The Dharma Gate Buddhist College
Registered address: 1098 Budapest, Börzsöny Street 11, Hungary
Phone: (+36 1) 280 6712
E-mail: tankapu@tkbf.hu
Website: https://www.tkbf.hu/

Dr. Amrita Péterfi
Website: https://www.tkbf.hu/
E-mail: dpo@tkbf.hu

1) Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR)
2) Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Infotv.)
3) Act CCIV of 2011 on National Higher Education (Nftv.)
4) Government Decree 87/2015 (IV. 9.) on the Implementation of Certain Provisions of Act CCIV of 2011 on National Higher Education (Nftvhr.)
5) Act CCVI of 2011 on the Right to Freedom of Conscience and Religion and on the Legal Status of Churches, Denominations and Religious Communities
6) Act I of 2012 on the Labour Code (Mt.)
7) Data Protection and Data Management Policy of the Dharma Gate Buddhist College (AASZ, 27 February 2020)
8) Study and Examination Regulations of the Dharma Gate Buddhist College (TVSZ, 6 July 2017)

The general purpose of data processing is to support the religious higher education and research activities carried out at the Dharma Gate Buddhist College.

The Dharma Gate Buddhist College processes personal and special categories of personal data only to the extent necessary for:

• the lawful and effective operation of the institution;
• the exercise of students’ rights and the fulfilment of their obligations;
• the organisation of education and research;
• the exercise of employer’s rights and the fulfilment of the rights and obligations of teachers, researchers, and other employees;
• the maintenance of records required by law;
• the assessment, verification, and certification of eligibility for benefits provided by law or institutional regulations; and
• graduate career tracking.

V.1. Student Data Recorded under Statutory Obligation

(pursuant to Annex 3, Section I/B/1 (a–j) of Act CCIV of 2011 on National Higher Education)

Categories of data:
Data related to the student’s legal status, including: name, gender, birth name, mother’s name, place and date of birth, nationality, address, contact details (postal address, telephone number, e-mail), legal status of residence (for non-Hungarian citizens), student ID number, education ID, personal ID document number, photograph, social security number, academic records, examinations, credits, disciplinary and compensation matters, disabilities and related accommodations, accidents, scholarships and allowances, internship, final examination, thesis, diploma, diploma supplement, and other data required by law.

Data access:
Examiners; academic administration (Rector, Vice-Rector for Education, Director of Studies, Programme Directors, Study Officers, Educational Assistant, Study IT Specialist); and, in case of legal remedy, members of the Student Appeals Committee and the Secretary General.

Retention period: Eighty (80) years from the termination of the student’s legal relationship.

Data transfer:
Data may be transmitted to:
a) the maintainer (all data necessary for the exercise of maintainer’s rights);
b) courts, police, prosecutor’s office, bailiff, or administrative authorities for the resolution of specific cases;
c) the national security services for the performance of duties defined by law;
d) the Educational Authority (Oktatási Hivatal);
e) the organisation responsible for administering state scholarships.

V.2. Data Processed for Online Study and Examination Activities

Purpose: To conduct academic and examination activities online.

Categories of data:
a) Data managed by the Neptun Study System as listed in Section V.1.
b) Data processed by the Moodle e-Learning Platform / LMS: identification, login and logout data, submitted assignments and documents, grades and feedback.
c) Data processed by Google Meet: identification, login and logout data, audio and video streams from the user’s device during participation.
d) Data processed by Zoom: identification, login and logout data, audio and video streams from the user’s device during participation.

Data access:
a) Persons listed in Section V.1 regarding Neptun data;
b) the instructor(s) assessing online requirements;
c) course participants and instructor(s) for recorded sessions;
d) academic administration for technical support.

Retention period:
a) Exam evaluations and records in Neptun are kept for eighty (80) years after the end of the student’s legal relationship.
b) Session recordings are stored in Moodle with course materials only with the consent of participants; those not consenting will not appear in the recording.
c) No recordings are made of oral examinations.

Data transfer: As defined in Section V.1.

