DATA PROCESSING INFORMATION
Data processing in connection with the webinars jointly organised by DKF Kft. and DeiC as part of the EuroCC 2 project
in connection with webinars
Name of data controller: Digital Government Development and Project Management Kft.
Short name: DKF
Registered office: 1138 Budapest, Esztergomi út 31-39. HUB 3 building
Tax number: 29152412-2-41
Company registration number: 01-09-381151
Website: www.dkf.hu
Representative: Zsolt János Kovács
Email: info@dkf.hu
Data protection officer: Dr. Mária Kunhegyi
Email: adatvedelem@dkf.hu
and
Data controller: Danish e-infrastructure Consortium
Short name: DeiC
Registered office: Asmussens Allé, Building 305 DK-2800 Lyngby
Company registration number: 30 06 09 46
Tel.: (+45) 35 88 82 02
Website: www.deic.dk
Representative: Gitte Julin Kudsk
Email: sekretariat@deic.dk or gitte.kudsk@deic.dk
Data Protection Officer: Susanne Ketill Groth
Email: susanne.groth@deic.dk
Telephone: (+45) 93 51 14 65
Introduction
Competencies related to the use of supercomputers have accumulated in a scattered and fragmented manner at universities and research institutions, and no scientific community has emerged that would have resulted in the high-level utilisation of domestic resources. The creation of the HPC Competence Centre (hereinafter: HPC KK) as part of the National Competence Centres in the framework of EuroHPC (hereinafter: EuroCC1) project has begun to solve capacity problems and expand the user base, as well as involve domestic small and medium-sized enterprises. HPC KK) was launched to solve capacity problems and expand the user base, as well as to involve domestic small and medium-sized enterprises in the user base of supercomputers, which, in cooperation with researchers, could achieve results not only in creating innovative solutions, but also in their industrial utilisation for the economic recovery of the country. Following the success of the EuroCC1 project, the EuroCC2 (National Competence Centres in the framework of EuroHPC Phase 2) project was launched to continue the work already begun.
The task of the EuroCC2 project is to prepare the domestic scientific community and the economic and public sectors for the use of the significantly growing HPC infrastructure and to introduce HPC knowledge into higher education curricula. The objective is to identify and mentor research and industrial projects that require HPC infrastructure for their successful implementation.
Consortium members: UNIVERSITAET STUTTGART, Advanced Computing Austria Gmbh, CENTRE DE RECHERCHE EN AERONAUTIQUE ASBL, INSTITUTE OF INFORMATION AND COMMUNICATION TECHNOLOGIES, SVEUCILISTE U ZAGREBU SVEUCILISNI RACUNSKI CENTAR, THE CYPRUS INSTITUTE, VYSOKA SKOLA BANSKA – TECHNICKA UNIVERZITA OSTRAVA, DANMARKS TEKNISKE UNIVERSITET, TARTU ÜLIKOOL (University Of Tartu), CSC-TIETEEN TIETOTEKNIIKAN KESKUS OY, TERATEC, Digital Government Development and Project Management Ltd., HASKOLI ISLANDS (Uoi), NATIONAL UNIVERSITY OF IRELAND GALWAY, CINECA INTERUNIVERSITY CONSORTIUM, VILNIUS UNIVERSITY, LUXINNOVATION GIE, SURF BV, SIGMA2 AS, STANISŁAW STASZIC UNIVERSITY OF SCIENCE AND TECHNOLOGY IN KRAKOW, FOUNDATION FOR SCIENCE AND TECHNOLOGY, NATIONAL INSTITUTE FOR RESEARCH AND DEVELOPMENT IN INFORMATICS ICI BUCHAREST RA, SLOVENIAN ACADEMIC AND RESEARCH NETWORK, BARCELONA SUPERCOMPUTING CENTRE – NATIONAL CENTRE FOR SUPERCOMPUTING, LINKÖPING UNIVERSITY, NSC, National Computing Centre, NARODNE SUPERPOCITACOVE CENTRUM, RIGAS TEHNISKA UNIVERSITATE, TURKIYE BILIMSEL VE TEKNOLOJIK ARASTIRMA KURUMU, INSTITUT ZA FIZIKU (IPB); Ss. CYRIL AND METHODIUS UNIVERSITY IN SKOPJE, Univerzitet Donja Gorica (UDG), MIDDLE EAST TECHNICAL UNIVERSITY (METU), SABANCI UNIVERSITESI (SU), ISTANBUL TEKNIK UNIVERSITY (ITU), FACULTY OF ELECTRICAL ENGINEERING, UNIVERSITY OF BELGRADE (ETF), INFINITE SOLUTIONS LLC (IS)
Following the success of the first phase of the EuroCC project, the second phase, EuroCC2, has been launched to continue the work already begun on expanding supercomputing competencies and conducting successful research. Under the EuroCC2 project, participating countries are tasked with operating a national HPC competence centre in their own country. These centres coordinate all HPC-related activities at the national level and serve as a point of contact for industry, science, HPC experts and the general public. EuroCC has more than 30 members and its activities are coordinated by the Stuttgart-based HLRS.
