Logo

Join Us

Logo

Join Us

Logo

Privacy Policy

Privacy Policy

Data Controller

The data controller responsible for processing your personal data is: Magyar Biotechnológiai Szövetség (Hungarian Biotechnology Association, hereinafter: HBA).

● Official name: Magyar Biotechnológiai Szövetség 

● Official address: 6724 Szeged, Szilánk köz 3. 

● Registration number: 06-02-0001946 

● Tax ID: 18471227-2-06 

● e-mail: info@hungarianbiotech.org 

● Domain name: www.hungarianbiotech.org 

HBA is committed to processing personal data responsibly and in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and applicable Hungarian data protection legislation, including Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.

This Privacy Policy applies to all personal data collected through the Website and through forms linked from the Website (including external Google Forms used for membership applications).

1. Personal Data We Collect

Personal data is information that relates to an identified or identifiable natural person. HBA may collect the following categories of personal data:

Through the Website contact form:

First and last name, email address, phone number, mailing address, city.

Through the Website itself:

Technical data such as IP address, browser type, device type, pages visited, and time spent on the Website, collected automatically via the Website hosting platform (Framer) and any analytics tools in use.

Through the membership application form (Google Form):

Name, job title, organisation name, email address, phone number, professional background, and any other information voluntarily provided.

Through social media integrations:

Any data voluntarily provided by the user via social media networks, subject to the privacy settings and terms of the relevant platform.

To visit the Website, users are not required to provide personal data. If they do provide data, it will be processed lawfully in accordance with the GDPR.

2. Purpose, Retention Period, and Legal Basis for Processing

HBA processes personal data for the following purposes:

a) Responding to contact form enquiries

  • Purpose: To process and respond to requests, questions or other communications submitted via the Website contact form.

  • Legal basis: Consent of the user (GDPR Art. 6(1)(a)), granted by checking the box to accept this Privacy Policy before submitting the form.

  • Retention: Data is retained for no longer than three (3) years from the date of the last interaction, or as required by applicable law.

b) Membership processing

  • Purpose: To process membership applications, manage the membership register, and provide membership services.

  • Legal basis: Performance of a contract to which the data subject is party (GDPR Art. 6(1)(b)), or steps taken at the request of the data subject prior to entering into a contract. Where processing goes beyond what is strictly necessary for membership administration, the legal basis is consent (GDPR Art. 6(1)(a)).

  • Retention: Membership data is retained for the duration of the membership and for five (5) years after membership ends, in accordance with applicable Hungarian legal obligations.

c) Member community directory

  • Purpose: To make basic professional information about member organisations and their representatives available to other members, facilitating networking and collaboration within the HBA community.

  • Legal basis: Legitimate interests of HBA and its members (GDPR Art. 6(1)(f)). HBA has assessed that this interest is not overridden by the data subjects' rights, given that the directory is accessible only to registered members and contains only professionally relevant information.

  • Retention: Data is displayed for the duration of membership and removed upon termination of membership.

d) Sending newsletters and communications

  • Purpose: To send information about HBA activities, events, news and services to users who have subscribed.

  • Legal basis: Consent of the user (GDPR Art. 6(1)(a)), granted by subscribing to the newsletter.

  • Retention: Data is retained until the user withdraws consent (unsubscribes), and for no longer than three (3) years thereafter.

e) Improving the Website and user experience (cookies and analytics)

  • Purpose: To analyse Website usage, improve performance, and personalise the user experience.

  • Legal basis: Consent of the user (GDPR Art. 6(1)(a)), granted via the cookie consent mechanism.

  • Retention: Data is retained until consent is withdrawn (cookies deleted) and for no longer than the periods specified in the Cookie Policy.

