I. Terms of Use
1. The purpose of PARTIMAP
PARTIMAP, developed by the watchdog for public funds K-Monitor Public Benefit Association, is a free, open-source software that provides an easy-to-use digital questionnaire platform, especially for issues related to urban and transport development. Its aim is to facilitate the involvement of stakeholders in the planning and evaluation of public development projects that affect the daily life of the population, allowing them to express their needs in a meaningful way, so that public funds can be used more efficiently and in a way that takes these needs into account.
2. Terms of Use
By accepting the Terms of Use, the user of the service (hereinafter referred to as the User) accepts that the PARTIMAP.eu platform is intended to achieve the above purposes. To this end, the User shall act with these purposes in mind when using the service.
By accepting the Terms of Use, the User acknowledges that the content shared through the service is freely available for public use and that the User may not use the service for direct financial gain.
K-Monitor Public Benefit Association will not make any changes to the content shared by the User, except in cases of violation of the Terms of Use, nor will it use the resulting data for research or make it public. The User acknowledges that K-Monitor Public Benefit Association may aggregate data on the number of PARTIMAP users, analyse the aggregated data and publish it publicly.
By accepting the Terms of Use, the User undertakes to respect the rights of others, in particular their right to human dignity, the protection of personal data and intellectual property rights, when using the Service.
By accepting the Terms of Use, the User declares that he/she will not use the Service to collect or process personal data.
3. Violation of Terms of Use
K-Monitor Public Benefit Association is not liable to third parties in connection with the content created and made public by the User.
However, if the User breaches the above conditions, K-Monitor Public Benefit Association shall be entitled to terminate the provision of the service to the User without prior notice. K-Monitor Public Benefit Association may remove content from the platform that is deemed to be illegal or in breach of the above conditions without prior notice to the User.
II. Privacy Policy
1. Purpose of the Privacy Policy
This Privacy Policy describes the data management practices of the service (hereinafter referred to as the "Service") available on the website www.partimap.eu operated by K-Monitor Public Benefit Association (headquarters: 1077 Budapest, Rózsa u. 8., hereinafter referred to as the "Data Controller") in accordance with the EU rules.
The purpose of this Privacy Policy is to set out the data protection, data processing and data management rules that the Data Controller and the user registered on the platform (hereinafter referred to as the "Registered User"), as a Specific Data Controller, undertake to comply with and accept as binding upon them.
2. The Data Controller
General Data Controller: K-Monitor Public Benefit Association
Headquarters: 1077 Budapest, Rózsa u. 8.
Office and mailing address: 1062 Budapest, Bajza utca 23.
Phone: +36 1 789 5005
E-mail: info@k-monitor.hu
Website: k-monitor.hu
If you have any questions about this privacy notice, please contact us using one of the contact details above.
Specific data controller: the Registered User creating and operating a Project is also a data controller in the context of that Project.
General data controller:
International Institute for Applied Systems Analysis (IIASA)
Schlossplatz 1, 2361 Laxenburg, Austria
https://iiasa.ac.at
Additional data controllers:
Dundee City Council
City Chambers, 21 City Square, Dundee, DD1 3BY
3. Definitions
Personal data: any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data handling: any operation or set of operations which is performed upon data, in particular collection, recording, registration, organisation, storage, alteration, use, retrieval, transmission, disclosure, interlinking or combining, blocking, disposal and erasure, prevention of further use of data, taking of photographs, sound or image recordings and recording of physical characteristics which permit identification of a person.
Data Controller: the data handling is carried out by the Data Controller and the Registered User in relation to the specific "Project" created by the Registered User.
Data Processing: the performance of technical tasks related to the data handling operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.
Registered User: a natural person who uses the services of the Data Controller through the www.partimap.eu platform as a registered user, in the context of which he/she may disclose his/her personal data to the Data Controller and creates a questionnaire to be completed by the Visitor.
Third party: a natural or legal person, public authority, agency or any other body other than the data subject, the data controller, the processor or the persons who, under the direct authority of the controller or the processor, are authorised to handle personal data.