This privacy policy serves to fulfil the information obligation incumbent on the data controller in relation to the personal data processed by the Hungarian HPC KK and the Danish DeiC during the webinar organised as part of the project. The data controllers are joint controllers of the collected data, and the details of their responsibilities are set out in the joint data processing agreement pursuant to Article 35 of the GDPR.
You can register for the webinar on the DKF Indico platform. The event will be broadcast and recorded on the Microsoft Teams platform.
Webinars held on the online platform are recorded for the purpose of sharing professional knowledge. It is not necessary to turn on the camera to verify the participation of related participants and commenters. If the camera is turned on, we consider consent to recording and use to be implied. The recorded footage will only be used in connection with the objectives of the Project and for the purpose of knowledge sharing between the Partners.
Relevant legislation:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
- Act CXII of 2011 on the right to self-determination in relation to information and freedom of information
1 Essential circumstances of data processing:
|
Scope of personal data processed: |
Purpose(s) of data processing: |
Legal basis for data processing |
Party responsible for data processing |
|
During registration: name, email address, name of represented company or organisation |
Ensuring participation in the webinar, maintaining contact |
GDPR Article 6(1)(e) Data processing for the performance of public tasks |
DKF |
|
Fact of participation: digital attendance sheet |
Documentation of participation to verify attendance |
GDPR Article 6(1)(e) Data processing for the purposes of performing the tasks of the controller in the public interest |
DKF |
|
Digital recording of the event: sound, image |
Knowledge sharing |
GDPR Article 6(1)(a) consent of the data subject |
DKF, DeiC |
|
Use of recorded webinar material: image, sound |
Knowledge sharing |
GDPR Article 6(1)(e) Data processing for the performance of a task carried out in the public interest |
DKF, DeiC |
|
Sending information letters: e-mail address |
information about events similar to the topic of the event |
GDPR Article 6(1)(a) consent of the data subject |
DKF, DeiC |
Based on Section 2(3)(a) of Government Decree 234/2024 (VIII. 8.) on the termination of the Government Information Technology Development Agency without a legal successor and the continuation of its public tasks (VIII. 8.) on the termination of the Government Information Technology Development Agency without a legal successor and the continuation of its public tasks, the development of supercomputer infrastructure and ecosystem (HPC) in Hungary, including the HPC developments specified in points 1 and 6 of Government Decision 142/2020. (VII.23.) on the development of supercomputing infrastructure in Hungary, and the tasks of the HPC Competence Centre under Section 4 shall be transferred to the Digital Government Development and Project Management Ltd. after 1 January 2025, including the tasks related to the EuroCC2 project, which DKF performs as a public task within the framework of development programmes related to e-government, information technology and information and communication infrastructure, and in accordance with Government Decree 684/2020. (XII. 28.) on the implementation of projects related to e-government, information technology and information and communication infrastructure development programmes and the designation of Digitális Kormányzati Fejlesztés és Projektmenedzsment Kft
Based on § 2, no. 4, para. 4 of the Executive Order on the Tasks and Organisation of the Danish e-Infrastructure Consortium, etc. (BEK no. 615 of 29/05/2023), tasks related to the development of the supercomputing infrastructure and ecosystem (HPC) in Denmark — including the activities of the HPC Competence Centre implemented under the EuroCC project — fall within the scope of responsibility of the Danish e-Infrastructure Cooperation (DeiC). DeiC performs these tasks as a public function, coordinating national and international collaborations related to digital research infrastructure, including participation in the EuroCC project, alongside developing strategies for research data management and national data repositories.