V.3. Employee Data

Purpose: To establish, maintain, and terminate employment or contractual relationships; to manage records related to employment, benefits, and obligations; and to fulfil reporting, declaration, and data provision requirements prescribed by law.

Categories of data:
Personal information necessary for employment (name, gender, date and place of birth, citizenship, address, tax and social security identifiers, education, qualifications, employment details, salary, benefits, disciplinary and liability records, teaching and research activities, awards, titles, and other employment-related data).

Data access: Rector, Director of Finance, legal representative of the maintainer; Secretary General (legal matters); Director of Studies and Study IT Specialist (academic system entries); accounting staff (payroll and tax declaration).

Retention period: Five (5) years after termination of employment, except for documents required to be kept for pension purposes.

Data transfer: Data may be transmitted to the maintainer, social insurance and payroll authorities, Hungarian Accreditation Committee (MAB), and other entities entitled by law to verify institutional operation or employment compliance.

V.4. Security Camera System

Purpose: For crime prevention and property protection, data are processed according to the Camera Surveillance Regulation (Annex 4 of the Data Protection Policy).

Categories of data: Image recordings stored for the period specified below; in the case of viewing requests, the requester’s name and description of the incident.

Data access: Chief Building Supervisor, and for IT maintenance, the Director of Studies and the Study IT Specialist.

Retention period: Recordings are stored for three (3) working days and then automatically deleted, unless a legitimate interest (e.g. ongoing legal proceedings) is demonstrated. If no official request is received within 30 days, the recording must be deleted.

Data transfer: To courts, police, prosecutor’s office, bailiff, administrative authorities, and national security services as required by law.

V.5. Job Applications

Purpose: Recruitment and selection of new employees, including managers and senior officials.

Categories of data: Personal data provided by the applicant in their CV and attachments, typically including identification data, contact details, education, employment history, photo (if provided), and signature.

Data access: President and members of the College Council and Senate, legal representative of the maintainer, and the head or authorised representative of the relevant organisational unit; Secretary General; HR officers of the Rector’s Office and the maintainer’s Secretariat.

Source and method: Data are obtained directly from the applicant upon submission of their application and consent form, and are processed both electronically and on paper.

Retention period: Personal data of unsuccessful applicants are kept until withdrawal of consent or the closure of the selection process, then deleted or returned without copies. Successful applicants’ data become part of their personnel file and are thereafter managed under Section V.3 – Employee Data.

Data transfer: To the maintainer and to the appointing authority as required by the Act on National Higher Education.

The legal basis for data processing in the data categories defined under Sections V.1 and V.3 is the fulfilment of a legal obligation incumbent upon the Data Controller, and the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, pursuant to Article 6(1)(c) and (e) of the GDPR, and Section 5(1)(c) and (e) of the Infotv.

For the data categories defined under Sections V.2 and V.5, the legal basis is the data subject’s voluntary consent, in accordance with Article 6(1)(a) of the GDPR and Section 5(1)(a) of the Infotv. This consent is provided voluntarily by the student fulfilling their study and examination requirements, or by the applicant participating in a recruitment process, after becoming acquainted with the present Privacy Policy published on the College’s website. Consent is considered given when the student joins the online oral examination platform using the link provided via the Neptun system.

The legal basis for data processing by the security camera system is the legitimate interest of the Data Controller, pursuant to Article 6(1)(f) of the GDPR. By entering the premises of the Dharma Gate Buddhist College, individuals acknowledge the existence of video surveillance and consent to the recording of their image for the purposes described in Section V.4.

In accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Infotv.), you have the following rights concerning the processing of your personal data by the Dharma Gate Buddhist College:

1) Right to Request Information (Right of Access)
You have the right to obtain written information from the College (via the contact details provided in Section I) regarding:

• which personal data are being processed,
• on what legal basis and for what purpose,
• from what source and for how long,
• and to whom, when, under what legal provision, and which personal data have been disclosed.

The College will respond to your written request within one month, sending the information to the contact address you have provided.