In all cases where consent is the legal basis, the user has the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

3. Data Processors and Third-Party Services

HBA uses the following third-party service providers (data processors) who may process personal data on HBA's behalf:

a) Framer, Inc. (website hosting platform)

The Website is hosted on the Framer platform, operated by Framer, Inc., a company based in the United States. Framer processes technical data (server logs, analytics) as part of hosting the Website. Data transfers to the USA are subject to appropriate safeguards, including Standard Contractual Clauses approved by the European Commission.

b) Google LLC (membership application forms)

Membership applications are submitted via Google Forms, a service operated by Google LLC, a company based in the United States. Personal data entered into the Google Form is processed by Google LLC on behalf of HBA. HBA has entered into a Data Processing Agreement with Google. Data transfers to the USA are subject to appropriate safeguards, including Standard Contractual Clauses approved by the European Commission. Google's privacy policy is available at https://policies.google.com/privacy.

c) Email and communication service providers

HBA may use third-party providers to send newsletters and email communications. Any such provider acts as a data processor under a Data Processing Agreement with HBA.

Users are encouraged to review the privacy policies of these third-party providers for full information about their data processing practices.

4. Transfer or Disclosure of Personal Data

Users' personal data will not be sold or disclosed to unrelated third parties for their own marketing purposes.

Data may be shared in the following limited circumstances:

  • With data processors listed in Section 3 above, under Data Processing Agreements.

  • With HBA's authorised staff, board members or working groups who require access to perform their functions.

  • When required by law, regulation, or order of a competent authority.

  • With the explicit consent of the data subject.

5. International Data Transfers

Some of HBA's data processors are located outside the European Economic Area (EEA), including in the United States (Framer, Inc. and Google LLC). HBA ensures that such transfers are carried out in compliance with GDPR Chapter V, using appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

6. Data Accuracy and User Obligations

To ensure that personal data is kept accurate and up to date, users are asked to notify HBA of any changes to their data. HBA will not be responsible for inaccuracies arising from failure to notify changes.

Users guarantee that all personal data they provide is truthful, accurate and up to date. Where a user provides personal data relating to a third party, the user guarantees that they have obtained this data lawfully, have informed the data subject, and have obtained their consent to disclose the data to HBA.

7. Rights of Data Subjects

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of access: to obtain confirmation that your data is being processed and to receive a copy of it.

  • Right to rectification: to have inaccurate data corrected or incomplete data completed.

  • Right to erasure ("right to be forgotten"): to request deletion of your data when it is no longer necessary for the purpose for which it was collected, or when you withdraw consent.

  • Right to restriction of processing: to request that processing of your data be limited in certain circumstances.

  • Right to data portability: to receive your data in a structured, machine-readable format and to transmit it to another controller.

  • Right to object: to object to processing based on legitimate interests or for direct marketing purposes.

  • Right not to be subject to automated decision-making: to not be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

  • Right to withdraw consent: to withdraw consent at any time without affecting the lawfulness of prior processing.

  • Right to lodge a complaint: to lodge a complaint with the competent supervisory authority.

To exercise any of these rights, please contact HBA at: info@hungarianbiotech.org

You also have the right to lodge a complaint with the Hungarian data protection supervisory authority:

Authority
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)

Address
1055 Budapest, Falk Miksa utca 9-11.

Website
www.naih.hu

Email
ugyfelszolgalat@naih.hu

8. Cookies

Cookies are small text files stored on the user's device when they visit a website. This Website uses cookies to ensure proper functionality, analyse usage, and improve user experience.

A full description of the cookies used, their purposes, and their retention periods is available in our Cookie Policy, which can be accessed on the Website. Users may manage or withdraw their consent to non-essential cookies at any time via the cookie consent tool on the Website, or by adjusting their browser settings.

For more information about how to manage cookies, users may refer to their browser's help documentation.

9. Security

HBA takes appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction or alteration. These measures are reviewed and updated as necessary to reflect current best practices.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, HBA will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and will inform affected data subjects without undue delay where required by law.

10. Changes to This Privacy Policy

HBA reserves the right to update this Privacy Policy at any time. Where changes are material, HBA will notify users by posting the updated policy on the Website and, where appropriate, by direct notification. The date of the latest update appears at the bottom of this document.