UP Innovation Days 2025

• Chamber of Commerce and Industry of Pécs-Baranya

• University of Pécs

Data protection information

On data management related to the "PTE Innovation Days 2025" event jointly organised by the University of Pécs and the Pécs-Baranja Chamber of Commerce and Industry

The University of Pécs (hereinafter: University) and the Pécs-Baranya Chamber of Commerce and Industry (hereinafter: PBKIK) pay particular attention to the fact that in the course of its data processing, the University complies with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 20 May 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation), the Hungarian Data Protection Act of 2011. CXII of 2011 (hereinafter: Infotv.), other legislation and the data protection practices developed in the course of the activities of the National Authority for Data Protection and Freedom of Information (hereinafter: NAIH).

1. Name of data controllers

Name: University of Pécs

Headquarters and mailing address: 4 Vasvári Pál u., 7622 Pécs, Hungary.

Rector Dr. Attila Miseta and István Decsi, Chancellor

Department responsible for data management: Department of Research Utilisation and Technology Transfer

Representative: Dr. Orsolya Vass Kottászné Head of Department

Contact name: Balázs Czibók Innovation Manager

Phone number: +36-30- 925-5619

E-mail address: czibok.balazs@pte.hu

Name of Data Protection Officer: Dr. Alexandra Erzsébet Zámbó Alexandra

Contact: adatvedelem@pte.hu, https://pte.hu/hu/adatvedelem

Name: Pécs-Baranya Chamber of Commerce and Industry

Address and correspondence address: 7625 Pécs, Majorossy Imre utca 36.

Representative: Szabolcs Rabb Secretary General

Telephone number: +36-72-507-148

E-mail address: szrabb@pbkik.hu

Name of Data Protection Officer: Krisztina Pohli

Contact: pohli@pbkik.hu

1. Scope and source of personal data processed

The scope of the processed data includes the data provided to the Data Controller for the purpose of registration for the event "PTE Innovation Days 2025" (hereinafter referred to as the "Event"), which the data subject sends to the Data Controller in connection with the Event, in particular the following data:

a) for data subjects registering for the Event without the intention to participate in the Event without matchmaking rights: name (surname, first name), e-mail address, country, city, organisation/institution of the data subject.

b) for data subjects registering with the intention of participating in the Event with matchmaking rights: the data subject's name (surname, first name), e-mail address, country, city, organisation/institution, job title, picture, telephone number, short introduction, social media contact details.

The source of the data is your submission, the registration form you fill in.

If there are any changes or modifications to the processed data during the data processing period, please notify the contact person indicated in point 1 without delay.

1. Purpose and legal basis of the processing

   1. If the data subject registers on the registration form provided with the intention of participating in the Event without matchmaking rights, the personal data provided by the data subject in point 2.a) will be processed by the University for the purposes of the proper functioning of the institution as a public task (Article 6(1)(e) of the General Data Protection Regulation). Please note that participation in the event is voluntary, however, if the data subject does not provide the necessary data for registration, we will not be able to ensure participation.

   2. The University will process the personal data provided by the data subject under 2(b) for the purposes of providing the right to participate in the Event by matchmaking, for the purpose of preparing the matchmaking, pursuant to Article 6(1)(a) of the General Data Protection Regulation.

   3. The University processes the personal data provided by the data subject under point 2(a) in order to fulfil its tax liability (pursuant to Article 6(1)(e) of the General Data Protection Regulation) for the purpose of complying with its legal obligation to comply with Act C of 2000 on Accounting.

   4. The University may, for the purposes of the proper functioning of the institution and the organisation of the event as a public task (pursuant to Article 6(1)(e) of the General Data Protection Regulation), issue a certificate or summary statement to justify participation in the Event, in accordance with its legal obligation, and in this case send it to a supporting authority. The certificate and the summary statement shall contain the following information: the name of the natural person taking part, his/her organisation/institution, his/her signature, the name of the organiser of the Event, the place, date and address of the Event.

   5. The University may take pictures and video recordings, in particular crowd shots, during the Event. Crowd shots may show a crowd of people, the persons depicted may be seen as part of the crowd rather than as individuals, but may also include footage of the Event participants that allows them to be identified as individuals. In the case of images in which the data subject can be identified as an individual, the University will process the images of the data subject, on the basis of the data subject's explicit and voluntary consent (Article 6(1)(a) of the General Data Protection Regulation), for the purposes of documenting the event, preserving the images of the event, and publishing promotional and marketing content about the event. With regard to the recording, the data subject shall give his or her consent by entering and remaining in the area covered by the camera during participation.

   6. The University processes the name and e-mail address of the data subject for the purpose of sending a satisfaction survey on the event, in order to ensure the proper functioning of the institution as a public task (pursuant to Article 6(1)(e) of the General Data Protection Regulation).

   7. The PBKIK processes the personal data provided by the data subject pursuant to point 2(a) for the purpose of processing the confirmation of the satisfaction survey on the basis of the explicit and voluntary consent of the data subject (Article 6(1)(a) of the GDPR) in accordance with the PBKIK's Privacy Policy.

