Jump to contentJump to menuJump to footer

Privacy statement

15:49 August 10, 2021

General Data Management Information

On 25th May 2018, Regulation 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC Regulation (EU) 2016/EU of the European Parliament and of the Council became mandatory in Hungary. Based on the above, I wish to inform you about the following:

In order to protect your personal data and thus your rights and liberties, the data managers of the defence.hu will make all reasonable efforts. Data managers are committed to protecting your personal information and taking responsibility for the security of your information. Their data management is based on the triple principle of necessity, proportionality, and adequacy. Their data management processes are fair and transparent.

They manage data in accordance with the most complete compliance with the European Union and Hungarian data protection regulations!


  1. Terms and definitions

data security:

the physical protection of data of any subject, stored in any form, against destruction, unauthorized access, data failure, or unauthorized alteration


data processor:

a natural person or legal entity, public authority, agency, or any other body that processes personal data on behalf of a data manager


data management:

any operation or set of operations on personal data or files, whether automated or non-automated, such as collecting, recording, organizing, segmenting, storing, transforming, altering, retrieving, accessing, using, communicating, transmitting, disseminating or other harmonization, interconnection, restriction, deletion or destruction


Data manager:

a natural person or legal entity, public authority, agency or any other body which alone or in cooperation with others determines the purposes and means of the processing of personal data; if the purposes and means of data processing are determined by EU or Member State law, the data manager or the specific criteria for the designation of the data manager may also be determined by Union or Member State law


Restriction of data processing:

marking of stored personal data in order to limit their future processing; (data storage only)


Data destruction:

the complete physical destruction of a data carrier


Deletion of data:

making data unrecognizable in such a way that prevents them from recovering


Data transfer:

making data available for a specific third party


Data protection:

prevention of illegal processing of personal data, protection of privacy


Data protection incident:

unlawful handling or processing of personal data, in particular: unauthorized access, alteration, transmission, disclosure, deletion, destruction, or accidental destruction and damage


Biometric data:

personal data resulting from specific technical processing relating to the physical, physiological, or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;



the data may be accessed, used or disposed of only by those authorized to it and only in accordance with their authorization



any natural person, legal entity, public authority, agency, or any other body to whom personal data are communicated, regardless of the fact whether a third party or not


Health data:

personal data concerning the physical or mental health of a natural person, including data relating to health services provided to a natural person, which contain information on the health of a natural person


Data subject:

any natural person identified or identifiable, directly or indirectly, via personal data


Third party:

a natural person, legal entity, public authority, agency, or any other body other than the data subject, the data manager, the processor, or persons authorized to process personal data under the direct control of the data manager or processor


Third country:

any state that is not an EEA state



a voluntary, specific, and unambiguous statement of the will of the well-informed data subject, indicating, by means of a statement or an act unequivocally expressing his / her agreement on the processing of personal data concerning him / her


Special data:

personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic and biometric data, health data, and personal data concerning the sexual life or sexual orientation of natural persons allowing for their unique identification


Registration system:

a collection of personal data – centralized, decentralized, arranged either functionally or geographically – accessible according to specific criteria


Statistical data:

the processing of personal data – e.g. by statistical methods – that the provisions on erasure apply, i.e. all links with individual persons has been eliminated and this connection cannot be restored



ensuring that the necessary data are available to those authorized to them in the form required by them, and in due time



the criterion of the existence, authenticity, integrity and completeness of the data


Personal data:

any information relating to an identified or identifiable natural person ("data subject"); a natural person is identifiable, who can be identified directly or indirectly, in particular via an identifier such as a name, number or locator data, online identifier, or via one or more factors relating to the person’s physical, physiological, genetic, mental, economic, cultural or social identity



making the data available to anyone




a statement made by the data subject exercising his / her right to object to the processing of his / her personal data at any time under Article 6 (1) (e) or (f) of the GDPR, including profiling based on those provisions, for reasons related to such a situation. In such a case, the data manager shall not further process the personal data unless the data manager proves that the processing is justified by overriding legitimate reasons which take precedence over the interests, rights and liberties of the data subject, or which are necessary to bring, assert or defend legal claims


  1. Our data management


You can view the data management information HERE (click). Here you can learn:

1 a) whose data are managed;

2 b) what data are managed;

3 c) the purpose of data management;

4 d) the legal basis for data management;

5 e) to whom the data are communicated and to whom they are forwarded;

6 f) how long data are managed.

Personal data are securely deleted or destroyed when are no longer needed by data managers.

III. Are your data in safety?

When processing personal data, data managers pay special attention to the security of your data, so that they are not damaged, destroyed or lost in any way. To ensure this, a number of protection measures are taken pursuant to Decree 94/2009 (XI. 27.) on the information security policy of the Ministry of Defence, as well as under Decree 3/2012 (I. 13.) on the definition of the general electronic information security requirements of the Ministry of Defence, and the specification of security regulations (e.g. technology, protection, firewall, passwords, etc.)

  1. Is your information transmitted, forwarded, or shared?

Information is provided on possible inquiries by official bodies (e.g. police, Public Prosecutor’s Office, court of justice). Records are kept of such cases.

No data are transferred to any third country.

  1. What external service provider (data processor) is used?

Regarding the operation of the website:




HM Zrínyi Cartography and Communication Service Public Benefit Nonproft Limited Liability Company

1087 Budapest, Kerepesi út 29 / B.

hosting and email services, website operation



The data processor fully complies with all data security requirements. The data processor may employ a data sub-processor.

  1. How are your rights and liberties enforced?

In certain cases, you have the right to:

  • at any time request information from the data manager as to whether they manage your personal data and, if so, what data are managed and for what purpose.
  • request access to your personal data, managed by the data manager.
  • ask the data manager to modify your personal data, this way you can clarify or complement them.
  • ask the data manager to delete your data if you have legitimately objected to the data processing.
  • to object to the data processing.

Exercising your rights above is free of charge. However, the data manager may charge a reasonable fee for fulfilling excessive or unfounded requests, or in such cases the data manager may refuse to comply with your request.

VII. Remedies

If you consider that the processing of your personal data violates the General Data Protection Regulation and Act CXII of 2011 on the right to information self-determination and freedom of information, you can contact the data protection officer of the data manager, the court of justice competent according to your place of residence or stay. A complaint may also be filed with the National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11., 1363 Budapest, Mailing address: Pf .: 9. tel .: +36 (1) 391-1400; e-mail: [email protected]; website: www.naih.hu).