Privacy policy

Protecting Your Privacy

The SHIFT Consortium strongly values our own privacy – and therefore are committed to protect your personal data (i.e. information that identifies you) as though it is our own. One of your rights under applicable law, particularly Regulation [EU] 2016/679, or as it is otherwise known, the GDPR –  is that you must be informed when your personal data – also known as personal information – is processed (collected, used, stored) by any organisation. You also have the right to know the details and purpose of that processing.

  • This privacy policy describes our practices relating to the personal data of visitors of and make use of our online facilities. For all our services, the data controller — the company that’s responsible for your privacy — is the Hungarian National Museum (MNM).
  • If you have any questions about how we protect your privacy, get in touch here:

We assure you that we will only use and disclose any personal data collected from you in accordance with the manner set out in this policy.

Information we collect

Most of the personal information which we may collect about you through this website is given to us only if you chooseto give it to us. Such personal information may be requested from you when you fill in a field (e.g. sign up for our newsletter or fill in any other form with your questions and comments). If you send us emails, then the personal data we process will depend on what you send us in the email.

The information we collect from you normally includes the following:

  1. Name and Surname
  2. Name of your workplace
  3. Contact details: Email address

We share data with the SHIFT Consortium for collaborative research and dissemination purposes. This includes, but is not limited to, sharing your name, workplace, and contact details. Rest assured, any sharing is done in accordance with our privacy policy, and the data is used solely for the intended research and dissemination efforts outlined in our agreements.

Google Analytics data will be used for website improvement and analytics, ensuring alignment with the policy’s existing purposes.

Check out the next sections to understand how and why we use this information.

Some other information is given to us because you accessed this website (e.g. logs, recorded through cookies). This is explained in our Cookies Policy.

How & Why we use your information

We use your information in a number of different ways — what we do with it then depends on the information and the purpose for which we collected. The question below set this out in detail, showing what we do, and why we do it.

  1. Your name and your contact details

How we use your  Name + surname  + workplace + contact details (email address)?

  • To send you information by email about the SHIFT project and reply to any queries or concerns


  • To keep you up to date. We only send this with your permission – and you can ask us to stop.
  1. Information about your device (phone or laptop) with which how used our website

How we use information about your phone or laptop, and how you use our website and app?

Information you give us when you browse our site or use our app, including your IP address and device type and, if you choose to share it with us, your location data, as well as how you use our website and app. We use this data to improve our website and set default options for you (such as language and currency) and to Protect our website.


To give you the best browsing experience

To prevent and detect fraud against either you or us — and to meet our legal obligations about looking after your data

  • You don’t have to give us any of this personal information but if you don’t, you may not be able to use our site or all of the services we offer on the site, and you are unlikely to receive an optimal customer experience.
  • We also anonymise and aggregate personal information (so that it does not identify you) and use it for purposes including testing our IT systems, research, data analysis, improving our site and app, and developing new products and services. We also share this anonymised information with third parties – but don’t worry, they cannot identify you.


The Legal Basis for Processing

For some of the uses of your personal data (as described above) there is a legal basis under applicable data protection laws for us to use such personal data without having obtained your consent.

This includes, for example, where it is necessary for us to use the information to perform a contract with you or take steps at your request prior to entering into a contract with you, provide customer-care and support services to you.

It also includes circumstances (such as we have described below) where we have a legitimate interest to use your data, provided that proper care is taken in relation to your rights and interests:

  1. to ensure that you know about any changes to the website or the terms of this Privacy Policy.
  2. to ensure that we organise our databases efficiently and understand how our clients may make purchases;
  3. to carry out research and analysis of your data (including purchase information) as this helps us understand our clients better, who they are and how they interact with us;
  4. to improve and ensure the security of the website (for example, for statistical, testing and analytical purposes, troubleshooting).


