Dear Guest! If you find an error on the page or you have any technical question please call the customer service center. Phone number is 06-80-203-776. The Central Bank of Hungary.
HU

Data Protection Notice

General Data Management Guidelines of the Magyar Nemzeti Bank

Print

General Data Processing Guidelines of the Magyar Nemzeti Bank

The Magyar Nemzeti Bank (hereinafter: MNB) processes the personal data collected or recorded during its activities according to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR) and of Act CXII of 2011 on information self-determination and freedom of information (hereinafter: Information Act), as follows.

Purpose and Scope of the Guidelines

These Guidelines lay down the data protection and processing principles as well as the data-protection and processing policy of MNB, which MNB (as controller) regards as binding, and provide information on MNB’s data processing activities (excluding certain processing activities in its employer role), the rights related to processing as well as the legal remedies.

MNB as data controller, informs all affected parties of the general information on personal data processing by publishing these Guidelines.

Data controller:

Magyar Nemzeti Bank
Registered Office: 1054 Budapest, Szabadság tér 9. Client service: 1013 Budapest, Krisztina krt. 39. Phone: (+36 80) 203-776.
Data Protection Officer of MNB: Dr Tivadar János Marton (phone: 06 1 428 2600, email: martont@mnb.hu).

MNB’s processing principles:

MNB and MNB’s organisation and systems may process personal data lawfully, fairly and transparently only.

Processing is lawful only if at least one of the legal grounds specified in Article 6(1) of the GDPR apply.

A procedure is fair and transparent if data subjects get easily accessible and non-technical information regarding the way of collection and use of their data, the scope of persons entitled to access them and the way of such access, or any other ways of processing.

Personal data may be processed for clearly defined and lawful purposes. Personal data may not be processed in a way incompatible with such purposes.

Processing must be justified in terms of its purpose and must be limited to the extent most necessary.

Data processing must be accurate; inaccurate processing in terms of the relevant purpose must be rectified immediately, i.e., all reasonable measures must be taken to erase or rectify personal data that are inaccurate in terms of the purpose of the processing.

Data must be stored in a way that allows data subject identification only to the extent necessary for achieving the relevant goal.

Appropriate technical or organisational measures must ensure the appropriate personal data security during processing, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage of data.

General principles for the duration of processing:

For data processed by MNB, the processing terms specified in these Guidelines shall be understood for data processed in structured databases. Data erased from the databases may be found in the archiving systems specified in Act LXVI of 1995 on Public Records, Public Archives, and the Protection of Private Archives; MNB must, however, process these data until their scrapping or archiving as required by that act.

Data security measures:

Personal data maintained in an electronic format are stored on the servers of MNB, external data processors are used in certain cases only. In all data processing outsourcing cases, MNB ensures that the contracted service provider meets the requirements for data management. MNB applies appropriate measure to protect personal data (among others) from unauthorized access and modification.

These Guidelines inform you about processing activities in which natural persons contacting MNB might be data subjects; these are the following.

  1. Data processed during visiting the MNB website.
  2. Cookie management on mnb.hu.
  3. Data managed with regard to the operation of the Career Portal.
  4. Data processed with regard to the operation of the Client Service.
  5. Operation of security cameras.
  6. Entrance into the building.
  7. Data processed in the authority procedures of MNB.
  8. Data processed during MNB events.
  9. Contact persons’ data, and data processed during communication activities.
  10. Inspection of suspected counterfeit banknotes.
  11. Inquiries of the public concerning the cash in circulation and data regarding the authorisation of cash-processing activities.
  12. Activities of the Financial Arbitration Board.
  13. Data processed in MNB’s calls for applications and educational activities.
  14. Data processed during the recording of phone calls received by MNB in the central system outside of the client service.
  15. Data processed concerning trainings and exams regulated by public authorities.
  16. Data processed in connection with agency contracts.

    These Guidelines provide information on the assertation of the following data subject rights:

  17. Right of information and right to access.
  18. Right to rectification.
  19. Right to erasure (right to be forgotten).
  20. Right to restriction of processing.
  21. Right to withdraw consent.
  22. Legal remedies.

1. Data managed for visits to the MNB website.

1. The purpose of data processing and the scope of the processed data:

The purpose of data processing is that MNB can ensure all options provided by the Internet in performing its tasks with a view to ensure accessibility to its services and that it provides all necessary information for the data subjects. Technical data collected during visiting the website are to improve the quality of services.

Scope of processed data: username, password and the phone number, position, institute in certain cases and technical data collected during visit. The electronic data reception system also collects the mother’s name, place and date of birth, citizenship, email address and workplace telephone number.

