Last review date: December 2024

Yes.

The following are potential legal bases for processing personal data:

• the data subject has provided consent to the processing for the identified purposes
• the personal data is necessary to perform a contract with the data subject
• the personal data is necessary to comply with a legal obligation
• the personal data is necessary to protect the vital interests of a natural person
• the personal data is necessary for a public interest
• the personal data is necessary to fulfil a legitimate interest of the controller or third party (provided that the interest is not overridden by the data subject's privacy interests and the data subject has not made use of his/her right to object)

Last review date: December 2024

Yes.

The following are potential legal bases for processing special categories of personal data:

• the data subject has given consent to the processing, where consent is measured to a higher standard than for non-sensitive personal data (for example, additional requirement for consent to be "explicit")
• processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law
• processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent
• processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and further conditions
• processing relates to personal data which are manifestly made public by the data subject
• processing is necessary for the establishment, exercise or defense of legal claims
• processing is necessary for reasons of substantial public interest
• processing is necessary for the purposes of medicine, the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services
• processing is necessary for reasons of public interest in the area of public health
• processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
• other

On the basis of Article 9(4) of the GDPR, the Act XLVII of 1997 on Processing and Protection of Medical and Other Related Personal Data contains additional legal bases for the processing of personal data concerning health.

These include data processing:

• promoting the preservation, improvement and maintenance of health
• promoting the provision of effective medical treatment to the patient, including professional supervision
• monitoring the health of the data subject
• conducting measures necessary for public health and epidemiological purposes;
• enforcing patient rights
• for the specific purposes expressly permitted by Hungarian legislation (such as: the training of health care professionals, medical and epidemiological examination, analysis, planning, organization of health care, and planning of costs; statistical analysis; anonymization for impact assessment; scientific research; determination of social security and social benefits; law enforcement; administrative procedure; court proceedings; monitoring, measuring and evaluating the performance of the health system; pharmacovigilance; etc.), or
• with the written consent of the data subject

One of the above legal bases must be applied in addition to the legal bases listed in Article 9(2) of the GDPR.

Under the Information Act, the legal bases relative to Article 10 of the GDPR are supplemented by two further applicable legal bases. Under Section 2 (2) of the Information Act, in case the data processing falls within the scope of the GDPR, Section 5 (7) of the Information Act must also be applied, which provides that: "As regards the processing of personal data from the criminal records, the provisions on the processing of sensitive data shall apply unless an act, an international treaty or a binding legislation of the European Union provides otherwise." These additional legal bases are:

• the vital interests of the data subject or of another person, or
• the processing relates to data which are manifestly made public by the data subject

These legal bases may be applied in addition to the legal bases listed in Article 9(2) of the GDPR.

Last review date: December 2024

Yes.

A minor within the meaning of data privacy laws is a person below the age of 16.

Last review date: December 2024

In the context of information society services (e.g., a commercial website) only if processing is based on consent

Last review date: December 2024

• consent must be given or authorized by the parent/ guardian of the minor
• other
  • privacy information should be provided in plain clear language that minors can understand
  • data processors must - considering the available technology - make reasonable efforts to check that the consent given is in line with the law
  • when relying on the legal basis of legitimate interest, the interests or fundamental rights and freedoms of children must be taken into account with particular gravity
  • specific protection must be applied when using the personal data of children for the purposes of marketing or creating personality or user profiles and the collection of such personal data when using services offered directly to a child
  • the consent of the parent / guardian may not be necessary in the context of preventive or counselling services offered directly to a child
  • the child should be able to exercise the rights of the data subject, especially the "right to be forgotten" notwithstanding the fact that they are no longer a child
  • children cannot be subject to a decision, which may include a measure, evaluating personal aspects relating to them which is based solely on automated processing, and which produces legal effects concerning them or similarly significantly affects them