Retention Periods

  • We will hold on to your information for no longer than is necessary keeping in mind the purpose/s (or compatible purposes) for which we first collected the data.
  • We may also keep hold of some of your information if it becomes necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
  • As a guide:
    • we will keep personal data until such time as you ask us to stop communications with you, unless we need to keep the data for longer;
    • we may keep certain categories of personal data for longer in order to meet any legal or regulatory requirements, or to resolve a legal dispute;
    • and, we may keep different types of personal data for different lengths of time if required by law.
  • You may obtain more information as to the retention periods or the criteria used by us to determine the retention periods by contacting us here


Children Under 18

If you are aged 18 or under, please get your parent/guardian’s permission before you provide any personal information to us.

We will need to process personal data relating to parents or guardians in that case – and we may also need to request for verification documentation to ensure that consent is given or authorised by the holder of parental responsibility.

Sharing your information

We do not, and will not, sell any of your personal data to any third party – including your name, address, email address or credit card information. It is not our business to do so – and we want to earn your trust and confidence. However, we share your data the rest of the members of the SHIFT Consortium.

  • In most circumstances we will not disclose personal data without consent. However there may be occasions where we might have to – e.g. with a court order, to comply with legal requirements and satisfy a legal request, for the proper administration of justice, to protect your vital interests, to fulfil your requests, to safeguard the integrity of the relevant websites operated by us or by such related entities or subsidiaries, or in the event of a corporate sale, merger, reorganisation, dissolution or similar event involving us and/or our subsidiaries and related entities.
  • When we do share data, we do so on an understanding with the other entities that the data is to be used only for the purposes for which we originally intended – again, we don’t want you to have any surprises.
  • We may also provide third parties with aggregated but anonymised information and analytics about our customers and, before we do so, we will make sure that it does not identify you. Anonymous information means it is anonymous.
  • If we ever have to share data with other entities that are outside of the EEA, we will be sure to do so in a manner that complies with the requirements established by the GDPR.


Your rights

You enjoy several rights relating to your personal information:

  1. The right to be informed about how your personal information is being used;
    We need to be clear with you about how we process your personal data. We do this through this Privacy Policy, which we will keep as up to date as possible.
  2. The right to access the personal information we hold about you;
    You can access the personal data we hold on you by contacting us
    To process your request, we will ask you to send us proof of identity so that we can be sure we are releasing your personal data to the right person.
    We will carry out our best efforts to process your request within one month or, if the request is particularly complex, two months. We can provide you with a copy of your personal data in electronic format.
    If we consider the frequency of your requests as being unreasonable, we may refuse to comply with your request. In those circumstances, if you disagree, you can complain to the data protection authority.
  3. The right to request the correction of inaccurate personal information we hold about you;
    We appreciate feedback from you to ensure our records are accurate and up-to-date.
    If you think that the information we hold about you is inaccurate or incomplete please ask us to correct it by contacting us at
  4. The right to request that we delete your data, or stop processing it or collecting it;
    You can ask us to delete your personal data; however, this is not an absolute right.
    In spite of a request for erasure, we may be justified to keep personal data which we need to keep, e.g. (i) to comply with a legal obligation (for instance, we are required by personal data for VAT reporting purposes); and (ii) in relation to the exercise or defence of any legal claims.
    When you ask us to delete your personal data, we assume that you do not want to hear from us again. To ensure that we do not send you any special offers in the future (for example, if we purchased your details from a third party list), we will retain just enough of your personal data solely for suppression purposes.
    Other than as described above, we will always comply with your request and do so promptly. We would carry out our best efforts to notify any third parties with whom we have shared your personal data about your request so that they could also comply.
  5. The right to stop direct marketing messages;
  6. The right to object to certain processing based on legitimate interest;
    You have a right to object to our use of your personal information including where we use it for our legitimate interests or where we use your personal information to carry out profiling using automated means.
  7. The right to request human intervention if automated processing without human intervention is used to make decisions having legal or similar effects on you;
  8. The right to withdraw consent for other consent-based processing at any time;
  9. The right to request that we transfer or port elements of your data either to you or another service provider;
    You have the right to move, copy or transfer your personal data from one organisation to another. If you do wish to transfer your personal data we would be happy to help.
    If you ask for a data transfer, we will give you a copy of your personal data in a structured, commonly used and machine-readable form (e.g. a CSV file format). We can provide the personal data to you directly or, if you request, to another organisation.
    Please note that we are not required to adopt processing systems that are compatible with another organisation, so it may be that the recipient organisation cannot automatically use the personal data we provide.
    When making a transfer request, it would be helpful if you can identify exactly what personal data you wish us to transfer.
  10. The right to complain to your data protection regulator
    If you want to exercise your rights, have a complaint, or just have questions, please contact us at
    Please appreciate that the rights must be exercised within some limitation – for example, if you ask us for information we can only give you what relates to you and not what relates to other persons. When we receive requests, we may also request that you identify yourself and provide documentation or information for verification (we would not want to disclose information to the wrong person). Unreasonable requests may be subjected to a reasonable fee or refusal to respond.