2. Legal basis of data processing:

Event registration—in case of the electronic data reception system and the interface for viewing content requiring registration—is a legitimate interest of MNB; user consent—in case of the interfaces operated by the Education Department of MNB and in cases not specified here.

3. Term of data processing:

For the technical data collected at the time of website visit: the time defined for the goal; for registration data is managed until permission is revoked but not longer than two years.

4. Data transfer:

This kind of data processing does not involve any data transfer.

2. Cookie Management at mnb.hu

5. The following link provides further information regarding cookie management:

https://www.mnb.hu/cookie

3. Data managed with regard to the operation of the Career Portal

6. The purpose of data processing and the scope of the processed data:

The purpose of data processing is human resources management at MNB, filling vacant positions with the best possible candidates and communication with the candidates.

Scope of processed data: personal data which applicants submitted during registration and data that are available in their uploaded CVs and documents and which may identify them as natural persons and are related to their education, qualifications, professional experience, skills, and competences. Any information submitted by you beyond those requested for the actual application are based on the data subject’s free decision. Data subjects shall get further guidelines in the further stages of the selection process.

7. Legal basis of data processing:

Consent of the applicant, candidate—based on Article 6(1)(a) of the GDPR.

8. Term of data processing:

MNB will process these data for up to one year following the registration.

9. Data transfer:

Data are not forwarded, but MNB engages a processor during processing. MNB stores applicant data on the servers of the processor, Nexum Magyarország Kft. (6726 Szeged, Temesvári krt. 15.). MNB and Nexum Magyarország Kft. take appropriate measures to ensure the protection of personal data, from unauthorized access or change, among others.

4. Data processed with regard to the operation of the Client Service, data processed with regard to the operation of the telephone client service

10. The purpose of data processing is data processing within the context of performing tasks related to providing written client service information for clients within the scope of performing the statutory tasks of MNB;

data processing related to the management of notifications in the public interest, falling within the scope of competence of the client service;

pre-screening submissions to MNB, initiation of consumer-protection control procedures launched at requests;

pre-screening of submissions to MNB with regard the procedure of the Financial Arbitration Board launched at requests or under the principles of equity.

Scope of processed data: name, contact details, gender, name, contact details of proxy of the person submitting the request or inquiry.

11. Legal basis of data processing: the data processing is performed, based on Article 6(1)(e) of the GDPR, within the context of exercising the public powers vested in MNB and performing its tasks in the public interest.

12. Personal data are stored for 5 years.

13. Data transfer:

Data are not transferred within the scope of responsibilities of the client service.

14. The purpose of data processing is recording phone calls between clients and the client service within the context of performing tasks related to the provision of information by the telephone client service—with a view to quality assurance and complaint handling.

Scope of processed data: the phone call between the client service and the client, the voice of the client.

15. Legal basis of data processing: the consent in Article 6(1)(a) of the GDPR.

16. Personal data are stored for 5 years.

17. Data transfer:

Based on inquiries of public authorities.

5. Operation of security cameras

18. The purpose of data processing and the scope of the processed data:

The purpose of data processing is ensuring the security level expected from MNB, an institution discharging prominent public functions, for performing its statutory tasks and protecting the property managed by MNB and the property of MNB itself, and ensuring an appropriate level of work safety. With a view to personal and property protection, another purpose is the detection of violations, catching perpetrators in the act, prevention of violations and providing evidence to promote potentially necessary measures or the effectiveness of investigations.

Scope of processed data: the image of the data subject.

19. Legal basis of data processing: in carrying out its statutory tasks, MNB processes data based on the legitimate interest in Article 6(1)(f) of the GDPR, because the secure performance of its tasks requires this data processing.

20. Term of data processing

3 days for the data recorded with surveillance cameras surveilling public spaces as well.

60 days for the data recorded with surveillance cameras not surveilling public spaces.

180 days for the data recorded with the surveillance cameras surveilling cash logistics processes in the cash logistics centre.

365 days for the data recorded with the surveillance cameras in the rooms for processing and managing the banknote and coin collection.

60 days in the cashier in Kiss Ernő Street.

365 days for the data recorded with the surveillance cameras in the research room.

If procedural action results from the use of the recordings, then the term of data processing will be extended as required.

21. Data transfer:

If an authority procedure is initiated, then data may be transferred to the competent authority.

6. Entrance into the building

22. The purpose of data processing and the scope of the processed data:

The purpose of data processing is to protect the facilities and site of MNB; prevent, avert the consequences of and facilitate the investigation of extraordinary events; detect violations, catching perpetrators in the act; and prevent violations and ensure property protection.

