributing persons in connection with institutional cooperation: name, institution, position, email address, telephone number, professional experience will be managed;
• The data provided in connection with the project activities, as well as the data collected during the institutional cooperation, will be used for scientific and statistical purposes, the identity of the person completing the questionnaire will not be identifiable after the processing of the responses received, it will be used anonymously.

PROFORMANCE Assessment Tool

• When registering the PROFFORMANCE Assessment Tool, the following data are required: name, email, country, and, when assigning the evaluation task, the institution, institutional unit, as well as age and gender for statistical purpose when filling in the questionnaire. In the case of individual tasks, the completed data will be visible only to the organizer of the task. In the case of evaluation tasks initiated at the level of the institutional unit, the personal data may be seen by the immediate supervisor, in the case of evaluations initiated at the level of a direct supervisor, at the consortium level, the authorized administrator or data manager of the consortium can see the personal data. Even in the case of multi-level assessment tasks, only the direct supervisor can see the data of the people filling in under him/her, all levels above can only see aggregated data.
• The manager of the database, the Tempus Public Foundation, acts as a careful manager and protects the data included in the database collected at the individual and institutional level. They will not be transferred to third parties and they will not be used without permission. In case Tempus Public Foundation is commissioned to conduct a higher-
  level, national or international evaluation process, communicating this appropriately, but also in this case the use of personal data is only possible for the direct supervisor of the individuals. All levels above can only see aggregated data.
• The data can be deleted from the system at the user's request.

For sending a newsletter:

• The name and e-mail address of the person concerned.

By subscribing to the newsletter, the person concerned agrees to receive information material on the Project and related topics from the PROFFORMANCE+ project
representatives, unless otherwise requested, i.e., unsubscribe.

5. The legal basis, objective, and method of data management

5.1 The legal basis for processing is the legitimate interest of the Data Controller
based on Article 6 (1) point f) of the GDPR in the preparation and performance of the contract, on the basis of the data of the person indicated by the non-natural person Contracting Party as a contact person in the contract.

The purpose of the data processing is to maintain contacts, dissemination and reporting necessary for the preparation and fulfillment of the contract for the implementation of the Project.

The Data Controller examined its legitimate interest in an interest assessment test, the interest assessment test is Annex No. 1 of this information sheet.

5.2 The legal basis for the processing is the processing of personal data necessary for
the preparation and performance of the contract with the natural person
contracting party in the preparation and conclusion of the contract pursuant to
Article 6(1)(b) of the GDPR. The purpose of data management is to prepare and fulfill the expert contracts necessary for the implementation of the Project.

5.3 The legal basis for the processing of the data of applicants for the "Good Practice"
call for proposals and respondents involved in the Project activities is the voluntary consent of the data subject pursuant to Article 6(1)(a) of the GDPR. The purpose of data management is to share the good experience with interested public.

5.4 The legal basis of the data processing is the legitimate interest according to Article 6 (1) point f) of the GDPR regarding the management of the personal data of the experts involved in the completion of the project by the partner organizations. The Data Controller examined its legitimate interest in an interest assessment test, the interest assessment test is Annex No. 1 of this information sheet. The purpose of data management is to involve the experts of the partner organizations in the implementation of the Project.

5.5 During the implementation of the Project, the Data Controller and the Data Processor manage personal data for the purpose specified in point 5 of this statement.

5.6 The legal basis for data processing in connection with the sending of the newsletter is the voluntary consent of the data subject in accordance with Article
6(1)(a) of the GDPR.

6. Scope of persons with access to the data

Personal data can be accessed by the TPF staff members whose job it is to implement the project, the Higher Education Policy, Research and Development Unit, the IT Directorate, the Communication Directorate, the Directorate of Finance, the Legal and Operational Directorate, the Secretariat, the Board of Trustees, MIC, the bodies entitled to audit the data controller, the accounting office and auditors requested by the European Commission.

