Data Processing Policy

1. Data Controller

In order to perform the tasks prescribed by law, the Chamber of Budapest Architects shall be considered a data controller in respect of the natural persons specified in Point 3 in accordance with the definition of the purposes and means.

Chamber of Budapest Architects (Budapesti Építész Kamara, BÉK)

1088 Budapest, Ötpacsirta u. 2.

Court registration number

Tax number

Person acting on behalf of BÉK:
President Balázs István Eltér

Data Protection Officer:
Zsófia Kovács (MÉK)



2. Purpose of personal data processing

Fulfillment of the legal obligation of the Data Controller (hereinafter: BÉK), protection of the vital interests of the data subject or another natural person, and the performance of any task in the public interest and in the exercise of a public authority conferred on the Controller, as well as the processing of personal data provided by the data subject for a specific purpose.

Statistical surveys carried out to perform the tasks of BÉK, to raise and expand the standard of its services.

3. Natural persons involved in data processing, and categories of personal data

3.1. Persons involved in data processing

Members and active professionals of the BÉK:
- member (active, suspended)
- candidate member
- honorary member
- cross-country service provider
- professional with occasional license
- registered (in a separate or a temporary register)
- quit (member, registered)
- canceled (member, registered)
- deceased (member, registered)
- professional with terminated membership

professionals working in the area of competence of the BÉK

3.1.3 .
clients for whose requested process the BÉK is the acting body designated by law

clients who turn to the BÉK as builders or complainants in ethical-disciplinary proceedings or in matters of supervision of profession

BÉK employees and officials
- full-time and part-time employees
- with contract of services
- student worker
- elected official
- appointed official
- member of the appointed working body
- managers and officials of BÉK companies

those requesting a newsletter

3.2. Categories of personal data subjected to data processing

All identification and registration data that are appropriate and relevant to the purpose of the data processing, aiming to limit them to the extent necessary, taking into account the principle of data protection.

BÉK does not process information that contains physical, physiological, genetic, mental, economic, cultural or social identity or contains genetic, biometric or health data. BÉK refrains from becoming aware of such data.

BÉK is entitled to know and process the natural personal identification data of the client and other participants in the proceedings and the personal data specified in the law regulating the type of case, and – unless otherwise provided by law – other personal data essential for clarifying the facts. In the procedure initiated on request, the requesting client shall be presumed to have consented to the processing of personal data, including special data, necessary to clarify the facts.

4. Categories of persons considered as the recipient with regard to data processing

To maintain a unified electronic official contact register (MEKON):

Chamber of Hungarian Architects (Magyar Építész Kamara, MÉK)

1088 Budapest, Ötpacsirta u. 2.

Court registration number

Tax number

Person acting on behalf of MÉK
President Dr. Péter Hajnóczi

Data Protection Officer:
Zsófia Kovács



To perform the accounting tasks of the data controller:

Informatív Hungary Kft.

1075 Budapest, Károly krt. 3/a.

Court registration number

Tax number

Person acting on behalf of the company
Ágnes Gálné Szőke


5. Categories of third parties with regard to data processing

To provide the IT background for the data processing tasks of the data controller:

Orgtech Kft.

2000 Szentendre, Szmolnica sétány 15.

Court registration number

Tax number

Person acting on behalf of the company
Jenő Juhász managing director


6. Deadlines for deleting data categories

Guidance on relevant legislation and internal Regulation should be followed for deadlines for deleting the data categories.
Data, the deadline for the deletion of which is set by law or the Regulations, shall be deleted immediately upon the expiry of the deadline, if the procedure necessitating the use of the data has been definitively completed and is no longer needed for the enforcement of the legitimate interests of the controller, data subject or third party.

7. Technical and organizational measures for the security of data processing

7.1. Technical measures
- assessment of the hardware and software stock for data processing
- checking and, if necessary, updating firewalls, unique IDs and passwords to prevent unauthorized access
- recording logging rules for data processing activities
- defining backup rules
- continuous updating and replacement of IT equipment, taking into account the proportionality of the costs of implementing secure protection

7.2. Organizational measures
- assessment of the categories of personal data processed
- determining the purpose and legality of the processing of personal data
- assessing the tasks and risks associated to processing the data
- defining access, modification and deletion rights to the processed data
- determining the storage period of the processed data
- defining the detailed rules of data processing
- defining the scope and rules for the transfer of data to a third party
- recording the rules of data processing in the Regulations and publishing them
- sending information on the legality of data processing to the persons concerned

8. Data processing rights of the data subject

8.1. Right to request information
The data subject may request information from the data controller in writing via the contact details specified in Point 1 on the following: what kind of personal data, from what source, on what legal basis, for which data processing purposes, and how long the data controller handles, and to whom, when, on what legal basis and which personal data the controller granted access to or transmitted. The data controller shall respond to the request for information in writing within a maximum of 8 days.

8.2. Right to data correction
The data subject may request in writing via the contact details provided in Point 1 that the data controller modify any of his/her proceeded personal data. The data controller shall complete the correction within a maximum of 8 days, notify the data subject in writing of the correction or provide information on the rejection of the request within the same time limit.

Notification of changes in personal data, the registration of which arises from the legal obligation of the data controller, is not the right but the obligation of the data subject. The notification shall be made within 15 days.
If the data subject fails to comply with the obligation to notify within the time limit, the failure to do so may be penalized.
If the data controller presumes that there has been a change in the personal data of the data subject without any notification, he/she is entitled to request the data of the data subject from the register of the Government Office of the Capital City Budapest (Central Address Register).

8.3. Right to object
The data subject may object in writing via the contact details provided in Point 1 to the form or way of data processing in which the data controller would transfer or use the personal data for the purpose of direct business acquisition, public opinion polling or scientific research.

8.4. Right to delete and block
The data subject may, at any time, request in writing via the contact details provided in Point 1 the deletion or blocking of his/her data processed, provided that there are no legal obstacles to do so.
If possible, the data controller shall notify the data subject in writing immediately, but not later than within 8 days, of the fulfillment of the request, and at the same time provide information on the mandatory holding period of the deleted data required by law.

Depending on the type of personal data and the right to be enforced by the data subject described in this section, the written notification may be made electronically or in the form of an official document.

9. Enforcement options in relation to data management
If the data subject has any questions related to data protection that are not covered by these Regulations, he/she can contact the data controller in writing at any time for information.

9.1. Data Protection Authority
If a data subject experiences a breach of law in connection with the processing of personal data or becomes aware of a data protection incident or perceives a threat thereof, he or she may submit a written complaint to the data protection authority.

Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság, NAIH)

1125 Budapest, Szilágyi Erzsébet fasor 22/c.
1530 Budapest, Pf. 5

+36 (1) 391-1400


9.2 . Initiation of legal proceedings
The data subject may go to court if his or her rights are violated. The adjudication of the lawsuit falls within the jurisdiction of the court. The lawsuit may also be brought before the court of the place of residence or stay, depending on the choice of the data subject.