Scope of processed data: personal data of the entering individual, name, place and date of birth, home address, and personal ID number.

23. Legal basis of data processing:

In performing its statutory tasks, MNB processes data based on the legitimate interest in Article 6(1)(f) of the GDPR, because the secure performance of its tasks requires this data processing.

24. Term of data processing:

Data are erased after 24 hours if the event specified in the purpose does not occur.

25. Data transfer:

If an authority procedure is initiated or a public authority requests data, then data may be transferred to the competent authority.

7. Data processed in the authority procedures of MNB

26. The purpose of data processing and the scope of the processed data:

The purpose of data processing is to conduct the authorisation procedure, the control procedure, the consumer-protection control procedure, the market supervision procedure and the supervisory control falling within the scope of the obligation specified in Act CXXXIX of 2013 on the Magyar Nemzeti Bank (hereinafter: MNB Act).

Scope of processed data: data specified in the MNB Act and the sectoral acts, including but not limited to the identification data of individuals, citizenship, qualifications, position and data required for the establishment of good business reputation.

27. Legal basis of data processing:

the data processing is performed, based on Article 6(1)(e) of the GDPR, within the context of exercising the public powers vested in MNB and performing its tasks in the public interest

28. Term of data processing:

Data processed in relation to the legal relationships falling within the scope of the authorisation and registration obligation are processed for a maximum duration of five years after the termination of the legal relationship of the person concerned and falling within the scope of the authorisation and registration obligation. Data falling outside of the scope of the foregoing are processed for the period specified in the sectoral laws; if there is no such period, then for the period necessary for closing the procedure; archived data are processed for the archiving period agreed with the National Archives under the relevant laws. If a legal obligation is performed, MNB will review the lawfulness of the processing every three years.

29. Data transfer:

Data processed in public authority procedures may be transferred to other public authorities; such data are, without limitation, courts, law enforcement agencies, tax authorities and their foreign counterparts.

8. Data processed during MNB events

30. The purpose of data processing and the scope of the processed data:

The purpose of data processing is the registration required for the event, attendee identification and communication with the attendees.

Scope of processed data: personal data provided in the registration, including but not limited to the name, address, email address, phone number, position, invoicing data.

31. Legal basis of data processing:

Pursuant to Article 6(1)(a) of the GDPR, MNB performs the processing based on the clear consent the attendees provide in the registration process.

32. Term of data processing:

For the period specified in the detailed information material provided during registration. Data used for communication are processed for a maximum period of five years following the event.

33. Data transfer:

The MNB may forward the data to a third party on the basis of the relevant legislation concerning the fight against terrorism and, in case of international conferences, in line with the regulations of Act CXXV of 1995 on the National Security Services, as well as to the organisations in charge of admission to the events related to the conference.

9. Contact persons’ data, and data processed during communication activities

34. The purpose of data processing and the scope of the processed data:

The purpose of data processing is to maintain the business and communication relations of MNB, including the press, and to ensure continuous operation.

Scope of processed data: identification data necessary for communication, including but not limited to name, email address, phone number, position, organisation.

35. Legal basis of data processing:

In performing its statutory tasks, MNB processes data based on the legitimate interest in Article 6(1)(f) of the GDPR

36. Term of data processing:

Duration of the relationship and/or until the partner organisation provides new data. With a view to keeping data updated, MNB reviews the database of contact persons continually and erases obsolete data.

37. Data transfer:

None.

10. Inspection of suspected counterfeit banknotes

38. The purpose of data processing and the scope of the processed data:

The purpose of data processing is carrying out technical and other tasks, including but not limited to money-counterfeiting expert tasks, delegated to MNB by the law in relation to the protection of Hungarian and foreign legal tenders from counterfeiting. Use in criminal procedures launched in relation to means of payment found counterfeited in expert investigations.

Scope of processed data: first and last names, home address, ID card type and number of the individual providing or holding suspected counterfeit means of payment.

39. Legal basis of data processing:

MNB processes data pursuant to Article 6(1)(c) of the GDPR, with a view to performing its statutory obligation.

40. Term of data processing:

The MNB processes data until the closing of the criminal procedure at hand with the non-appealable and decisive court decision or the final and non-decisive court order and the non-challengeable decision of the prosecutor or the investigating authority terminating the procedure. If the investigation of the MNB founds that the means of payment is not counterfeit, then MNB erases the personal data it became aware of immediately after closing the money-counterfeiting expert’s investigation.

41. Data transfer:

In cases of money counterfeiting, MNB may transfer the data mentioned to the official bodies acting in the course of the criminal procedure.