2) Right to Rectification
You may request in writing that the College correct or complete your personal data if they are inaccurate, outdated, or incomplete (e.g., change of address or e-mail).
The College will fulfil your request within one month and confirm the correction in writing.

3) Right to Erasure (“Right to be Forgotten”)
You may request in writing that the College delete your personal data if:

• they are no longer necessary for the purposes for which they were collected or otherwise processed;
• you withdraw your consent and no other legal basis exists;
• you object to the processing and there are no overriding legitimate grounds;
• your personal data have been processed unlawfully;
• deletion is required by an EU or Hungarian legal obligation; or
• the data were processed in connection with the offering of information society services.

The College will fulfil your request within one month and confirm it in writing.

However, this right is not absolute and may not be exercised where processing is necessary:

• for exercising the right to freedom of expression and information;
• for compliance with a legal obligation or for performing a task carried out in the public interest or under official authority;
• for archiving, scientific or historical research, or statistical purposes, where erasure would seriously impair or make impossible such processing;
• or for the establishment, exercise, or defence of legal claims.

4) Right to Restriction of Processing (Blocking of Data)
You may request in writing that the College restrict the processing of your personal data (by marking them clearly and separating them from other data) if:

• you contest the accuracy of the personal data (restriction applies for the period required to verify accuracy);
• the processing is unlawful but you oppose erasure and request restriction instead;
• the College no longer needs the data for processing purposes, but you require them for legal claims;
• you object to processing pending verification whether the legitimate grounds of the College override your own.

Restriction remains in place only for as long as the reason for it persists.

5) Right to Data Portability
You have the right to receive the personal data you have provided to the College in a structured, commonly used, and machine-readable format, and to transmit those data to another controller of your choice.

6) Right to Object
You may object in writing (via the contact details provided in Section I) to the processing of your personal data on grounds relating to your particular situation.
In such a case, the College shall no longer process your personal data unless it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms.

In accordance with Article 28 of the GDPR, the Dharma Gate Buddhist College engages the following data processors to ensure the secure and lawful operation of its educational, administrative, and IT systems. Each data processor acts exclusively under the College’s documented instructions and in full compliance with data protection regulations.

VIII.1. Data Processor I – NEPTUN System Service Provider

1. Activity: Provision and maintenance of the NEPTUN Unified Higher Education Study System
2. Processor: SDA Informatika Zrt., 2030 Érd, Retyezáti utca 46.
3. Processed data: All personal data stored in the NEPTUN system
4. Data subjects: All individuals whose data are entered into the system
5. Purpose: Proper operation and maintenance of the NEPTUN system
6. Retention period: Until the termination of the Product Support Agreement concluded between the College (Data Controller) and the Processor, or until a deletion request by the Controller, in accordance with GDPR Article 28 and Section 10(4) of the Infotv.
7. Legal basis: Compliance with a legal obligation incumbent upon the Controller

VIII.2. Data Processor II – Accounting Services

1. Activity: Accounting and financial management services
2. Processor: NSE-Audit Kft., 2536 Nyergesújfalu, Munkás utca 5. Ground floor 3.
3. Processed data: All personal data necessary for accounting purposes
4. Data subjects: All relevant individuals
5. Purpose: Lawful and proper operation of accounting activities
6. Retention period: Until the termination of the service agreement between the College and the Processor, or until a deletion request by the Controller
7. Legal basis: Compliance with a legal obligation incumbent upon the Controller

VIII.3. Web Hosting Service Provider

1. Activity: Web hosting services
2. Processor: Servergarden Kft., 1023 Budapest, Lajos utca 28–32.
3. Processed data: All personal data provided by the data subject via the College’s online platforms
4. Data subjects: All users of the College’s web services
5. Purpose: Hosting and proper operation of the College website and related services (including Moodle)
6. Retention period: Until the termination of the hosting agreement between the College and the service provider, or upon the data subject’s deletion request submitted to the provider
7. Legal basis: Consent of the data subject — Infotv. Section 5(1)(a), GDPR Article 6(1)(a)

