Privacy policy

1. Who can you contact if you have questions?

1.1. OpenBioMaps ( and the com.openbiomapsmobile Google Play application) as a data controller OpenBioMaps Consortium (hereinafter: data controller)

1.2. Data controller address
4032 Debrecen Egyetem tér 1.

(See the data management information for other OpenBioMaps servers in the privacy information for their server.)

1.3. Electronic contact of the data controller

2. Purpose of data management - What data do we request and what do we use it for?

2.1. Definition of data management

Data management is based on the voluntary, informed and express consent of the users in the case of users registered on the websites of the OpenBioMaps servers (hereinafter: registered user) during registration in the databases, data upload, commenting and data modification.

In matters not specified in these regulations, the 2011 CXII. Act on the Right to Information Self-Determination and Freedom of Information (hereinafter Infotv.) is applicable.

2.2. interpretative provisions:

  • server: Servers operated by OpenBioMaps Consortium member organizations.

  • project operator: The founder of the database project and the natural persons designated by him. The names and contact details of the database project operators are publicly available on the summary sheet of each project.

  • user: Registered users (natural or legal persons) who accept the terms of use and use OpenBioMaps services by logging in with a real email address as a user ID and have been invited by another registered user to use one of the database projects.

  • visitor: Un logged in users using OpenBioMaps web services.

  • contact information provided during registration: name and email address.

  • additional (optional) contact information: job name, job address, public web IDs such as ResearchGate, OrcID links.

  • profile menu: personal data management interface.

  • logfile: Automatic log files for the webserver that serves OpenBioMaps web pages, which store the source, device, and link to web requests. The log files are automatically archived for 1 year.

  • biotic data: Nature conservation, biological research, biological education data. Observational data of typically living organism occurrences.

3. Legal basis for data management

2011 CXII. Under Section 5 (1) (a) of the Act on the Right to Information Self-Determination and Freedom of Information (hereinafter the Information Act), the voluntary consent of the person concerned.

4. Scope of managed data

  • The data provided by the user during registration is the user's name and e-mail address (the user's name is known to other users, the e-mail address is only visible to the project operators).

  • At the time of registration, the date of registration and the internal numeric ID of the inviting person is automatically recorded. This data can only be seen by project operators.

  • At the user's discretion, the data entered in the own profile menu is the name of the workplace, the address of the workplace and external web links (eg ResearchGate, OrcID) (this information can only be known by others logged in users).

  • Visits to OpenBioMaps projects (database projects running on OpenBioMaps servers) record the IP address of the visitor's computer, the start time of the visit, and, in some cases, the type of browser and operating system, depending on the user's computer settings. This information is automatically logged in the log file.

  • The data controller does not manage the data related to the data provider, data collector or data owner contained in the data uploaded by the users.

  • When using the mobile application (com.openbiomapsmobile), you can collect location data, which together with the collected monitoring data is stored as 'biotic' data when uploaded. Location data can also be background-recorded location data that stores the user's movement path when using the application.

    In the mobile application we use Sentry ( to collect network connection information for debugging purposes. We use the collected data only for inspect network states of online operations of the application. We do not share, do not archive, and do not connect with any other personal information this data.

5. Purpose of data management

  • In the case of mandatory data provided by a registered user, the purpose of data management is to identify the user's authorization (biotic data upload, biotic data modification and biotic data access) and to assess the quality of user activity by other users. The data may be used by the operator to prompt the user to remove the uploaded infringing content in the event of infringing content.

  • Creating an internal internet community, identifying or distinguishing users in the case of data provided voluntarily at the user's discretion.

  • In the case of data that is automatically recorded in the log file during the use of OpenBioMaps projects, the data is stored and used exclusively for technical purposes (analysis of the secure operation of servers, post-verification) by the server operators. The data sets obtained in this way are not linked by the operator to personally identifiable information from other sources and are not passed on to others. Automatically logged data is only accessible to server operators (not database project operators).

  • The anonymous visitor is not identified. The logged IP addresses alone are not capable of identifying the visitor in any way, they are only capable of recognizing the visitor's machine. The data controller shall not link such non-personal anonymous identifiers as mentioned above in any way to other personal data concerning the anonymous visitor.

