Privacy Policy
1. Preamble

The purpose of this Privacy Policy is to inform you about the data management operations of the Budapest Metropolitan University (seat: 1148 Budapest, Nagy Lajos király útja 1-9., institutional identification: FI33842; hereinafter: METU or Data Controller) regarding the data processing operations in connection with the sending of information and eDM emails or messages based on the data subject's consent according to

  • the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 201 on the on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation; GDPR)

  • the applicable Hungarian legislation.

2. Data Controller

The METU is considered to be a data controller regarding the data management of this Privacy Policy.

Contact information:

address: 1148 Budapest, Nagy Lajos király útja 1-9.

e-mail: adatvedelmitisztviselo@metropolitan.hu

In the data management processes, the Data Controller complies with the regulations in force and fully respects the protection of the fundamental rights and privacy of individuals with special attention to the provisions of the General Data Protection Regulation.

If you have any questions or comments, please contact us at adatvedelmitisztviselo@metropolitan.hu.

3. The data processing



  1. The purpose of data processing

The Data Controller shall process the data of the data subject in order to send informative and marketing e-mails or messages on social media platforms to inform them about the educational activities, training opportunities, the daily operation of the Data Controller, furthermore, the admission procedure and requirements thereof.

  1. The range of the processed data

The Data Controller handles the following data:

  1. name,

  2. e-mail address,

  3. phone number,

  4. study preferences.

Provision of the data according to points c)-d) is not obligatory to complete the form on the website.

  1. Data subjects



The person giving consent to the data processing described in Section 3.1.

  1. Legal basis of data processing

Data processing by the Data Controller is based on the written consent of the individual concerned.

Please be advised that the collection, management, and storage of data is solely in accordance with the purposes set out in point Section 3.1.

  1. Sources of the data

Data will be provided by the individual according to the written consent.

There are no consequences for not providing data to the Data Controller.

If the data or the consent is not provided, the data processing set out in Section 3.1 shall not take place.

  1. Access to data, storage

The Data Controller shall take special care to ensure that the data are accessible only to authorized employees of the organizational unit responsible for the concerned task.

Data Controller utilizes the marketing communication and intermediary services of EduSMM (Popov Proyezd, 4, Moscow, 107014, Russia; https://edusmm.com/policyen).

The form on which the data and consent may be provided is based on Microsoft Forms (Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18., Ireland; https://privacy.microsoft.com/en-us/privacy-questions)

With regard to the data displayed on the Facebook and Instagram social networking sites, the data management information of Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbor, D2 Dublin, Ireland) is available at the following websites: https://www.facebook.com/privacy/explanation, https://help.instagram.com/519522125107875.

Data Controller is in contact with social media influencers as data processors who may contact the data subject according to the instruction of the Data Controller.

Paper-based data is stored at the Data Controller's seat under secure conditions.

  1. Duration of data processing

The Data Controller will store the data described in provision 3.2. until 31 December 2022.

  1. Data forwarding

The Data Controller does not transfer the processed data.

4. Confidentiality and security of data

The Data Controller processes personal data confidentially, and takes all complementary IT measures required to a safe data processing.

The Data Controller and the data processor shall take appropriate technical and organizational measures – taking into account the state of science and technology and the costs of implementation, the nature, scope, circumstances and objectives of data management and the risk of varying probability and severity of natural persons' rights and freedoms – to guarantee a level of security that is appropriate to the degree of risk.

The Data Controller selects and manages the IT tools used to manage personal data in the provision of the service so that the data processed

  • can only be accessed to the authorized person,

  • are protected against unauthorized access through server-level and application-level security procedures,

  • can be verified to be unaltered, and the verification of the changes is ensured,

  • is available throughout the data processing period.

5. Your rights

Please note that according to the law in force you can enforce your rights at adatvedelmitisztviselo@metropolitan.hu by e-mail - under the statutory terms -:

  1. you may request access to your personal information, and to their copies (Article 15);

  2. you may request information about the main parameters of data processing (purpose, scope of data processed, involved data processors, duration of data management) (Article 15);

  3. you have the right to withdraw your consent at any time, however, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (Article 7 (3));

  4. you have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you (Article 16);

  5. you may request the deletion of your personal information without undue delay (Article 17);

  6. you may request a restriction of processing of your data (Article 18);

  7. you shall have the right to receive the personal data concerning you, which you have provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (Article 20);

  8. shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement (Article 77);

6. The right of appeal in court, complaints addressed to the supervisory authority, questions

If you have any questions or requests related to data protection, please contact us at the e-mail address adatvedelmitisztviselo@metropolitan.hu!

If you request information, we will respond to your request within a maximum of 30 days, using the contact information you provided.

In case of illegal data processing experienced by the data subject, he or she may initiate a civil lawsuit against the Data Controller. The trial falls within the jurisdiction of the regional court. The lawsuit - at the option of the person concerned - can also be initiated before the court of the place of residence (you can see the list and contact details of the courts through the following link: http://birosag.hu/torvenyszekek).

Without prejudice to other administrative or judicial remedies, any data subject shall have the right to file a complaint to the supervisory authority, in particular in the Member State in which he or she has his or her habitual residence, place of employment or suspected infringement, if the data subject considers that the processing of personal data regarding him or her violates the GDPR.

National Authority for Data Protection and Freedom of Information

Address: H-1055 Budapest, Falk Miksa utca 9-11.

Postal address:1530 Budapest, Pf.: 5

E-mail: ugyfelszolgalat@naih.hu

Phone no.: +36 (1) 391-1400

Fax no.: +36 (1) 391-1410

Website: www.naih.hu