Categories of data subjects: representatives of SMEs expressing interest in the webinar, as well as participants and speakers
Duration of data processing: Data processed on the basis of consent may be processed until the end of the project (31 December 2025, subject to change in the event of an extension) or until consent is withdrawn. Consent may be withdrawn at any time, which does not affect the lawfulness of data processing carried out on the basis of consent prior to withdrawal.
Data processed for accounting purposes will be retained until the end of the retention period for project documentation after the project has been closed.
Transfer of personal data to third countries or international organisations: no data is transferred to third countries
Automated decision-making, profiling: no
Recipients of personal data and categories of recipients
The online event will be broadcast and recorded using the Microsoft Teams application.
Data processor: Microsoft Ireland
Contact details
Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Telephone number: +353 1 706 3117.
Detailed information about Microsoft's data processing practices is available at the link below.
Microsoft Privacy Statement – Microsoft Privacy Practices
Data security measures
DKF stores documentation related to data processing primarily in electronic form. The data controller is an organisation subject to the NIS2 Directive, Act LXIX of 2024 on Cyber Security in Hungary (Cyber Security Act) and its implementing decree (Government Decree 418/2024. (XII.23.) on the implementation of the Act on Cyber Security in Hungary) and Decree 7/2024. (VI.24.) MK on the requirements for security classification and the specific protection measures applicable to each security classification (hereinafter: Government Decree). Accordingly, it is committed to maintaining the expected level of security for the data it processes.
The Company processes the personal data of data subjects in accordance with the principles and provisions of Regulation (EU) 2016/679 (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
The Company plans and implements data processing operations in such a way as to ensure that the privacy of data subjects is adequately protected. In view of the current state of technology, it takes the technical and organisational measures and establishes the procedural rules necessary to ensure data security. protects data in particular against unauthorised access, alteration, transfer, disclosure, deletion or destruction, as well as against accidental destruction and damage, damage to data and accidental loss, and against inaccessibility resulting from changes in the technology used.
DKF processes personal data exclusively on the legal basis specified in Article 6 of the GDPR. If data processing also covers data belonging to a special category of personal data, it shall only be processed if one of the conditions specified in Article 9(2) of the GDPR is met.
The Company regulates the data protection obligations of natural or legal persons and organisations without legal personality performing data processing activities on behalf of the Company in a contract concluded with the data processor or in a separate Data Processing Agreement.
The Company's employees involved in data processing and the employees of organisations involved in data processing on behalf of the Company shall treat the personal data they become aware of as business secrets. Persons who process personal data and have access to it shall sign a confidentiality agreement.
The disclosure of personal data processed by DKF is prohibited, unless the data subject gives their consent or it is required by law. Aggregated statistical data relating to the Company's employees, suppliers and customers, including personal data, may be disclosed provided that the data subject cannot be identified from such data. Before disclosing the data, the data provider shall ensure that it is not possible to identify natural persons on the basis of the disclosed data.
The disclosure of personal data processed by the Company may be ordered by law in the public interest, specifying the scope of the data. In other cases, the disclosure of data requires the consent of the data subject, and in the case of special data, written consent. In case of doubt, it shall be presumed that the data subject has not given his or her consent.
Once the purpose of data processing has ceased to exist, the employee actually processing the data is obliged to ensure that the data is deleted. The data controller and the data protection officer are entitled to check the deletion at any time.