Security of your Personal Data

Security of your personal data is very important to us.

Where it’s appropriate, our website uses HTTPS to help keep information about you secure. However, no data transmission over the internet can be guaranteed to be totally secure.

You may complete a registration process when you sign up to use parts of the websites. This may include the creation of a username, password and/or other identification information. Any such details should be kept confidential by you and should not be disclosed to or shared with anyone.

Where you do disclose any of these details, you are solely responsible for all activities undertaken where they are used.

Whenever you create a password, then to protect your account you should choose a strong password, meaning it should be lengthy and include a mixture of letters and numbers with mix of CAPS.

We do our best to keep the information you disclose to us secure. However, we can’t guarantee or warrant the security of any information which you send to us.

Security measures which have implemented to secure information transmitted over our website or stored on our systems include the following:

  • SSL protected connection / signed certificate
  • malicious IP blocking technology for administrative systems
  • secure Linux-based hosting
  • daily back-up system

Please understand, however, that no system is perfect or can guarantee that unauthorised access or theft will not occur. 

Changes to how we protect your privacy

Our website is continually under review – new functions and features are periodically added and improved to interface, thus changes to our privacy policy may be required from time to time.

We therefore encourage you to check our privacy policy for updates regularly. Any significant changes will be communicated through e-mail or through prominent notices on our website. Your continued use of our services implies acceptance of the updated privacy policy.

How to contact us

We are always happy to hear from you, whether to make a suggestion but especially if you feel we can do better.

If you have any questions about the Website Privacy Policy, or if you wish to exercise the above rights or make a complaint about how we have handled your personal information while using the website, please contact us at:

We have appointed a Data Protection Officer (Martin Zamorano) in charge of Website Privacy Issues within the lifespan of the SHIFT project who may be contacted here:


Cookies Policy for SHIFT

Does SHIFT use cookies?

Yes. As described in the WHY section of our Privacy Policy, we use cookies to ensure everyone who uses SHIFT has the best possible user experience.

Understanding Cookies

As is common practice with almost all professional websites, this website uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This page describes what information they collect, how we use it and why these cookies are stored. We will also explain how you can prevent these cookies from being stored. You should also know that doing this may lower the functionality of certain elements of the website. Unfortunately, in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this website. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case, they are used to provide a service that you use.

The Cookies We Use

We use session cookies to remember your access permissions when you access different pages. A persistent cookie enables SHIFT web to recognize you as an existing user, so it is easier to return to the web without signing in again. These cookies are typically removed or cleared when you log out to ensure that you can only access restricted features and areas when logged in. These cookies do not collect personal data. However, do bear in mind that SHIFT App Server does ask for some data. Please visit our privacy policy above for more information in this regard. There is no advertising, tracking cookies, or third parties.

Google Analytics will be used to gather statistical data on website usage, such as page views and user interactions.

What are cookies used for?

Our website stores cookies in the browser so that people do not need to login again and again every time they need to access restricted features and areas of the webpage.


More Information

We hope this has clarified things for you. As previously mentioned, if there is something that you are not sure it is usually safer to leave cookies enabled in case, they interact with one of the features you use on our website.

If you are still looking for more information, then feel free to contact us at

Skip to content