Data Processing Notice

in connection with the use of the Rankless data visualization project

Last updated 29 June 2026

Name of the data controller

  • Name: Corvinus University of Budapest (hereinafter referred to as CORVINUS or the University)
  • Responsible department: CIAS CCL
  • Address: 1093 Budapest, Fővám tér 8.
  • Website: uni-corvinus.hu
  • Data Protection Officer: dr. Molnár-Friedrich Szilvia
  • Email: adatvedelem@​uni-corvinus.hu

Legislation on which data processing is based

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation: GDPR);
  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.

Subject of data processing, data subjects

Through its own data visualization project, Rankless, CCL aims to allow users to edit their own profiles, using their ORCID identifiers for this purpose.

By clicking the “Register/Log In” button on the Rankless page, the user is redirected to the ORCID login interface.

After logging in to ORCID or creating a new account, the user is directed to a page that is still within the ORCID platform.

Here, the user can grant Rankless access to their ORCID ID; once access is granted, the user is redirected back to the Rankless site, where they can use the platform while logged in.

ORCID's privacy policy is available here.

This Privacy Policy sets out the relevant circumstances of the processing of data in the context of the above, in accordance with Article 13 of the GDPR.

Access to and data transfer

The data may be accessed by CORVINUS staff involved in the organisation and management of the project for the purposes and to the extent necessary for the performance of their tasks. The University will only disclose data to third parties on the basis of a legal authorisation or with the consent of the data subject.

Engaging a data processor

CORVINUS does not use a data processor for the processing of data in accordance with this Privacy Notice.

Data security measures

The University stores personal data on its servers. It does not use the services of other companies to store the data. The University will take appropriate measures to ensure that personal data is protected against, inter alia, unauthorised access, and to ensure the continued confidentiality, integrity, availability and resilience of the systems and services used to process personal data, and the ability to restore access to and availability of personal data in the event of a physical or technical incident and in a timely manner.

Rights relating to data processing

The data subject has the right to request information about the processing, the right to obtain rectification of data, the right to obtain blocking (restriction of processing) and the right to obtain the controller's access to his or her personal data and information relating to the processing of those data. The data subject shall have the right to request the deletion of his or her data where the conditions set out in Article 20 of the GDPR are met. The data subject may withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of the processing prior to its withdrawal. The data subject may object to the processing of his or her data and may request the erasure of his or her data, provided that the conditions set out in Article 17 of the GDPR are fulfilled. The data subject's rights are described in detail in Chapter III of the GDPR. The data subject may exercise his or her rights under this point by sending an e-mail to adatvedelem@​uni-corvinus.hu.

Legal enforcement in relation to data processing

In the event of unlawful processing, the data subject may lodge a complaint with the CORVINUS Data Protection Officer, the National Authority for Data Protection and Freedom of Information (NAIH) or a court.

E-mail address of the Data Protection Officer: adatvedelem@​uni-corvinus.hu

Contact details of NAIH:

  • Address: 1055 Budapest, Falk Miksa utca 9-11.
  • Postal address: 1363 Budapest, Pf. 9
  • Telephone: +36 (1) 391-1400
  • Fax: +36 (1) 391-1400
  • Email: ugyfelszolgalat@​naih.hu
  • Web: naih.hu

In the event of legal proceedings, the case will fall within the jurisdiction of the Metropolitan Court of Budapest. If you wish to bring a case before a court of law, you can do so before the court of law of the place of residence (the contact details of the courts of law are available at birosag.hu/torvenyszekek).

How Rankless handles your data in practice

The points below supplement the formal notice above with the specifics of how the Rankless service processes your data.

Signing in with ORCID

Logging in is optional, and only needed if you want to take ownership of a profile. We use ORCID's /authenticate scope — the minimum that confirms who you are. From ORCID we receive and store only your ORCID iD and name. We do not request or store your email, your ORCID password, or any other part of your ORCID record, and we keep no ORCID access or refresh tokens.

When you sign in, this information is used to:

  • keep you logged in, via a session cookie that holds your ORCID iD and name and expires after one day;
  • record that your ORCID iD has signed in, so we can link you to the profile you own;
  • attribute the corrections you make to your name on the public ledger described below.

The legal basis for this processing is performance of the service you ask for when you choose to sign in (GDPR Art. 6(1)(b)).

The public ledger

Edits you make to a profile — adding a missing paper, removing one that isn't yours, merging duplicates — are written to a public, revocable ledger alongside your ORCID iD. This is deliberate: corrections are transparent and attributable. You can revoke any edit at any time from your profile, which removes it from the active record.

The optional survey

We sometimes show a short, optional survey. If you choose to answer it, we store your responses; if you are signed in, your ORCID iD is stored with them so we can understand who our users are. We do not log your IP address. Answering or dismissing the survey sets a cookie so we don't ask again. The legal basis is our legitimate interest in improving Rankless (GDPR Art. 6(1)(f)).

Cookies

  • session — strictly necessary; keeps you logged in for one day. Set only after you sign in.
  • survey preference cookies — remember that you answered or dismissed the survey, so it isn't shown repeatedly.

We use no advertising, tracking, or analytics cookies, so there is nothing to consent to beyond these functional cookies.

Retention

  • The session cookie expires after one day.
  • Ledger edits are kept until you revoke them.
  • The record that your ORCID iD signed in, and any survey responses, are kept until you ask us to delete them, which you can request using the contact details above.