User: the Registered User and the Visitor together.
Consent of the data subject: a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by means of a statement or an unambiguous act of confirmation, his or her agreement to the handling of personal data concerning him or her.
Sensitive data: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, genetic data or biometric data revealing the identity of natural persons, health data and personal data concerning the sex life or sexual orientation of natural persons.
Visitor: a natural person who uses the services of the Data Controller through www.partimap.eu as a non-registered user and, in this context, discloses non-personal data to the Data Controller and the Registered User.
Project: an interface created specifically by the Registered User after registration, accessible at a unique URL, featuring a questionnaire which Visitors can complete without registration.
Registration: the electronic operation by which the Registered User accepts the Terms of Use and the Privacy Policy set out by the Data Controller.
4. The scope of the data handled and processed and the purpose of the data handling
4.1. The Data Controller handles the following data, broken down by the activities that may be carried out using the Service:
Personal data provided upon registration
When registering, the Registered User's name, email address and password are recorded and stored. The name and email address of the Registered User will be indicated in the privacy notice of the questionnaire that is part of the Project, in a way accessible to the Visitors. It is not necessary to upload a profile picture to use the Service. Acceptance of the Privacy Policy is done by checking a mandatory checkbox that has not been completed in advance.
Purpose: the handling of the personal data provided by the Registered User is necessary for his/her identification by the Data Controller in the system, for possible contact initiated by the Data Controller and for informing the Visitors who fill in the questionnaire that is part of the Project.
Legal basis for data handling: voluntary consent of the Registered User (data subject).
Duration of data handling: until revoked by the Registered User, but not longer than 5 years.
In case of unlawful or misleading use of personal data or in case of an act committed by the Registered User that endangers the operation, activity and achievement of the purposes of the Data Controller, the Data Controller is entitled to delete the Registered User's data without delay, however, in case of suspicion of criminal offence or civil liability, the Data Controller is also entitled to retain the data for the duration of the proceedings.
Data provided when creating a Project and Questionnaire
After registration, the Registered User may create a questionnaire by editing a form, the content of which the Registered User determines himself/herself, in compliance with the Terms of Use defined by the Data Controller. The content available to the Registered User on the form associated to the Projects and on the questionnaire accessible to the public may be textual and visual content. The Registered User may not ask the Visitors to provide personal data in the questionnaire created by him/her, in accordance with the Terms of Use.
Technical details of using the service
Logging
During the use of the Service, the system records the IP address of the Registered User's computer, the start and end time of the visit, and in some cases --- depending on the Registered User's computer settings --- the type of browser and operating system. These data are automatically logged by the system.
Data recorded by embedded services
Depending on the settings of the Registered User's browser and computer, different embedded services are present when using the Service. These services are necessary for the optimal use of the site:
The organisations providing embedded services have their own privacy notice and privacy policy, available at the links above, regarding the data collected and processed in the course of providing the service, but the Data Controller does not have access to or use the data. Furthermore, these services can be deactivated, at the Registered User's discretion, by means of the appropriate browser settings, but they will lead to a deterioration in the quality of the use of the site.
Tracking
When you use the site, we also use tracking tools to track traffic and activity on the site so that we can collect anonymised statistics on the number of visitors:
- Google Analytics generates site traffic statistics by encrypting and partially capturing IP addresses. No other data that can be recorded and stored by the application is used. The anonymised statistics are stored for 1 year.
As the Data Controller, we do not link tracking data to personal data, but we do not have the right to decide on their possible further use. This data is governed by the privacy principles and policies of Google LLC ("Google", 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America), the embedded application developer. If the Registered User wishes to use the site without a tracker, the Registered User may explicitly opt out.
Cookies
Cookies are only used by the site to store the Registered User's login and are automatically deleted after 30 days.
4.2. The following data is handled by the Data Controller and, after registration, by the Registered User, broken down by the activities that may be carried out with the Service:
Data provided by the Visitor when filling in the questionnaire.
