Privacy Notice

At Central European University (address: 224 West 57th street, New York, NY 10019, USA and 1051 Budapest, Nádor u. 9.) and Közép-európai Egyetem (address: 1051 Budapest, Nádor u. 9.) (jointly as “CEU” or the “University”) we place great emphasis on the protection of your personal information and compliance with the EU General Data Protection Regulation (GDPR)*. This Privacy Notice relates to the collection, use, transfer, and retention of your personal data by CEU's outreach functions, including the CEU Development Office.

*Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1. Who are we and what we do

CEU’s development and outreach offices, as well as University departments, schools, and units, support CEU through contact with a variety of stakeholders, including alumni, students, employers, partners, and supporters of the University. We do this in tandem with offices that serve as primary data stewards for these groups (including, for example, Alumni Relations, which oversees all alumni data management; Career Services, serving as the primary steward of employer data; the Human Resources Office, for CEU employee data; and the Student Records Office, which manages student data). Together, we offer a range of academic, social, and networking activities, events, and publications, and provide access to University resources for members of the broader CEU community. We also author and share news about the University and those affiliated with it, and fundraise to support CEU’s students, teaching, research, and campus development, and the University’s most urgent needs.

In order to advance our mission, CEU maintains and processes personal data collected during the course of our relationship with students, alumni, faculty, staff, employers, partners, donors, and supporters. The majority of the information we hold is obtained directly from you. Further, if you interact with departments, schools, or units within CEU, these areas may share data with each other. We always aim to keep your details up to date, and we will undertake efforts to check the contact details we have for you are correct, and, where appropriate, update them. As a result, some of the data may also have been obtained from publicly available sources. We may also use information from publicly available sources to carry out research to assess your inclination and capacity to support CEU financially or by volunteering your time and/or expertise. More information on these activities is below and you will always have the right to opt out. We value our relationship with you and we use your personal data to ensure we contact you in the most appropriate way, improve our services, and ensure we work efficiently and effectively., and ensure we work efficiently and effectively.

The offices conducting outreach on the University’s behalf are part of CEU, and CEU is the Data Controller. CEU’s data protection policy is available here:

2. Contact details of the Data Controller

Közép-európai Egyetem

1051 Budapest

Nador u. 9. 

Phone: + 36 1 3273000

Central European University 

1051 Budapest

Nador u. 9.

Phone: + 36 1 3273000

3. Contact details of the Data Protection Officer

Irisz Szel, Legal Counsel and Data Protection Officer

Central European University

1051 Budapest

Nador u. 9.

Phone: + 36 1 3273000


4. What is the purpose for processing your data?

Your data is used by CEU for a number of purposes in order to carry out academic activities and support the University’s educational mission, including academic and community programming, services, volunteer engagement, and fundraising. More specifically, we use your data to: to carry out academic activities and support the University’s educational mission, including academic and community programming, services, volunteer engagement, and fundraising. More specifically, we use your data to:

5. What is our legal basis for processing your data?

As part of our work, we process and store personal information relating to students, faculty, staff, alumni, current and potential supporters, partners, and friends of CEU and we therefore adhere to the applicable data protection rules. We take our responsibilities under these rules seriously and ensure the personal information we obtain is held, used, transferred and processed in accordance with the applicable data privacy rules. CEU processes the information outlined in this Privacy Notice in pursuit of our legitimate interests in:

We may pursue these legitimate interests by contacting you by telephone, email, post, or social media. Information about how you can manage the ways that we contact you, including how to opt out from some or all contact from CEU, is outlined in the ‘Your rights’ section below.

Although CEU relies on legitimate interest as the legal basis for processing where this is not overridden by the interests and rights or freedoms of the data subjects concerned, it recognizes that it is not the only lawful ground for processing data. As such, where appropriate, CEU will sometimes process your data on an alternative legal basis – for example, based on a legal obligation (when reporting may be required to the Hungarian or American tax authorities, for instance) or when you give your explicit consent to us to do so.

6. What kind of personal data do we collect?

CEU maintain records of all former students of the University and, as such, we hold education records in perpetuity. If we become aware that your personal data has changed we will update our records to reflect this. In subsequent instances where we provide for example your name (e.g. a class list) we will use your current name alongside any previous names (such as your maiden name) to ensure you can be identified correctly. The University also maintains records of current and potential donors, partners, employers, and event attendees. The personal data we store and process, the majority of which is given to us by you but some of which we may obtain from other sources, may include:

7. Who receives your information?

CEU offices work closely together to provide a coordinated approach. Any transmission of data between CEU units is managed through agreed processes which comply with relevant data protection legislation. Some individual units elaborate their own data protection procedures in Privacy Notices similar to this one, which may be found on the respective unit’s CEU web page.