  • Location data recorded with a mobile application are mandatory elements used in the use of certain data collection forms to record the locality of biotic data. Location data recorded as a background process represents the user's fieldwork path, which is required for some forms. Field travel routes are stand-alone biotic data or part of the recorded biotic data, depending on its type. Their storage and handling are subject to the rules for the handling of biotic data. Crawl path data is not public information by default and can only be accessed by project operators, but this may vary from project to project.

  • The data controller does not use personal data for purposes other than those indicated and does not transfer personal data to third parties. This does not apply to any legally required data transfers.

  • When visiting database projects, the server sends one or more cookies, ie a small file containing a string, to the visitor's / user's computer, which will make its browser uniquely identifiable. These Cookies are sent to the visitor's / user's computer only when certain functions are used, so we only store the fact and time of the use of the given function, not any other information.

  • The cookies are used to speed up the re-use of certain functions and the operation of the password-protected session. The storage period of cookies varies, up to 1 year.

6. Duration of data management

  • For user-required data: as long as there is user-uploaded content in the OpenBioMaps databases.

  • At the user's discretion, for data provided in the contact and related data generated during use: as long as the user is a member of the OpenBioMaps community.

  • For data recorded in a log file when using OpenBioMaps portals: the data is stored for a maximum of 1 year from the date of the visit.

7. Modification and deletion of personal data

By entering the user's password, you can change or delete the name and e-mail address provided during registration and the contact information in the OpenBioMaps user database at any time. If there is data uploaded by him or biotic data referring to his name in the OpenBioMaps databases, then in those data fields the user does not change automatically.

The user can request deletion of his user account from the database project operator at any time. Deleting a user account deletes contact information from the OpenBioMaps user database. If there is data uploaded by him or biotic data referring to his name in the OpenBioMaps databases, the user name will not be deleted automatically from those data fields, although the user has the option to modify the data sets for his data, the operator cannot guarantee that the modified data will not be shared by other users or restored.

8. Data security measures

The data controller stores personal data on the OpenBioMaps encrypted private network on interconnected servers operated by the members of the OpenBioMaps Consortium at their sites. The management of the servers is governed by the consortium members' server maintenance regulations. Only administrators designated by the Consortium have password access.

Names of servers managed by the OpenBioMaps Consortium and their operators:

    Server operator: University of Debrecen
    Contact: H-4032 Debrecen, Egyetem tér 1., e-mail address:

    Server operator: Duna-Ipoly Nemzeti Park Igazgatóság
    Contact: Duna-Ipoly Nemzeti Park Igazgatóság, H-1121 Budapest, Költő u. 21., e-mail address:

    Server operator: Milvus Group Association
    Contact: str. Crinului nr. 22, 540343 Tîrgu Mureş (Romania), e-mail address:


    Server operator: Eötvös Loránd University
    Contact: H-1053 Budapest, Egyetem tér 1-3., e-mail address:

9. Possibility to amend the data management policy

The data controller reserves the right to unilaterally amend these data management regulations with prior notice to users. The user accepts the amended data management policy with the first login after the change takes effect.

10. Users' rights regarding the handling of their personal data

  1. Users may request information about the handling of their personal information. Upon request, the data controller shall provide the data subject with information on the data processed by him or her, their source, purpose, legal basis, duration, name, address (registered office) and activities related to data processing, as well as who and for what purpose received or received the data. data. The request for information must be sent by e-mail to, to which the person concerned will receive a reply within 8 working days.

  2. Users can request that their data be deleted, locked, or corrected. You can also delete the user's data as described in section 10. Modifying and deleting personal data.

  3. The user may object to the processing of his personal data. Your application should be sent to

the duration of the data processing as defined under.

11. Enforcement Options

The user's enforcement options can be found in the Infotv. Act and the Civil Code. before the General Court of Debrecen and request the assistance of the National Data Protection and Freedom of Information Authority. If you have any further questions or comments, please contact the operator at

National Data Protection and Freedom of Information Authority
postal address: 1530 Budapest, Pf.: 5.,

address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c,


Commissioner for Fundamental Rights

Alapvető Jogok Biztosának Hivatala
1387 Budapest Pf. 40.
phone: (06-1-) 475-7129 fax: (06-1-) 269-1615

Debreceni Törvényszék

postal address: 4001 Pf. 131.

address: 4025 Debrecen, Széchenyi u. 9.

central telephone number: +36-52/526-710


Last update: 2022.01.24.