VIII.4. System Operator

1. Activity: IT system development and operation
2. Processor: Core Systems Informatikai Kft., 4025 Debrecen, Simonffy utca 4–6. I. floor, room 125.
3. Processed data: All personal data provided by the data subject and stored in the system
4. Data subjects: All system users
5. Purpose: Operation and development of the College’s IT infrastructure
6. Retention period: Until the termination of the agreement between the Controller and the Processor, or upon the data subject’s deletion request submitted to the provider
7. Legal basis: Consent of the data subject — Infotv. Section 5(1)(a), GDPR Article 6(1)(a)

VIII.5. Google Meet

1. Activity: Audiovisual communication service based on Google Cloud (Service Information)
2. Processor: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA
3. Processed data: All personal data provided by the participant (identification, audio, video)
4. Data subjects: All participants in online oral examinations or meetings
5. Purpose: Conducting online oral examinations and classes
6. Retention period: The College does not record sessions in Google Meet
7. Legal basis: Consent of the data subject — Infotv. Section 5(1)(a), GDPR Article 6(1)(a)

VIII.6. Zoom

1. Activity: Videoconferencing service with real-time messaging and content sharing (Privacy Policy)
2. Processor: Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, California 95113, USA
3. Processed data: All personal data provided by the participant (identification, audio, video)
4. Data subjects: All participants in online classes and examinations
5. Purpose: Conducting online academic and examination activities
6. Retention period: Recordings are made only with participants’ consent and are stored in Moodle together with course materials
7. Legal basis: Consent of the data subject — Infotv. Section 5(1)(a), GDPR Article 6(1)(a)

When you visit the Dharma Gate Buddhist College website (https://www.tkbf.hu), certain personal data (i.e. information that can be linked to you) are also transmitted to us.

Your personal data may come under our control in two ways:

1. Automatically generated technical data are created in our computer system in connection with maintaining the internet connection, such as information about your device, browser, IP address, and the pages you visit (known as cookies).
2. Data you provide voluntarily, such as your name, contact information, or other details, if you choose to get in touch with us through the website.

Our website has been designed to comply with all content and formatting requirements applicable to higher education institutions. In developing it, we have taken care to ensure that your personal data are processed only to the extent necessary for the operation of the website’s services, in accordance with your consent and with full respect for applicable legal requirements.

The College uses the servers of its Web Hosting Service Provider for website operation. The data generated in connection with your visit are not disclosed to third parties, except for automatically generated technical data necessary for website traffic statistics, which are handled by the service provider maintaining the web server.

IX.1. Use of Google Analytics

The website uses Google Analytics, a web analytics service provided by Google Inc., to measure and analyse traffic statistics.
Google Analytics uses so-called cookies, text files stored on your device, to help analyse how users interact with the website. The information generated by the cookie about your use of the website is usually transmitted to and stored on a Google server in the United States.

With IP anonymization enabled on this site, Google shortens users’ IP addresses within the member states of the European Union or other states party to the European Economic Area Agreement before transmission. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and shortened there.

On behalf of the website operator, Google uses this information to evaluate website activity, compile reports, and provide additional services related to website and internet usage. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data.

You can prevent the storage of cookies by adjusting your browser settings, though this may limit some website functions. You can also prevent Google from collecting and processing data generated by cookies related to your website use (including your IP address) by downloading and installing the Google Analytics Opt-out Browser Add-on, available here:
👉 https://tools.google.com/dlpage/gaoptout?hl=en

To exercise your rights related to the processing of your personal data, you may contact the Data Protection Officer of the Dharma Gate Buddhist College either verbally or in writing at the contact details provided in Section II.

Data Protection Officer:
Dr. Amrita Péterfi
E-mail: dpo@tkbf.hu
Website: https://www.tkbf.hu

If you believe that the processing of your personal data by the College violates the applicable data protection laws, you may file a complaint with the National Authority for Data Protection and Freedom of Information (NAIH):

National Authority for Data Protection and Freedom of Information (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9–11.
Postal address: 1363 Budapest, Pf. 9.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: https://www.naih.hu