11. Inquiries of the public concerning the cash in circulation and data regarding the authorisation of cash-processing activities.

42. The purpose of data processing and the scope of the processed data:

The purpose of data processing is data processed in relation to the inquiries of the public concerning the cash in circulation and submitted to MNB. It is typically about fulfilling requests (provision of positions) received from public authorities and concerning cash payments. Authorisation of cash-processing activities. Authorisation of money reproductions by individuals, client relations and issuance of official positions.

Scope of processed data: name and email address. Name and home address/notification address for inquiries received sent by post. For the authorisation of money-processing: Name, place and date of birth, mother’s name, home address. For client inquiries: personal data provided by the client.

43. Legal basis of data processing:

MNB processes data pursuant to Article 6(1)(c) of the GDPR, with a view to performing its statutory obligation.

44. Term of data processing:

For data related to positions and inquiries: a period of maximum 30 days. Data may not be scrapped in case of money-processing authorisations; the term of data processing is the period of maximum 5 years following the statute of limitations.

45. Data transfer:

No data are transferred within the scope of this kind of data processing.

12. Operation of the Financial Arbitration Board (hereinafter PBT)

46. The purpose of data processing and the scope of the processed data:

Performance of the tasks of the Financial Arbitration Board, as specified in the MNB Act, in which the PBT offers the consumers and the financial service providers supervised by the MNB a chance to settle their legal disputes in consumer financial matters.

Scope of processed data: identification data of the requester, provided in the request, including but not limited to the name, mother’s name, place and date of birth, home address, email address and data of his or her representative.

47. Legal basis of data processing:

MNB processes data pursuant to Article 6(1)(c) of the GDPR, with a view to performing its statutory obligation.

48. Term of data processing:

Having regard to the obligation laid down in Points (a) and (b) of Section 107 of the MNB Act, requiring the PBT to assess requests and to reject them if it is to be established that the parties have initiated procedures at the Financial Arbitration Board regarding the same right arising from the same factual grounds, the PBT will process the data in its system for the period of 50 years after the closing of the procedure.

49. Data transfer

None.

13. Data processed in MNB’s calls for applications and educational activities

50. The purpose of data processing and the scope of the processed data:

Application assessment and grant awarding in case of calls for applications of, and grants created by the MNB in accordance to its tasks.

Scope of processed data: MNB processes the personal identification data of applicants such as name, place and date of birth, home address and email address.

51. Legal basis of data processing:

In performing its statutory tasks, MNB processes data based on the consent of the data subjects according to Article 6(1)(a) of the GDPR.

52. Term of data processing:

MNB processes the data until application assessment in case of academic competitions, but until the closing of the subsequent financial year at the latest. It processes the data for five years after programme closing in case of grant programmes and other applications.

53. Data transfer:

As described in the programme notices, towards partner organisations and educational institutions.

14. Recording of phone calls received by MNB in the central system outside of the client service.

54. The purpose of data processing and the scope of the processed data:

Beyond phone calls with the client service, MNB records phone calls received outside of the central system for quality assurance and organisational purposes.

Scope of processed data: the phone call with the caller and the voice of the caller.

55. Legal basis of data processing:

In performing its statutory tasks, MNB processes data based on the legitimate interest in Article 6(1)(f) of the GDPR.

56. Term of data processing:

MNB processes the data of the central voice-recording device for a period of maximum 30 days.

57. Data transfer:

If an authority procedure is initiated or a public authority requests data, then data may be transferred to the competent authority.

15. Data processed concerning trainings and exams regulated by public authorities

58. The purpose of data processing and the scope of the processed data:

Performing the tasks of MNB in relation to its role as a public authority controlling trainings and examinations regulated by public authorities, conducting the application procedure for trainings and exams regulated by public authorities and the issuing and reissuing of public authority certificates for successful exams.

Scope of processed data: Name, name at birth, mother’s name, place and date of birth, home address, personal identification code, and (for examiners) registration number and the date of de-registration.

59. Legal basis of data processing:

In performing its statutory tasks, MNB processes data pursuant to the legal obligation in Article 6(1)(c) of the GDPR.

60. Term of data processing:

MNB erases the data from its database after 15 years following the involvement of the relevant persons in the trainings and examinations regulated by public authorities; the scope of these erased data do not include, however, the data necessary for maintaining the database of certificates on the passing of exams regulated by public authorities.

61. Data transfer:

No data are transferred in direct relation to the data processing.

16. Data processed in connection with agency contracts.

62. The purpose of data processing and the scope of the processed data:

Performing tax liabilities in case of agency contracts made with individuals without contracts of services.

