I. The data controller
Service provider’s name: Training and Development Consulting Limited Liability Company (registered office: 3529 Miskolc Dessewffy Arisztid utca 18. 2/4.)
Company registration number: 05-06-010193
Phone number: 06 30 903 3386 Email address: firstname.lastname@example.org
Main Activities: 7022 Business, Other Management Consultancy Activities
(hereinafter referred to as: Training and Development LLC)
II. Contact details of the Data Protection Officer
We do not engage in any activity that would justify the employment of a Data Protection Officer.
III. Purpose and legal base of data processing
The purpose of this policy is to enable visitors to this website, to identify a transparent and clear manner what personal data the Data Controller handles and the on what basis it does so. 1. Facebook page We also come across personal data (name, post) on our Facebook page, operated for the purpose of online contact, commenting on news, providing opinions, advertising activities, gaining members and potential customers, which we obtain with the consent of the data subject. 2. Invoicing If you use any of the services of Training and Development LLC, we are going to issue an invoice, which is required by law. To issue the invoice, we ask for your billing name, address, tax number and email address. 3. Contact by phone When you call the phone number posted on the website, we will see your phone number. You will probably introducing yourself, so we’ll get to know your name as well. The former one is an absolutely necessary data, because calls made from unknown numbers will not be accepted. We will process this data with your consent so that we can call you back if we are unable to pick up the phone at the moment. If no business relationship is established between us, we will not save your phone number and your name. 4. Contact of business and professional partners In the course of our business / professional relations, we handle the personal data of the partners' managers, employees and contacts on the basis of a legitimate interest: name, telephone number, email address. 5. Cookies Cookie is a package of information consisting of letters and numbers, which usually sent by websites to the browser in order to save certain settings, make the website easier to use and help to collect some relevant, statistical information about visitors. Cookies do not contain personal information and are not suitable for identifying an individual user. Cookies often contain a unique identifier - a secret, randomly generated string of numbers - that your device stores. Some cookies are deleted after you close the website, and some are stored on your computer for a longer period of time. You can block all activities related to cookies, delete data files placed during previous visits, and the exact instructions on this can be adjusted in the browser's guide, which can be found on the following pages:
- Manage cookies and site data in Chrome
- Information about cookies for Firefox,
- Manage cookies in Internet Explorer and Edge.
IV. Withdrawal of consent
Data management is based on consent for the following activities:
- contact us via the contact form
- adult education
- operation of a Facebook page
- contact by phone
- attendance sheets and contact details of events organized by Training and Development LLC
Consent may be withdrawn at any time in writing, in the same simple manner as it was given. You can withdraw your consent by sending an email to email@example.com. In the case of a Facebook page, you can withdraw by unlike the page and in the case of a private message or comment by deleting it. Data processing prior to the withdrawal of consent is considered lawful.
V. Contractual and legal obligation
Keeping the billing data and issuing the invoice is our statutory legal obligation.
VI. Name of legitimate interest
We treat the data of the users of our services on the basis of a legitimate interest. The legal basis of data management is the consent of the users of our Services, as well as the fulfillment of a contractual and legal obligation. We received some of this personal data from previous stakeholders (before May 25, 2018) during our applications, correspondence and meetings.
VII. Duration of data storage
We store the data of the users of our services for the period prescribed by law. Facebook page (name, post) - until the page is deleted, until the person concerned likes the page, until the person concerned deletes it Billing name and address - for the period prescribed by law.
VIII. Security measures
At Training and Development LLC, we take appropriate security measures to ensure that personal data is protected against – among other things – unauthorized access, misleading disclosure or unauthorized alteration. Our executive's laptops can be accessed after entering a password, which is protected from viruses by Panda Security. Phones are password protected. We log in to mailboxes on Facebook with double authentication. We also do our best to prevent unauthorized intrusion on our website and we also use SSL encryption. In developing appropriate security measures, we have taken into account the current state of science and technology, the nature, scope, circumstances, purposes of data processing, and the varying probability and severity of the risk to the rights and freedoms of natural persons.
Training and Development LLC uses data processors to perform certain tasks. Hosting service:
- Megacp.com - 3 in 1 Hosting Bt, 2310 Szigetszentmiklós, Dévai utca 10 / A (Access to the entire content of the website, forwarding of emails to your own domain email address.) Receive and send emails:
- Megacp.com - 3 in 1 Hosting Bt, 2310 Szigetszentmiklós, Dévai utca 10 / A (Access to correspondence and all data). Facebook page:
X. Transmission to a third country
The only third country to which the data is transferred is the United States of America. A compliance decision was reached with the US on 12 July 2016 (https://ec.europa.eu/info/law/lawtopic/data-protection/data transfers-outside-eu / eu-us-privacy-shield_en), which is also followed by Google (https://policies.google.com/privacy/frameworks) and Facebook (https://www.facebook.com/about/privacyshield).
