Data processing notice
for the data processing related to the webinar “Discover the Benefits of HPC for Your Business (10 April 2025)” organized within the framework of the EuroCC 2 project
Data controller name: Digitális Kormányzati Fejlesztés és Projektmenedzsment Kft.
Short name: DKF
Registered Office: 1138 Budapest, Esztergomi út 31-39. HUB 3. épület
Tax number: 29152412-2-41
Company Registration Number: 01-09-381151
Website: www.dkf.hu
Representative: Kovács Dániel Zsolt
E-mail: info@dkf.hu
Data Protection Officer: Dr. Kunhegyi Mária
E-mail: adatvedelem@dkf.hu
As well as
Adatkezelő neve: DeiC
Registered Office: Asmussens Allé, Building 305 DK-2800 Lyngby
CVR: 30 06 09 46
Tel.: 35 88 82 02
E-mail: sekretariat@deic.dk or gitte.kudsk@deic.dk
E-mail: susanne.groth@deic.dk
Phone: 93 51 14 65
Introduction
Competencies related to the use of supercomputers have accumulated in a fragmented and dispersed manner across universities and research institutions, and a scientific community that would ensure the high-level utilization of national resources has not developed. Within the framework of the National Competence Centres in the framework of EuroHPC (hereinafter: EuroCC1) project, efforts began to address capacity issues by establishing the HPC Competence Centre (hereinafter: HPC CC), expanding the user base, and integrating small and medium-sized enterprises (SMEs) into the supercomputer user community. By collaborating with researchers, these enterprises can contribute not only to the creation of innovative solutions but also to their industrial applications, fostering economic growth. Following the success of the EuroCC1 project, the EuroCC2 (National Competence Centres in the framework of EuroHPC Phase 2) project was launched to continue the work already initiated.
The mission of the EuroCC2 project is to prepare the national scientific community, as well as the economic and public sectors, for the significantly expanded HPC infrastructure, and to integrate HPC knowledge into higher education curricula. The project aims to identify and mentor research and industrial projects that require HPC infrastructure for their successful implementation.
Relevant Legislation:
•
Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons concerning the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).
•
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.
1. ESSENTIAL CONDITIONS OF DATA PROCESSING
Processed Personal Data
Purpose(s) of Processing
Legal Basis
Responsible Entity
Name, email address, represented company/organization (during registration)
Ensuring participation in the webinar, maintaining contact
GDPR Article 6(1)(a) – consent of the data subject
DKF
Participation record (digital attendance sheet)
Documenting attendance as proof of event realization
GDPR Article 6(1)(e) – processing necessary for public tasks of the data controller
DKF
Sending informational emails (email address)
Providing updates on similar events related to the topic
GDPR Article 6(1)(a) – consent of the data subject
DKF, DeiC
According to Government Decree 234/2024 (VIII.8.), concerning the dissolution of the Governmental IT Development Agency without legal succession and the continuation of its public tasks, the development of the Hungarian supercomputing infrastructure and ecosystem (HPC) – as per Government Resolution 142/2020 (VII.23.), sections 1 and 6 – along with the HPC Competence Center tasks (section 4), will be transferred to Digital Government Development and Project Management Ltd. (DKF) as of January 1, 2025. Consequently, the tasks related to the EuroCC2 project will also fall under DKF’s responsibilities as a public duty, in line with Government Decree 684/2020 (XII.28.) regarding digital government, IT, and telecommunications infrastructure development programs.
•
Categories of data subjects: Representatives of SMEs interested in the webinar and participants.
•
Data retention period:
o
Data processed based on consent will be retained until the project ends (December 31, 2025, subject to extension) or until consent is withdrawn.
Consent withdrawal does not affect the lawfulness of processing prior to
withdrawal.
o
Data necessary for accounting and reporting purposes will be retained as part of the project documentation for the required retention period after project closure.
•
Data transfers to third countries or international organizations: No data transfers occur.
•
Automated decision-making and profiling: Not performed.
Recipients and Categories of Recipients of Personal Data: The online event is streamed via Microsoft Teams.
•
Data Processor: Microsoft Corporation
o
Contact Information:
▪
Microsoft Privacy, Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA. Phone: +1 (425) 882 8080.
▪
Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Phone: +353 1 706 3117.
o
Detailed information on Microsoft’s data processing practices is available on their website.
DATA SECURITY MEASURES
The company primarily stores data electronically. As a NIS2-compliant organization, DKF is classified as a “significant” security entity under the Cybersecurity Act (Act LXIX of 2024) and its implementing regulation 7/2024 (VI.24.), which defines security classification requirements and protective measures. DKF is committed to maintaining the required security level for its data processing activities.
DKF processes personal data in full compliance with the GDPR principles. Data processing operations are designed to ensure the protection of individuals' privacy. The company implements appropriate technical and organizational measures to prevent unauthorized access, alteration, transmission, disclosure, deletion, destruction, accidental loss, or damage to personal data.