Unless we have a legal obligation to do so, we will not disclose your data to individuals, organizations, or other entities outside the University other than those who are acting as agents and data processors working on our behalf.

For the purposes set out in section 4, we may need to pass your information to our third-party service providers, agents, subcontractors, CEU’s related organizations, or volunteers for the purposes of completing tasks and providing services to you on our behalf (for example to process donations, send you mailings, print our annual report, or volunteer on an advisory committee). However, with all external entities with whom data is shared, we share only those data needed to perform the specific service and require a contract and/or confidentiality and non-disclosure agreement to be signed before any data transfer—requiring them to keep your information secure and not to use it for their own purposes. We will not sell or rent your information to third parties.

When you are using our secure online donation or event registration pages, your donation or payment is processed by a third-party payment processor specializing in the secure processing of credit/debit card transactions. We do not retain credit card information for future use unless you authorize monthly or other periodic transactions.

Specific third parties we work with include:

Regulators and other authorities acting as processors based in the US and Hungary who require reporting of processing activities in certain circumstances, such as the US Internal Revenue Service.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

8. Cookies

This statement explains how we use cookies on

What are cookies?

A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to "remember" your actions or preferences over time.

Cookies are usually small text files, given ID tags that are stored on your computer's browser directory or program data subfolders. Cookies are created when you use your browser to visit a website that uses cookies to keep track of your movements within the site, help you resume where you left off, remember your registered login, theme selection, preferences, and other customization functions. The website stores a corresponding file (with same ID tag) to the one they set in your browser and in this file they can track and keep information on your movements within the site and any information you may have voluntarily given while visiting the website, such as email address.

You can find out more information about cookies at:

How do we use cookies on this website?

Cookies served while visiting are only used for analytical purposes, to track anonymised visitor browsing statistics - this is done using Matomo. These cookies are used to collect information about how visitors use our site. The cookies collect information in an anonymous format, including the number of visitors to the website, where visitors have come to the site from and the pages they visited. The information generated by the cookie about your use of this website includes your IP address. 

How we do NOT use cookies on this website?

We don't collect any personally identifiable information about you. We will not associate your IP address with any other data held.

You can disable cookies by altering the settings of your browser and the website will still function.

Cookie statement last updated:

February 18, 2021

Future changes

Any changes we make in the Cookie Statement will be posted on this website.


Should you have any questions or concerns regarding this statement, please contact

9. How long will your information be held?

We consider being a member of the CEU community as a lifelong relationship. Generally, CEU will look to retain personal data of our stakeholders until the individual asks us to remove it from our records. We will routinely remind you of your right to have us remove your personal data.

Further, as a fundraising institution founded and powered by visionary philanthropy, CEU relies on ongoing relationships with its alumni, supporters, and their families to enable the University to carry out its educational mission. Especially in cases of donations of bequests and endowments—which are vital to our teaching, research, and community engagement—the generosity that sustains CEU may endure well beyond a supporter’s lifetime. Therefore, unless otherwise requested, or unless deemed inactive under periodic review, CEU will hold supporter records in perpetuity. As noted above, CEU maintains records of all former students of the University and, as such, we hold education records in perpetuity.

If you decide that you no longer wish to receive communication from CEU, please be aware that we still need to retain a minimal amount of personal data so that we can keep a record that you have asked us not to contact you.

10. What are your rights?

You have a right

If you wish to exercise any of these rights, please email or write to us at CEU Data Protection Officer, Nádor utca 9, 1051 Budapest, Hungary. CEU will make every effort to fulfil your request to the extent allowed by law and will respond in writing within 30 days of receiving your request.

Should you wish to request help from the relevant national authority, their details are as follows:

National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11)

11. Security of your information

We are committed to holding your data securely and treating it with sensitivity. All data are held securely and in accordance with the relevant data privacy laws and our internal policies. We do not sell to or trade your data with any other organizations. For further details please see CEU’s Data Protection Policy.

Although most of the information we store and process stays within Hungary, some information may be transferred to countries outside the European Economic Area (EEA). This may occur if, for example, one of our trusted partners’ servers are located in a country outside the EEA. Where these countries do not have similar data protection laws to the European Union, we will take steps to make sure they provide an adequate level of protection in accordance with EU data protection law.

12. Future changes

If our information policies or practices change at some time in the future, we will post the changes on our website among our Official Documents (

Last updated on: October 19, 2020 (cookie statement [section 8] updated January 08, 2021)