2. Duration of processing

The duration of the data processing is the expiry of the maintenance period of the application with the identification number 101083971 - Data-EDIH in the case of the data processing under points 3.1 and 3.4, but not longer than 8 years, the withdrawal of consent in the case of the data processing under point 3.2, but not longer than 1 year, the issuing of the invoice in the case of the data processing under point 3.3, and 8 years pursuant to Article 169 of Act C of 2000 on Accounting. PBKIK, as the data controller, shall process the data for the period specified in its own data protection policy.

1. Persons having access to the data, data processing, data transmission

Access to the data is only granted to the staff of the University's organisational unit which needs the data to perform its tasks. Staff members are bound by confidentiality obligations in respect of the personal data they receive.

The "PTE Innovation Days 2025" event is jointly organised by the University and PBKIK. PBKIK will use a data processor for the organisation of the event:

B2Match GmbH will act as data processor.

The information on data processing of the data processor is available at the following links:

https://www.b2match.com/privacy-policy

The University will transfer the personal data to the Széchenyi Programme Office and the European Commission for the purpose of the accounting of the application.

1. Data security

The University shall ensure adequate security of the personal data of the data subject, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by implementing appropriate technical and organisational measures. Further information on the data security measures applied by the University can be found in §§ 20-22 of the University of Pécs Data Protection Regulations and in the IT Security Regulations.

1. Rights of data subjects and their exercise

   1. The data subject shall have the right to access the information specified in Article 15 of the General Data Protection Regulation (right of access) in relation to the processing of personal data concerning him or her, including in particular the right to be informed by the University that

2. which personal data,

3. for what purposes and on what legal basis,

4. from which source it is collected;

5. the envisaged duration of the storage or the criteria for determining that duration;

6. to whom, when, to which personal data the University has given access or to whom it has transferred personal data; and

7. what rights, complaints and remedies the data subject has in relation to the processing.

   1. The data subject has the right to have inaccurate (incorrect or incomplete) personal data relating to him or her corrected or rectified on the basis of Article 16 of the General Data Protection Regulation (right of rectification).

   2. The data subject shall have the right to erasure of his or her personal data pursuant to Article 17 of the GDPR (right to erasure) where

8. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

9. in the case of processing based on consent, the data subject withdraws his or her consent and there is no other legal basis for the processing;

10. the data subject has effectively objected to the processing on the basis of 7.7;

11. the personal data have been unlawfully processed;

12. the personal data must be erased in order to comply with a legal obligation;

The data will not be erased where the processing is necessary

• necessary for compliance with a legal obligation or for the exercise of a public task or authority;

• for the establishment, exercise or defence of legal claims;

• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, where the right to erasure would be likely to render such processing impossible or seriously jeopardise it.

  1. The data subject shall have the right to obtain restriction of the processing of his or her personal data (right to restriction), as set out in Article 18 of the General Data Protection Regulation, where:

• the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period of time which allows the University to verify the accuracy of the personal data;

• the processing is unlawful and the data subject opposes the erasure of the data and instead requests the restriction of their use;

• the University no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or

• the data subject has objected to the processing on the basis of point 7.7, in which case the restriction shall apply for the period until it is determined whether the University will uphold the objection.

Personal data subject to restriction, except for storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.

1. In the case of processing based on consent, the data subject shall have the right to withdraw his or her consent at any time without giving reasons on the basis of Article 7(3) of the General Data Protection Regulation (right to withdraw consent). The withdrawal shall be made in writing or in the form in which consent was given. Withdrawal does not affect the lawfulness of the processing prior to the withdrawal.

2. In the case of automated (electronic) processing based on consent or for the performance of a contract, the data subject shall have the right to receive personal data relating to him or her in a commonly used electronic format or to request the University to transfer the data to another controller, as provided for in Article 20 of the General Data Protection Regulation (right to data portability).

3. Where processing is carried out for the performance of public tasks or in the exercise of official authority, or where processing is based on a balancing of interests, the data subject has the right to object to the processing on grounds relating to his or her particular situation (right to object). the University may no longer process personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

4. The data subject may exercise his or her rights free of charge by contacting the contact point indicated in point 1 or the Data Protection Officer. The exercise of the data subject's rights may in most cases require the identification of the data subject and in some cases (e.g. exercise of the right to rectification) the verification of an additional piece of information. The University will decide on the request to exercise the right of access within one month at the latest. Where necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months, the extension being notified to the data subject within one month.

Any complaints regarding the processing of personal data may be addressed to the contact details indicated in point 1 or to the University's Data Protection Officer(adatvedelem@pte.hu. If you wish to complain by post, you can do so to the address Vasvári Pál u. 4., 7622 Pécs, to the contact person indicated in point 1 or to the Data Protection Officer.

If you consider that you have suffered or are at imminent risk of suffering a legal damage in connection with the processing of your personal data, you may contact the National Authority for Data Protection and Freedom of Information (postal address: 1363 Budapest, Pf. 9. phone: +36 (1) 391-1400, email: ugyfelszolgalat@naih.hu, website: https://naih.hu).

In the event of a breach of your data protection rights, you may also take legal action before the courts of your place of residence or domicile, at your choice.