Blog
Blog » CAN YOU REQUEST ‘COVID-19 VACCINATED’ CERTIFICATION FROM YOUR EMPLOYEE IN HUNGARY?
CAN YOU REQUEST ‘COVID-19 VACCINATED’ CERTIFICATION FROM YOUR EMPLOYEE IN HUNGARY?
14 April 2021
In the recent weeks, a number of questions have been arisen whether the employer may know the data contained by the „immunity card”, which aim is to certify immunity to coronavirus. Is the employer entitled to request information from the employee regarding the immunity card or store the information concerning its employee? In this article we answer the above questions on the basis of the information („Information”) of Hungarian National Authority for Data Protection and Freedom of Information.
1. What does the “immunity card” certify and what kind of data does it contain?
The Government Decree 60/2021 (12 February) on certifying immunity to coronavirus (“Decree”) regulates the provisions concerning certifying immunity to coronavirus.
According to the Decree, immunity to coronavirus can be certified if
- the person recovered from COVID-19 illness within a period specified in this Decree; or
- the person has been vaccinated with a COVID-19 vaccine that is authorised in the European Union or Hungary.
Immunity to coronavirus shall be certified by either an official verification card (hereinafter “immunity card”) or a mobile application.
The immunity card, among others, contains[1]
a) name of the person concerned,
b) passport number of the person concerned, if any,
c) number and document identifier of the permanent personal identification card of the person concerned, if any,
d) number of the immunity card,
e) date of vaccination if certifying vaccinated status,
f) expiration date of the card if certifying the fact of having recovered from infection.
2. Can the employer know its employee’s data concerning his immunity?
According to the Information, after a risk assessment, in case of certain jobs or group of persons, it might be a necessary and proportional measurement that the employer requests data from the employee related to their protection against COVID-19.
Based on the above, in certain cases, an employer is entitled to request data form its employee concerning whether he has immunity, i.e. he is recovered from coronavirus or he has been vaccinated.
The Information provides guidelines on how to determine whether the data processing concerning immunity is considered as necessary in case of certain jobs.
In case of low risk jobs (e.g. permanent home office), it cannot be concluded that the data processing is necessary. However, the data processing is necessary, e.g. if the employer deals with fixing or maintaining medical devices at the COVID-19 department of the hospital, and requests its employees to certify the fact of their immunity to avoid the infection of its employees. The data processing might be also considered as necessary if the employer is a social facility and it is necessary to know whether its employees working in the facility have immunity in order to protect the residents of the facility.
In the above cases, the aim of the data processing of the employer is to protect the life and health of the concerned employee, the other employees and the third persons with whom the said employee may come into contact (e.g. clients) and to comply with the applicable obligations of the employer.
3. What kind of immunity related data can the employer know?
If the employer, on the basis of the above, is entitled to know the fact of its employee’s immunity, the employer may only request the presentation of the immunity card or the application.
Based on the above, the employer may only know the personal data contained by the immunity card or the application.
4. Can the employer keep a record about the immunity of its employees?
If the employer, on the basis of the above, is entitled to know the data concerning the immunity of its employees, it can also keep a record of that, but it can contain only the fact that the employee justified the fact that he is protected from the coronavirus and in case this data may be established based on the presented proof then the validity period of the protection.
5. Can the employer make a copy of the immunity card?
Considering the fact that the employer, subject to certain conditions, may only request the presentation of the immunity card or the application, it cannot copy or otherwise store them and it is not entitled to transfer them to third person.
6. Which measures are necessary to the data process of the employer?
The Information underlines that the employer, as a data controller shall ensure the lawfulness of the data processing.
Taking into account that the fact of immunity shall be considered as data concerning health, therefore not only the appropriate legal basis[2], but the further conditions of Section 9(2) of GDPR, its point b) h) or i) in the present case (legal obligation concerning employment, purposes of occupational medicine, public interest in the area of public health) shall be demonstrated.
As it is a non-mandatory data processing, which affects the employees, the legal basis of the data processing may be basically the legitimate interest of the employer. (Section 6(1)(f) of the GDPR) In order for the reference to the legitimate interest to be applicable, the employer shall carry out a legitimate interest assessment test.
Furthermore, it shall be noted that the other rules of the GDPR are also applicable to the data processing concerning immunity, consequently e.g. the employer shall provide information according to the Section 13 of the GDPR to the employees.
7. Summary
The employers, if they consider it as necessary and proportional measurement based on a previous risk assessment, may lawfully know and process the data of their employees contained by the immunity card or the application.
However, the employers are not entitled to make a copy of the immunity card or the application, they cannot store them, and they are not entitled to transfer them to third persons.
Furthermore, the employers shall ensure the lawfulness of the data processing, therefore, among others, they shall inform the employees about the data processing.
-
HOW TO SET UP A COMPANY IN HUNGARY FROM ABROAD?
Hungary is a popular target for investing in the Central Eastern European region thanks to the 9% tax on capital gains for SMEs and 15% personal income tax for individuals, which tax rates are among the lowest for both businesses and private individuals across Europe. However, there are extra requirements for foreigners that are important to pay attention to. In order to avoid unpleasant surprises, we would like to draw your attention to the following when you are setting up your company in Hungary as a foreigner.
Read more » -
HUNGARY: WHY HIRE A LAW FIRM TO COLLECT DEBT INSTEAD OF A COLLECTION AGENCY?
In the recent years of crisis, it's becoming more and more common that your business partners fail to pay your invoices. After getting bored of their excuses or silences, there comes a time when you have to put pressure on your debtor. At that point, you either hire a law firm or turn to one of the many debt collection agencies offering “simple and cheap, yet efficient” solutions. But are the latter solutions really that effective? Is it worth entrusting a debt collection agency in Hungary? In our article, we bring up three reasons why you should hire rather a law firm in Hungary instead of a collection agency.
Read more » -
TRADE SECRET THEFTS IN HUNGARY – WHICH COURT PROTECTS EMPLOYERS’ RIGHTS?
Trade secrets are protected on more levels in Hungary. While the Business Secret Act provides general protection, the Labour Code protects the business secrets of employers in the employment context. Yet this abundance can cause problems when it comes to the question which court is competent to protect employer’s rights in case of theft of trade secrets by an ex-employee. Can an employer file a damage claim against an ex-employee and a competing company as co-defendants in front of the commercial court? Or is it the labour court which is competent to hear the case? A fresh decision of the Hungarian Supreme Court, analysed in this short article, deals with these questions.
Read more »