TPF will make personal data available to the European Commission and the EACEA, as well as consortium partners of the PROFFORMANCE+ Project on the basis of points a) and c) of Article 5 (1) of EU Regulation No 2018/1725.

7. Duration of data management

The Data Controller shall keep the data until the deadline for the exercise of the right of control by the bodies performing his/her inspection. Pursuant to § 101 of the Public Finances Act, the retention period is 10 years.

In the case of processing personal data related to the newsletter, until the consent of the data subject is withdrawn.    

8. Data transfer to a third country (outside the EU or the EEA)

TPF may transfer the data to third country. The data will be transferred - to Georgia and Serbia - to countries outside the European Union or EEA Member States if necessary for the implementation of the Project. The legal basis for the transfer is laid down in Article 46 (1) and (2) (b) of the GDPR: the controller or processor may transfer data to a third country if it has provided adequate guarantees to the data owner. The application of the general data protection clauses adopted by the Commission in accordance with the examination procedure is an appropriate guarantee.

9. Information about the data subject's rights in relation to data management

9.1 You have the right to request information about your personal data managed by the Data Controller or the Data Processor at any time and also modify them at any time by sending an e-mail request to the contact details in point 3.2.

9.2 At your request, the Data Controller or the Data Processor must provide you with information regarding your personal data it manages:

• about your data,
• the source of such data,
• the purpose, legal basis and duration of the data management,
• the name, address and activities related to data management of the data processor,
• the circumstances and effects of the data protection incident, the measures taken to remedy the incident, and – in the case of transmission of the personal data – the legal basis and the recipient of the data transfer.

9.3 You are entitled at any time to:

• request the correction of any incorrectly recorded data
• obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay when GDPR doesn’t apply.

The Data Controller - through its data protection officer – and the Data Processor keep a record to supervise and keep you informed of any measures taken in connection with the data protection incident including the scope of personal data concerned, the scope and number of persons affected by the data protection incident, the date, circumstances and effects of the data protection incident and the measures implemented in order to remedy the incident, as well as any other data specified in the laws governing the management of data.

9.4 You are entitled at any time to address to data protection officer of Data Processor or Data Controller with any questions or concerns.

9.5 The data subject has the right at its request to delete personal data concerning him or her without undue delay, and the data controller is obliged to delete personal data concerning him or her without undue delay if one of the reasons under the GDPR exists

9.6 You can make a complaint:

• to the data protection officer of the data processor (adatvedelem@tpf.hu) and
• the European Data Protection Supervisor or the Hungarian National Authority for Data Protection and Freedom of Information.

In the event of a possible violation of his or her rights, the data subject may initiate an investigation by the Hungarian National Authority for Data Protection and Freedom of Information according to point a) of § 22 of the CXII (Information Act[1].) of 2011 and may request the conduct of the authority's official data protection procedure based on point b).

National Authority for Data Protection and Freedom of Information:  

postal address: H - 1363 Budapest, PO Box 9.

address: H - 1055 Budapest, 9-11. Falk Miksa street

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

E-mail: ugyfelszolgalat@naih.hu

Web: www.naih.hu  

The data subject may take legal action to enforce his or her rights under Article 23 of the Info Act.

9.7 If you have provided the data of a third party in order to use the service, the Data Controller is entitled to enforce compensation against you. In such a case, the controller shall provide all possible assistance to the competent authorities in order to establish the identity of the infringer.

10. Other provisions

10.1 In all cases where the Data Controller intends to use the data provided for purposes other than the purpose of the original data collection, it will notify and obtain from you your prior expressed consent and will provide you the opportunity to prohibit such use.

10.2 The Data Controller and the Data Processor undertake to ensure the security of the data, to implement technical measures to ensure the protection of the recorded, stored or managed data, and to do everything in its power to prevent the destruction, unauthorized use and unauthorized alteration of the data. The Data Controller and the Data Processor also undertakes to call on any third party to whom the data may be transferred or handed over to comply with these obligations.

10.3 The Data Controller reserves the right to unilaterally modify the rules and information on its website regarding the management of data.