The Data Controller and the Registered User will know and handle the data provided by the Visitor in the form of a response to the questionnaire created specifically by the Registered User. The answers may not contain personal data in accordance with the Terms of Use.
4.3. Data available to the public
The data provided by the Visitors through the completion of a questionnaire created by the Registered User is available to the public in aggregate form on www.partimap.eu. This data can be freely used by any member of the public.
5. Data processors employed by the Data Controller
Name: György Haluska
Contact: +36-20-9465935
Linux Hungary Kft. provides hosting services for www.partimap.eu.
6. Rights in relation to data handling
The Registered User has the following rights during the period of data handling:
- the right to information and access: the Registered User may request information about the personal data stored in relation to him or her and may request a copy of such data;
- the right to rectification: the Registered User may request the rectification of personal data stored about him/her if they are inaccurate or incomplete. If the Registered User also provides the Data Controller with personal data which is not necessary for the purposes of the processing, the Data Controller shall delete it.
- right to be forgotten: the Registered User may request the Data Controller to delete the data stored about him/her from the database, in particular if he/she withdraws his/her previous consent to the processing or if the processing is unlawful.
- right to restriction of handling: the Registered User may request the restriction of handling if a) he/she contests the accuracy of the personal data and requests the restriction of handling for the period of time necessary for the Data Controller to verify the accuracy of the personal data; b) the handling is unlawful but the Registered User opposes the erasure of the data and requests instead the restriction of their use; c) the Data Controller no longer needs the personal data for the purposes of the handling but the Registered User requires them for the establishment, exercise or defence of legal claims;
- right to data portability: in the case of automated processing of personal data, the Registered User may request that the Data Controller transfers the stored personal data to the Registered User in a structured, machine-readable (interoperable) format or, if technically feasible, to another data controller. The right to data portability must not adversely affect the rights and freedoms of others.
- the right to object: the Registered User may object to the handling of his or her personal data on grounds relating to his or her particular situation, if the handling is necessary for the performance of a task carried out in the public interest, in the exercise of official authority, or for the legitimate interests of the controller or a third party. When providing the Service, the Data Controller handles the Registered User's data with the Registered User's consent, and therefore objections may only be raised in the case of mandatory data handling (e.g. ad hoc data transfers) that must be carried out even without consent.
- right to redress: see point 7.
7. Redress possibilities
Collaboration with the Data Controller
If the Registered User experiences unlawful data handling, it is advisable to send the complaint to the Data Controller first before initiating a formal procedure, as this will allow the Data Controller to restore the lawful situation.
Complaint
The Registered User may lodge a complaint with the National Authority for Data Protection and Freedom of Information (NAIH) in case of a breach of the handling of personal data concerning him/her.
Address: 1055 Budapest, Falk Miksa utca 9-11. (Postal address: 1363 Budapest, Pf.: 9. )
Authority Portal NAIH
E-mail: ugyfelszolgalat@naih.hu
Enforcement in court
The Registered User shall also have the right to an effective judicial remedy if the NAIH does not act on the basis of the complaint, rejects it or deems it unfounded. In addition to a complaint to the supervisory authority, the Registered User may also bring a claim directly to court against the Data Controller if the Data Controller (or a third party) has infringed his/her rights regarding the protection of personal data in the handling of his/her personal data. Proceedings against the Data Controller shall be brought before the competent court of the place where the Data Controller is established or, at the choice of the data subject, of the place of residence or domicile of the data subject. The court shall decide the case on a fast-track basis.
8. Amendments to the privacy policy
The Data Controller may at any time decide to add a new handling purpose to its ongoing data handling, and therefore the Data Controller reserves the right to amend this policy. The Data Controller will notify the Registered User by e-mail of the modification of the policy.
9. Legislation on data management
REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive (EC) No 95/46/EC (General Data Protection Regulation) ("GDPR"), in its current version available here
Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the current text of which is available at available via the following link
10. Entry into force
This privacy notice shall enter into force on 1 December 2021.