DKF shall draw up a data protection and data security policy, which shall be made public on its website.
DeiC implements technical and organisational measures to protect the personal data it processes. These measures are designed to prevent the accidental or unlawful deletion, disclosure, loss, damage, unauthorised access, and misuse of personal data. All data processing activities are carried out in compliance with applicable legislation.
Personal data is processed and stored either by DeiC or by data processors acting on its behalf, who process the data exclusively according to DeiC’s instructions and under its authority. In certain services, subcontractors may also be involved, as specified in the relevant data processing agreement.
DeiC determines the legal basis for data processing in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – GDPR). Data collected via websites is processed pursuant to Article 6(1)(f) GDPR; data related to newsletters, conferences, and other services is processed pursuant to Article 6(1)(b) GDPR; and the processing of health-related or other special categories of personal data is carried out pursuant to Article 9(2)(a) GDPR.
DKCERT, a unit within DeiC, is responsible for safeguarding the security of Forskningsnettet (the Danish Research Network). In this capacity, DKCERT processes personal data for the purpose of preventing, managing, and investigating security incidents. Such processing is carried out pursuant to Article 6(1)(e) GDPR.
DeiC only discloses personal data to third parties where required by law. In the context of conference organisation, registration data may be shared with the venue hosting the event. Logging data collected by DKCERT may be disclosed to authorities for the investigation of legal violations.
DeiC keeps personal data for as long as needed to do what it was collected for. As a public authority, DeiC has to keep records for at least five years under the Archives Act, the Public Records Act, and the Financial Statements Act. If there are complaints or claims for damages, personal data might be kept until the matter is sorted out.
Data subjects have the right to access their personal data, request rectification or erasure, restrict processing, exercise data portability, and object to processing, including automated decision-making. Complaints may be submitted to the Danish Data Protection Agency.
DeiC publishes its data protection principles and practices in its publicly available Privacy Policy, accessible at: https://www.deic.dk/en/privacy-policy
2 What are your rights in relation to data processing?
2.1. Rules for fulfilling requests for the enforcement of rights
You may submit your request to exercise your rights to any Data Controller. Data Controllers will inform each other of the requests they receive and will cooperate in investigating and fulfilling the request. The Data Controllers have agreed that data subjects shall primarily submit their requests to exercise their rights to DKF, which, after investigation, shall immediately forward them to the Danish partner if they fall within the latter's competence.
Requests for the enforcement of data subjects' rights to be sent to DKF Kft. may be submitted using the contact details specified in point 1. Further information on the submission and fulfilment of requests is available on the Company's website in the document entitled "Information on the enforcement of data subjects' rights".
DeiC reviews data protection requests in accordance with the provisions of the General Data Protection Regulation (GDPR) and, where necessary, cooperates with DKF Ltd. in fulfilling such requests. Data subjects may submit their requests to exercise their rights to either of the Joint Data Controllers. Requests submitted to DeiC will be promptly forwarded to DKF Ltd. if they fall within the scope of the Hungarian partner’s responsibilities.
Requests to exercise data subject rights addressed to DeiC may be submitted to DeiC’s Data Protection Consultant at the following contact:
Name: Birgitte Kofod Olsen
Email: birkof@dtu.dk
Further information is available in DeiC’s Privacy Policy:
https://www.deic.dk/en/privacy-policy
2.2. Your rights regarding data processing
2.2.1. Right of access
You may request information on whether your personal data is being processed by the Data Controllers (fact of data processing).
If such data processing is taking place, you have the right to access your personal data and to receive information in accordance with Article 15 of the GDPR:
- the personal data processed and the categories of data;
- the source of the data;
- the purpose and legal basis of the processing;
- the duration of the processing;
- the recipients to whom the personal data have been or will be disclosed;
- the rights of the data subject in relation to data processing;
- the Data Subject's options for legal remedy;
- automated decision-making and profiling, if any.
Data controllers shall provide a copy of the personal data subject to data processing free of charge upon request for the first time, and thereafter may charge a reasonable fee based on administrative costs.
