Privacy Policy

The Hungarian Money Museum and Visitor Centre shall process the personal data learnt and/or recorded in the course of its activity in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation and Act CXII of 2011 on the Self-determination right and Freedom of Information, by the National Bank of Hungary as follows.

Controller:

National Bank of Hungary

Seat: 1013 Budapest, Krisztina blv. 55.

The DPO of the National Bank of Hungary is dr. Tivadar János Marton (phone No.: +36 1 428 2600, e-mail: martont@mnb.hu).

Scope of data processed:

Data provided in the course of online registration to the website:

In case of registration aiming to access blocked data: user’s name, e-mail address, password, date (year) of birth.

In case of application, registration to competition, tender: user’s name, e-mail address, password, date (year) of birth, and the data provided in the call for proposals.

In case of booking required to visit the museum: tender: user’s name, e-mail address, password, date (year) of birth, phone number.

In case of purchase in the webshop: tender: user’s name, e-mail address, password, date (year) of birth, phone number, shipping address.

If such a Competition is announced, where the Competition description requires personal attendance, then video and audio footage may be taken on the Event, where the attendees of the Event may be recorded. In case of Competition with personal attendance, the Organizer shall ensure to obtain the consent letter from the Competitors prior to starting the Competition in order to make the recorded materials (facial image and audio recording) usable on the Organizer’s social sites and other promotional materials.

Legal basis of processing:

The legal basis of processing the data is the explicit consent of the registering persons. In case of registering persons under the age of 16, the registration shall be valid only in case of the consent of the data subject’s parent or guardian.

In case of data deemed accounting receipt directly or indirectly grounding the accounting, the fulfilment of Controller’s legal obligation.

Purpose of data processing:

Following the performance of the Service, contact keeping, clear identification of the competitors, players, applicants, notification of the awarded persons, hand-over of the awards. In the course of the museum visit, scheduling the guided tour, co-ordination of the number of visitors. In case of age data, preparing statistics, offering personalized contents. In case of video and audio footages, preparing promotional materials. In case of purchase in the webshop, customized content offer fitted for the age.

Term of data processing:

In case of registration aiming to access contents: max. 5 years

In case of application, registration to competition, application: in case of registration data, the period of conducting the Competition, application, but max. 1 year. In case of prize draws, the time required to fulfil the accounting obligations, but max. 8 years.

In case of booking required to museum visit: max. 2 years

In case of purchase in the webshop: max. 2 years

In case of video and audio footages: max. 5 years.

In case of data deemed accounting receipt directly or indirectly grounding the accounting: 8 years.

Rights related to processing

Right to notification and access:

Data Subject may request information from the National Bank of Hungary under the ‘Controller’ sub-title in writing, whether the National Bank of Hungary:

• what kind of personal data,

• on what legal basis,

• for what purpose,

• from what source,

• how long does it process,

• still processes his/her personal data,

• for whom, when and for what purpose did it provide access to which personal data or to whom it transferred his/her personal data.

Beyond that, may request a copy of his/her personal data stored by National Bank of Hungary.

The National Bank of Hungary shall fulfil data subject’s request latest within 25 days, in its reply letter sent to the contact details provided in the request. If the request is delivered to the National Bank of Hungary by electronic means, then the reply letter of the National Bank of Hungary, as possible), is also delivered by electronic means. If You wish to deliver the reply in another way, please note it in your request.

Right to rectification:

Data subject may request via the contact details provided under the ‘Controller’ sub-title, in writing to the National Bank of Hungary to modify and clarify any of his/her personal data (eg. name or e-mail address, if change occurred). If the request is delivered to the National Bank of Hungary by electronic means, then the reply letter of the National Bank of Hungary, as possible), is also delivered by electronic means. If You wish to deliver the reply in another way, please note it in your request.

Right to erasure (‘right to be forgotten’):

Data Subject may request via the contact details provided under the ‘Controller’ sub-title, in writing to the National Bank of Hungary to erase his/her personal data.

The National Bank of Hungary may reject to request for erasure in the event the laws require the National Bank of Hungary to further retention of personal data. However, if there is no such obligation on personal data requested to be erased, then the National Bank of Hungary shall fulfil the request without undue delay latest within 25 days and notify the person submitting the request thereon in a mail delivered to the contact details provided by him/her. If the request is delivered to the National Bank of Hungary by electronic means, then the reply letter of the National Bank of Hungary, as possible), is also delivered by electronic means. If You wish to deliver the reply in another way, please note it in your request.

Right to restrict processing:

Data Subject may request via the contact details provided under the ‘Controller’ sub-title, in writing to the National Bank of Hungary to restrict processing of his/her personal data. In case of restriction, the National Bank of Hungary may only store the personal data, other processing activity may take place only upon the consent of the person requesting such restriction for filing legal claims or for public interest.

The restriction of data may be requested, if:

• You assume that your data are inaccurate, or

• You assume that the National Bank of Hungary processed your personal data unlawfully, but You do not wish to erase your personal data,

• You request processing due to the enforcement or defence of your legal claim, but the National Bank of Hungary no longer needs such personal data.

The National Bank of Hungary shall fulfil your request without undue delay latest within 25 days and notify the person submitting the request thereon in a mail delivered to the contact details provided by him/her. If the request is delivered to the National Bank of Hungary by electronic means, then the reply letter of the National Bank of Hungary, as possible), is also delivered by electronic means. If You wish to deliver the reply in another way, please note it in your request.

Right to revoke the consent:

Data Subject may revoke his/her consent to processing anytime during the term of processing, via the contact details provided under the ‘Controller’ sub-title in writing. In case of revocation of consent, the processing of the National Bank of Hungary prior to such revocation shall remain legitimate.

The National Bank of Hungary shall erase the personal data promptly following the reception of the revocation, and notify the person submitting the request thereon in a mail delivered to the contact details provided by him/her. If the request is delivered to the National Bank of Hungary by electronic means, then the reply letter of the National Bank of Hungary, as possible), is also delivered by electronic means. If You wish to deliver the reply in another way, please note it in your request.

The persons applying to the game acknowledge that if during the term of the Game, a request aimed at exercising the right to erasure, restriction of processing or revocation of consent is submitted to Controller, on which request’s basis, Controller will no longer control the personal data specified in cluase 9, then they may be disqualified from the participants of the Game.

Remedies:

If according to the Data Subject’s consideration, the processing did not comply with the legal requirements, (s)he may initiate the proceeding of the Data Protection Officer of the National Bank of Hungary, or may turn to court.

In addition, anyone may initiate an investigation at the National Authority for Data Protection and Freedom of Information by reference to that an infringement occurred in his/her rights related to the processing of personal data, or a direct risk thereof is present.

Contact details of the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information

Seat: 1055 Budapest, Falk Miksa str. 9-11.

Postal address: 1636 Budapest, PO. 9.

Phone No.: +36-1-391-1400

Telefax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

The option to amend the Policy:

Controller reserves the right to unilaterally amend this Policy without prior notice. Controller shall deliver the actually effective Policy upon Data Subject’s request, in e-mail.