---

Annex No. 1

Interest Protection Test

on personal data processing in connection with the experts and the contact persons involved in the PROFFORMANCE+ project

1. The reason for carrying out an interest protection test:

The reason of the present interest protection test is to determine whether the linked third party, the Tempus Public Foundation (hereinafter: TPF) handles the expert’s and contact person’s personal data (hereinafter: data subject) in PROFFORMANCE+ project is in compliance with the law in cases (GDPR[2] and Info Act[3]) when using them in preparation and performance of contract and agreements, dissemination of project result, compiling and submitting reports where personal data have not been obtained from the data subject. In the test TPF identify the legitimate interests of TPF, and balance these against the data subject’s and participant’s interests, as well as the relevant fundamental rights. Ultimately, because of the balancing, TPF can determine that such data can be handled in compliance with the law in cases (GDPR and Info Act.)

2. Subject of the interest protection test

TPF manages the subject’s personal data under the legal base of GDPR in point f) paragraph 1 Article 6. TPF will examine in present test its own and its contractual Partner legitimate interest in data management.

3. Relevance of data management

TPF examines whether personal data are absolutely necessary to achieve its purpose: are there any alternative solutions that can be used to achieve the intended purpose without the need for personal data management?

TPF handles the following personal data of the data subject:

contact person’s data: contact person’s name and email address, contact person’s employer;

expert’s data: expert’s name and availability, place of birth, date of birth, personal identification numbers (e.g.: tax ID number, social security number, ID numbers), bank account number, full time employer, professional experience, (e.g.: CV, publication, positions at former employer).

These personal data are necessary to implement project activities and to fulfil the contract and keep in touch with the contact person. The contract concluded between TPF and the Organization (hereinafter: Partner, collectively referred to as Parties) who is in legal connection with the data subject (btw. employment contract or other type of agreements).

Parties manage the personal data of data subject to perform the contractual tasks in PROFFORMANCE+ project, (contracting, to disseminate result, for reporting, keeping contact).

TPF cannot perform the contractual tasks without managing the subject’s personal data in other alternative way.

4. Defining TPF’s legitimate interest as precisely as possible

TPF has a real and legitimate interest for managing the personal data. Both Parties -TPF and Partner - have common goals in connection with their contractual obligations to implement the activities of PROFFORMANCE+ project.

The personal data are necessary for the aim of data processing, for the fulfilment the PROFFORMANCE+ project activities determined in the contract between the Parties (TPF and Partner).

5. Duration of processing personal data

The retention period of the Affected Personal Data stipulated in the contract is 10 years after the closure of the PROFFORMANCE+ project. Reason for the retention period (keeping personal data): the bodies authorized to audit the TPF may audit the PROFFORMANCE+ project for 10 years after the closure of the program.

6. Guarantees of the data management and source of personal data

Guarantees for data management: TPF assures the Data Subject that the data management principles set out in Article 5 of the GDPR Regulation will apply during the period of data processing. The purpose, legal basis, duration of the data processing are and rights and right of appeal of Data Subjects are detailed in the Privacy Statement.

Source of the personal data:

The personal data of the Data Subject shall be made available to TPF by the Contracting Partner, who shall transfer them to TPF for the purpose of data management.

The Personal Data of the Data Subject is taken over and processed by TPF for the legitimate interests of itself and the Contracting Partner.

7. Determining why the legitimate interest of TPF - and the data management carried out on such basis - constitutes a proportionate restriction

In the course of data management, TPF takes into account the following principles: While handling personal data, TPF applies the least restrictive method of privacy rights.

TPF during its data management ensures that the Data Subject exercises the rights to which he or she is entitled.

The data management of TPF does not cause a significant degree of interest violation to the data subject.

8. Result

TPF has carried out a so-called interest balancing test, in which it has determined that the TPF’s interest is legitimate, real and clear. Therefore, a legitimate interest under Article 6 (1) (f) of the GDPR Regulation could serve as a basis for data processing.