•
DKF processes personal data strictly based on the legal grounds defined in GDPR Article 6.
•
If special categories of personal data are processed, DKF ensures that at least one condition from GDPR Article 9(2) is met.
•
Data processors acting on behalf of DKF must comply with data protection obligations specified in a Data Processing Agreement (DPA).
•
Employees and external service providers handling personal data are bound by confidentiality agreements.
Public disclosure of personal data processed by DKF is prohibited unless authorized by the data subject or required by law. Aggregated statistics based on personal data may be published only if the data subject is not identifiable. Before disclosing any data, DKF ensures that identification is impossible.
Following the cessation of the purpose of data processing, deletion is performed by the designated data manager, subject to verification by the Data Protection Officer. DKF publishes its Privacy and Data Security Policy on its website.
2.What Rights Do You Have Regarding Data Processing?
2.1. Rules for Processing Requests Relating to Enforcement of Rights
You can submit your request to exercise your rights through the contact details specified in section 1. Additional information about submitting and processing requests is available in the document titled Data Protection at DKF, which can be found on the Company’s website.
2.2. Your Rights Regarding Data Processing
The data controllers have agreed that data subjects will primarily submit their requests to exercise their rights to DKF, which will investigate the request and, if necessary, forward it to the relevant authority in Denmark promptly.
You can submit your request to exercise your rights via the contact details provided in section 1. Further details about submitting and processing requests are included in the document Notice on Exercising Data Subject Rights, available on the Company’s website.
2.2.1. Right of Access
You can request information about whether your personal data is being processed by the Company (the fact of data processing)
If such data processing is ongoing, you are entitled to access your personal data and receive -information under Article 15 of the GDPR, including:
-the personal data processed and the categories of the data;
-the source of the data;
-the purpose and legal basis of the processing;
-the duration of the processing;
-the recipients with whom your personal data has been or will be shared;
-your rights related to data processing;
-your available remedies;
-automated decision-making, including profiling, if applicable.
The Company will provide a copy of the personal data being processed free of charge upon your first request, after which it may charge a reasonable fee based on administrative costs.
If your request is submitted electronically, the Company will provide the information in a commonly used electronic format, unless you request another format.
2.2.2. Right to Rectification
You can ask the Company to rectify inaccurate personal data if it is not correct, and if accurate personal data is available for rectification. Additionally, considering the purpose of data processing, you can request the completion of incomplete personal data, including through supplementary statements.
2.2.3. Right to Restriction (Limitation of Data Processing)
You can ask the Company to restrict (by clearly marking the limited nature of data processing and ensuring the separate handling of the data) if:
-you contest the accuracy of your personal data (in which case, the Company will restrict the data processing for the duration of the accuracy check);
-the processing is unlawful, and you oppose the deletion of your data and instead request a restriction on its use;
-the Company no longer needs the personal data for processing purposes, but you need it to establish, exercise, or defend legal claims; or
-you have objected to the data processing (in which case, the restriction applies until it is determined whether the legitimate interests of the data controller override your interests).
2.2.4. Right to Object
You may object to the data processing at any time based on your specific situation if you believe that the Company is processing your personal data inappropriately for the purposes described in this privacy notice.
If your objection is successful, the Company will promptly delete the personal data being processed.
2.2.5. Right to Erasure
In relation to the data processing described in the notice, you can exercise your right to erasure only if the data is not necessary for the performance of tasks carried out in the public interest.
For documents that are to be archived, data deletion cannot be performed without compromising the integrity of the records, so deletion requests in this regard cannot be fulfilled.
RIGHT TO LEGAL REMEDY
If you believe that the Company’s data processing does not comply with legal requirements or that the Company has violated your data subject rights, you may request an investigation by the Company's Data Protection Officer via email at adatvedelem@dkf.hu .
If you believe that the Company is processing your data unlawfully – without prejudice to other administrative or judicial remedies – you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or the place of the alleged infringement. In Hungary, this authority is the National Authority for Data Protection and Freedom of Information (NAIH) (Address: 1055 Budapest, Falk Miksa utca 9-11.; Mailing address: 1363 Budapest, Pf. 9.; Email: ugyfelszolgalat@naih.hu ; Phone: +36 (1) 391-1400; Fax: +36 (1) 391-1410; Website: www.naih.hu).
Furthermore, you have the right to seek judicial remedy to protect your data, and the court will proceed with priority in such cases. You may choose to file your claim at the competent court of your place of residence (permanent address), place of stay (temporary address), or the Company's registered office, which in this case is the Metropolitan Court of Budapest (Fővárosi Törvényszék).
For issues not covered or not fully detailed in this Data Protection at DKF and the Privacy Policy available on the Company’s website shall apply, particularly regarding principles of data processing, data security measures, and handling of data protection incidents.