XI. Rights of the person concerned
1. Access to personal data Visitors to our website and our partners are entitled to request feedback on whether their personal data is being processed and, if so, are entitled to access the following information:
- purposes of data management
- the categories of personal data concerned
- the recipients with whom the personal data have been or will be communicated, including third country recipients and international organizations,
- the intended period of storage of the data, if this is not possible, the criteria for determining this period,
- the concerned person's right to request the controller to rectify, delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data
We provide you with a copy of the personal data that is the subject of data management. Additional copies will be charged a reasonable fee for administrative costs. If the application is submitted electronically, the information will be provided in a widely used electronic format (.doc, .pdf, .xls, .jpg, etc.), unless otherwise requested by the concerned person. The right to request a copy must not adversely affect the rights and freedoms of others. 2. Right to rectification Visitors to our website and our partners have the right to correct inaccurate personal data concerning them upon request. Taking into account the purpose of the data management, it is possible to request the completion of incomplete personal data. The rectification must be communicated to all recipients to whom we have communicated the personal data, unless this is impossible or involves a disproportionate effort. The data subject will be informed of the recipients upon request. 3. Right of cancellation We are obliged to delete the personal data of our clients or website visitors without undue delay, with or even without request, if
- personal data are no longer required for the purpose for which they were collected or otherwise processed;
- the client or visitor withdraws the consent on which the data management is based, and there is no other legal basis for the data management;
- the client or visitor protests against the data processing and there is no priority legitimate reason for the data processing;
- personal data has been processed unlawfully;
- personal data must be deleted in order to fulfil a legal obligation under EU or Member State law applicable to the controller;
- personal data were collected in connection with the provision of information society services.
We do not have to delete personal data if the data processing is necessary for the submission, enforcement or protection of legal claims. If a request is made to delete such data, we will consider and respond to the decision in writing. Deletion must be notified to all recipients to whom we have communicated personal data, unless this is impossible or requires a disproportionate effort. We inform our clients / users about the recipients on request. 4. Right to restrict data processing Our partners, users of our services may restrict the use of their data if
- disputes the accuracy of personal data, until clarification
- the data processing is unlawful and instead of deleting the data, asking for a restriction on its use.
5. Right to carry data In the case of automated data processing, if the legal basis of the data processing is the consent or the contractual legal basis, our Partner will receive the personal data concerning him / her provided to us on electronic media upon request or forward it to another institution upon request. The right to data portability must not adversely affect the rights and freedoms of others. 6. Right to protest Our service Partner may object to the processing of his / her personal data at any time for reasons related to their own situation. In this case, the personal data may not be further processed unless it is proved that there are compelling legitimate reasons which take precedence. 7. Automated decision making in individual cases, including profiling Because we do not perform automated decision-making and profiling, we cannot guarantee this fundamental right.
XII. In case of a complaint
We treat personal information with the utmost care. If any of our partners still feel that we have not taken all the steps we are expected to take to protect their personal information, or simply have a question, please contact us at firstname.lastname@example.org. If Training and Development LLC violates the data management principles, the data subjects may exercise their legal enforcement possibilities in court, in the framework of a civil lawsuit. The trial falls within the jurisdiction of the tribunal. The action may also be brought before the court of the place of residence of the person concerned. In addition, any complaints or questions regarding personal data may be addressed to the National Authority for Data Protection and Freedom of Information. (1125 Budapest, Szilágyi Erzsébet fasor 22 / C., Mailing address: 1530 Budapest, Pf .: 5., email: email@example.com, website: http://www.naih.hu).
XIII. Automated decision making
Training and Development LLC does not have automated decision making.
XIV. These legal provisions have been taken into account when determining the legal basis for data processing
The European Parliament and the Council (EU) 2016/679. Article 6 (1) of Regulation (a) has been taken into account. Invoicing data management is based on Regulation (EU) 2016/679 of the European Parliament and of the Council. Article 6 (1) of Regulation c) and CL of 2017 on the taxation system. TV. Section 78 (3) (retention period of documents) and Act CXXVII of 2007 on VAT. TV. § 169 e) (mandatory elements of the invoice). The basis for providing data related to adult education is the LXXVII. (Adult Education Act) and the basis for mandatory statistical data provision is the CLV of 2016 on official statistics. Anonymous data to be reported to the National Statistical Data Collection Program (OSAP) pursuant to the provisions of Act no. The data management basis of the intermediary activity is the 2002 LV. Act on Mediation.
XV. Other provisions
This policy become effective on 25th May 2018 and as soon as new guidelines, resolutions and detailed rules become known, due to which we need to amend it, we will review the content. If the scope of activities of Training and Development LLC changes or we introduce new marketing tools, we will also rewrite them.