In the case of a request submitted electronically, the Data Controller shall provide the information to the Data Subject in a widely used electronic format, unless the Data Subject requests it in another format.
2.2.2. Right to rectification
You may request the Data Controllers to rectify your inaccurate personal data if they do not correspond to reality and the personal data corresponding to reality are available for rectification, and, taking into account the purpose of the data processing, you may request that your incomplete personal data be supplemented, inter alia by means of a supplementary statement.
2.2.3. Right to blocking (restriction of data processing)
You may request the Data Controller to restrict (by clearly indicating the restricted nature of the data processing and ensuring that the data is processed separately from other data) if
- you dispute the accuracy of your personal data (in this case, the Company will restrict data processing for the period during which it verifies the accuracy of the personal data);
- the processing is unlawful and the Data Subject opposes the erasure of the data and requests the restriction of their use instead;
- the data controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims; or
- the Data Subject has objected to the processing (in this case, the restriction applies for as long as it takes to determine whether the Data Controller's legitimate grounds override those of the Data Subject).
2.2.4. Right to object
The Data Subject may object to the processing of their personal data at any time for reasons relating to their particular situation by contacting the Data Controller at the contact details provided in section 1 if they believe that the Data Controller is not processing their personal data in accordance with the purposes set out in this privacy policy.
If the Data Subject's objection is successful, the Data Controller shall delete the personal data processed without delay.
2.2.5. Right to erasure
In relation to the data processing described in this notice, the data subject may only exercise their right to erasure if the data is not necessary for the performance of the Company's tasks in the public interest.
With regard to documents to be placed in the archives, the deletion of data cannot be carried out without compromising the integrity of the documents, therefore the request for deletion cannot be fulfilled in this respect.
2.2.6. Right to withdraw consent
The Data Subject has the right to withdraw their consent at any time with regard to data processing based on their consent. By submitting a request to this effect to one of the data controllers. The withdrawal of consent does not affect the lawfulness of data processing prior to the withdrawal.
3 Right to legal remedy
If you believe that the Data Controllers' data processing does not comply with legal requirements or violates the rights of data subjects, you may request an investigation by the Company's Data Protection Officer atadatvedelem@dkf.hu or, in the case of DeiC, you may contact Susanne Ketill Groth, Data Protection Officer (DPO), via email at susanne.groth@deic.dk.
If you believe that your data is being processed unlawfully by the Company, without prejudice to other administrative or judicial remedies, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. In Hungary, this authority is the National Authority for Data Protection and Freedom of Information (NAIH) (address: 1055 Budapest, Falk Miksa utca 9-11., postal address: 1363 Budapest, Pf. 9., e-mail:ugyfelszolgalat@naih.hu , telephone: +36 (1) 391-1400, fax: +36 (1) 391-1410, website: www.naih.hu).
In Denmark, this authority is the Danish Data Protection Agency (Datatilsynet) (address: Carl Jacobsens Vej 35, 2500 Valby, Denmark, e-mail: dt@datatilsynet.dk, phone: +45 33 19 32 00, fax: +45 33 19 32 18, website: www.datatilsynet.dk).
You may submit your request for legal remedy to any of these authorities, as they cooperate with each other in accordance with the one-stop shop model.
Furthermore, in order to protect your data, you have the option of contacting the competent court in the Member State, which will deal with the matter as a matter of priority. In this case, you are free to decide whether to file your claim with the court competent for your place of residence (permanent address) or place of stay (temporary address) or with the court competent for the Company's registered office (Budapest Metropolitan Court).
The relevant provisions set out in the Data Protection at DKF and the Data Protection Policy available on the Company's website shall govern any matters not or not in detail regulated in this Notice, in particular the principles of data processing, provisions relating to data security and data protection incidents, etc.
VERSION TRACKING
|
Version number |
Effective date |
Comment/Reason for modification |
|
v1.0 |
27 March 2025 |
Acceptance of information |
|
v2.0 |
21 October 2025 |
Clarifications arising from joint data processing and the introduction of event recording |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
