Privacy statement

Data processing information

Data processing information regarding the website www.vfkl.h

1. Name of data controller:

Veszprém Archdiocese Library and Archives
Address:                                                              8200 Veszprém, Vár u. 16.
Phone:                                                                  88/426-088
Website:                                                               vfkl.hu
Name and email of data controller:         Dr. Demeter Balázs, jog@veszpremiersekseg.hu

2. Legal basis for data processing:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation: GDPR);
• Act CXII of 2011 on the right to self-determination in relation to information and freedom of information
• Act XLVIII of 2008 on economic advertising activities (Advertising Act)
• Act CVIII of 2001 on certain issues of electronic commerce services and information society services.

3.  Definition:

“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identified natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

“restriction of processing”: the marking of stored personal data with the aim of limiting their processing in the future;

“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
“processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

“filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;
“third party”: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorized to process personal data

“consent of the data subject”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

4. Scope and duration of personal data processing, scope of data subjects:

User: a natural person who uses the services of the website (reading news and informational materials, viewing videos and image galleries, and sending messages) or who views the website.

Scope of personal data processed: name, email address

5. Purposes and legal basis of data processing:

Purposes of data processing:

• online content provision
• maintaining contact with the User

The data controller may not use the personal data provided for purposes other than those specified above.

Legal basis for data processing: voluntary consent as defined in Article 6(1)(a) of the GDPR, which is based on the User’s voluntary, prior and informed consent. The User has the right to withdraw their consent at any time, which withdrawal does not affect the lawfulness of data processing prior to the withdrawal.

The User warrants that he/she has the appropriate legal basis for the processing of personal data provided or made available by him/her about other persons when using the services of the website. The User shall be solely responsible for any user content uploaded or shared by him/her in the services.

The data controller does not verify the personal data provided; the person providing the data is solely responsible for its accuracy.

The personal data of Users who are natural persons under the age of 16 may only be processed with the consent of an adult exercising parental authority over them.

6. Duration of data processing:

In the case of emails sent by the User, the Data Controller shall delete the name and email address on the 90th day following the closure of the case referred to in the request, unless, in individual cases, the Data Controller’s legitimate interest justifies the further processing of the Personal Data, until such time as the Data Controller’s legitimate interest ceases to exist.

Data that is automatically and technically recorded during the operation of the system shall be stored in the system for a period of time justified by the operation of the system, calculated from the time of its generation.

7. Automatically collected data:

The Archdiocesan Library’s website, vfkl.hu, is freely accessible to anyone without the need to provide personal data (registration). During your visit to the website, the vfkl.hu system records certain data, which the Archdiocesan Library uses exclusively for statistical purposes, to optimize its online presence and to increase system security. This data does not contain any personal information.

Vfkl.hu uses cookies to collect profile and status data (e.g., IP address, browser type, date and time of access). Cookies are data that are temporarily stored on the hard drive of the computer you are using when you visit a website, for the purpose of facilitating access to the site and making it easier to find the content you are looking for. You can delete cookies from your computer at any time, or you can disable their use through your browser.

The Website automatically logs data that is automatically recorded when you log in or log out, without any separate statement or action on your part. This data cannot be linked to other personal user data, except in cases required by law. Only the Data Controller has access to the data.

Data that is automatically and technically recorded during the operation of the system is stored in the system for a period of time justified by the operation of the system, calculated from the time of its generation.

8. Use of data processors, data transfer:

The Data Controller may use the services of other Data Processors to perform its activities.
The Data Processor may not make independent decisions and is only entitled to act in accordance with the contract concluded with the Data Controller and the instructions received. After February 28, 2021, the Data Processor shall record, manage, and process the Personal Data transferred to it by the Data Controller and managed or processed by it in accordance with the provisions of the GDPR, and shall make a statement to this effect to the Data Controller.
The Data Controller shall monitor the work of the Data Processor.
The Data Processor shall not be entitled to engage any further data processors.The Data Controller shall be entitled and obliged to transfer all Personal Data at its disposal and lawfully stored by it to the competent authorities if it is obliged to do so by law or by a final official order. The Data Controller shall not be held liable for such data transfer or the consequences thereof.
The data will not be transferred to third countries or international organizations.

9. Data security measures:

The Data Controller stores personal data on its own server. It also uses the services of other companies for data storage (see data processor specified in point 5). The Data Controller and the data processor used take appropriate measures to ensure that personal data is protected against, among other things, unauthorized access.

10. Users’ rights regarding data processing:

Right to request information
The User may request information via the contact details provided in point 1 about what personal data is processed, on what legal basis, for what data processing purposes, from what sources, for how long, and to whom, when, on what legal basis, and to which personal data the Data Controller has granted access or to whom it has transferred the personal data.

The Data Controller shall respond to the User’s request for information within a maximum of one month, sending the information to the contact details provided by the User.

Right to rectification
The User may request that the Data Controller modify any of their personal data via the contact details provided in point 1. The Data Controller shall comply with the request within one month at the latest and shall notify the User thereof via the contact details provided by them.

Right to blocking (restriction of data processing)
The User may request that the Data Controller block their personal data (clearly indicating the restricted nature of the data processing and ensuring that it is kept separate from other data) via the contact details provided in point 1. The blocking shall remain in place for as long as the reason indicated by the User necessitates the storage of the data.

Right to object
The User may object to data processing via the contact details provided in point 1 if, in his or her opinion, the Data Controller is not processing his or her personal data in accordance with the purposes specified in this data processing notice. In this case, the Data Controller must prove that the processing of personal data is justified by compelling legitimate grounds that take precedence over the interests, rights, and freedoms of the data subject, or that are related to the establishment, exercise, or defense of legal claims.

Right to erasure
The User may request the erasure of their personal data via the contact details provided in point 1.
Deletion may be refused (i) for the purpose of exercising the right to freedom of expression and information, or (ii) if the processing of personal data is authorised by law; and (iii) for the establishment, exercise or defence of legal claims.
The Data Controller shall in all cases inform the User of the refusal of the request for deletion, indicating the reason for the refusal. Once a request for the deletion of personal data has been fulfilled, the previous (deleted) data cannot be restored.

11. Legal remedies related to data processing:

In the event of data processing deemed unlawful, the data subject

• may lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) National Authority for Data Protection and Freedom of Information, address: 1055 Budapest, Falk Miksa u. 9-11. E-mail: ugyfelszolgalat@naih.hu, website: www.naih.hu
• or may turn to the court for the protection of their data, which will act on the matter as a matter of priority. In this case, they are free to decide whether to file their claim with the court competent for their place of residence (permanent address) or place of stay (temporary address) or the data controller’s registered office. You can find the court with jurisdiction over your place of residence or temporary residence at http://birosag.hu/ugyfelkapcsolatiportal/birosag-kereso

12. Changes to the Notice:

The Data Controller reserves the right to amend this Notice at any time by unilateral decision. By opening the vfkl.hu website and reading the content available on it, the User accepts the provisions of the Notice in force at any given time; beyond this, it is not necessary to seek the consent of individual Users.
The Notice in force at any given time is available at the following link: www.vfkl.hu
Last update: 08.06.2025.