Scope of processed data: the data subject’s name, mother’s name, place and date of birth, home address, tax identification number, social security number and bank account number.

63. Legal basis of data processing:

In performing its statutory tasks, MNB processes data pursuant to the legal obligation in Article 6(1)(c) of the GDPR.

64. Term of data processing:

Regarding the deduction of social security contributions: five years after the retirement of the data subject; in any other cases: 5 years.

65. Data transfer:

Performing statutory data-reporting obligations and, if an authority procedure is initiated or a public authority requests data, then data may be transferred to the competent authority.

RIGHTS RELATED TO DATA PROCESSING:

17. Right of information and right to access:

66. You may request written information from the MNB about the following, using the contact point listed as “Data Controller”:

  • what personal data of yours the MNB manages,
  • on what legal basis does the MNB manage your personal data,
  • for what reason does the MNB manage your personal data,
  • from which source the MNB acquired your personal data,
  • for what period does the MNB manage your personal data,
  • if the MNB still manages your personal data,
  • to whom, when, for what reason and to which personal data did the MNB grant access to or to whom did the MNB transfer your personal data.

67. Furthermore, you are entitled to a copy of your personal data stored at the MNB.

68. The MNB will fulfil your request in a maximum of 30 days in a reply letter sent to the contact details provided in your request. If you send your request to the MNB through an electronic channel, the MNB will also reply using electronic means if possible. Please indicate if you would like to receive the reply through a different channel.

18. Right to rectification:

69. You may request the MNB in writing using the contact point listed as “Data Controller” to modify or rectify your personal data (for example your name, email address if it changed). If you send your request to the MNB through an electronic channel the MNB will also reply using electronic means if possible. Please indicate if you would like to receive the reply through a different channel.

70. The MNB will fulfil the request in a maximum of 30 days without undue delay, and send a notification in a reply letter sent to the contact details provided in the request.

19. Right to erasure (“right to be forgotten”):

71. You may request the MNB in writing to delete your personal data, using the contact point listed as “Data Controller”.

72. The MNB will reject the request for erasure if it is required by legislation to store your personal data. If such requirements are not valid for your personal data, the MNB will fulfil the request in a maximum of 30 days without undue delay, and send a notification in a reply letter sent to the contact details provided in the request. If you send your request to the MNB through an electronic channel the MNB will also reply using electronic means if possible. Please indicate if you would like to receive the reply through a different channel.

20. Right to restrict the processing of personal data:

73. You may request the MNB in writing to restrict the processing of your personal data, using the contact point listed as “Data Controller”. If the processing of personal data is restricted, such personal data shall, with the exception of storage, only be processed by the MNB with the data subject's consent or for the establishment of legal claims or for reasons of important public interest.

74. A request to restrict the processing of data may be submitted if:

  • you think that your data are not correct or
  • you think that the MNB’s processing of your data was not legal but you do not wish to have your data erased or
  • you request the processing to establish or defend legal claims but the MNB does not need these data any more.

75. The MNB will fulfil the request in a maximum of 30 days without undue delay, and send a notification in a reply letter sent to the contact details provided in the request. If you send your request to MNB through an electronic channel the MNB will also reply using electronic means if possible. Please indicate if you would like to receive the reply through a different channel.

21. Right to withdraw consent:

76. You may notify the MNB in writing, during the period of processing, that you wish to withdraw your consent to the processing of your personal data, using the contact point listed as “Data Controller”. If consent is withdrawn the MNB’s processing of your personal data prior to withdrawal is deemed to be legal.

77. The MNB will delete the personal data upon receiving the withdrawal without undue delay, and send a notification in a reply letter sent to the contact details provided in the notification. If you send your request to the MNB through an electronic channel the MNB will also reply using electronic means if possible. Please indicate in your notification if you would like to receive the reply through a different channel.

22. Legal remedy:

78. If, in the affected person’s judgement, data management does not comply with the legal requirements, they have the option to initiate the proceedings of the MNB’s data protection officer, or they can bring the matter before court.

79. In addition, an investigation may be initiated by filing a report to the National Authority for Data Protection and Freedom of Information on the grounds that there was an infringement in practising the rights related to personal data management or there is imminent danger thereof.

Contact information to National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information
Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Pf. 5.
Telephone: 06-1-391-1400
Telefax: 06-1-391-1410
E-mail: ugyfelszolgalat@naih.hu

This website uses cookies to provide a more convenient browsing experience. By using this website, you accept the use of cookies. Please read our Cookie Guidelines, for more information on cookies, including information on how to disable or delete them.I accept

Please be informed that our Data Protection Guidelines were changed to be compliant with data protection laws.I understand