S. TÓTH MÁRTA – LINEO COACHINGTM
1071 Budapest, Damjanich utca 58 1/2
Data Processing Policy – GDPR
TABLE OF CONTENTS
- General provisions
- Core principles of processing
- Updating and access to the Policy, gaining insight into it and its acceptance
- Processing operations, its source and legal grounds, scope of data processed, duration or processing, scope authorised to process
- Data transfer
- Sending newsletters
- Cookies and anonymous information through the use of our websites
- Personal data of children and third parties
- Personal data processed without any legal grounds
- Data security measures
- Personal data breach
- Rights of and opportunities for the data subject to seek legal remedy
- General provisions
The present data processing policy (Policy) regulates the processing of personal data recorded and processed by the data controller S. TÓTH MÁRTA – LINEO COACHINGTM Limited Liability Company (registered seat: 1143, Budapest, Ilka utca 36, (office: 1071 Budapest, Damjanich utca 58. ½ ), registered by the Metropolitan Court under company registration number -, tax identification number: 67776531-1-42, hereinafter referred to as S. TÓTH MÁRTA), registered under number NAIH-121784/2017 by the National Authority for Data Protection and Freedom of Information (Freedom of Information Act), in the case of valid legal grounds based on the consent of data owners.
The above defined personal data processed by S. TÓTH MÁRTA complies with the definition for personal data defined in GDPR Article 4(1) and Section 3(2) of Act CXII of 2011 on informational self-determination and freedom of information.
S. TÓTH MÁRTA does not, under any circumstance, process special categories of personal data as defined under GDPR Article 9 and special data as defined under Article 3(3) of the Freedom of Information Act or obtain or request any personal data from persons that are not owners of the data.
The scope of the present Policy does not apply to processing the data of legal persons or data based on which it is not possible to identify the data owner.
S. TÓTH MÁRTA provides information in connection with the data processing policy and its interpretation electronically in response to messages sent to the email address info@coaching-nlp.hu.
- Key principles of processing
S. TÓTH MÁRTA pays special attention to protecting the personal data of persons it comes into contact with, its accuracy and confidential nature, acts in a preventative manner to process the data solely on valid legal grounds compatible with purpose limitation and storage limitation, refrains from disclosing the personal data it processes to any third party or organisation in the absence of legal grounds and erasing the data after the legal grounds of processing no longer apply.
In light of its above objectives, S. TÓTH MÁRTA shall make every effort to fully comply with the following key principles of personal data processing during the course of the processing of personal data without any restriction and in every case:
- Principle of lawfulness, fairness and transparency: personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
- Principle of purpose limitation: personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Principle of data minimisation: personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Principle of accuracy: personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
- Principle of storage limitation: personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
- Principle of integrity and confidentiality: personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- Principle of accountability: the controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1.
- Updating and access to the Policy, gaining insight into it and its acceptance
S. TÓTH MÁRTA reserves the right to unilaterally amend the present Policy without the explicit consent of data owners.
In light of this, S. TÓTH MÁRTA agrees to always publish the valid version of the Policy and concurrently ensures access to the previous versions of the Policy on the website http://coaching-nlp.hu/ for data owners to always have accurate information in connection with the processing activity undertaken by S. TÓTH MÁRTA and rules regulating this activity.
By providing personal data to S. TÓTH MÁRTA, in particular, in light of Section 3(2) of the Freedom of Information Act, the data owner declares to have gained knowledge of the version of the present Policy valid at the time the data was provided and explicitly accepts its provisions.
- Processing operations, its source and legal grounds, scope of data processed, duration or processing, scope authorised to process
4.1. Processing operations
In the event of valid legal grounds, during the course of technical activities relating to processing operations, S. TÓTH MÁRTA records, processes, transfers the personal data provided previously in the most limited possible scope and blocks and erases such data in the case of due grounds based on the request of the data owner.
4.2. Legal grounds of processing:
Legal grounds detailed in Article 6 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
- S. TÓTH MÁRTA records and processes the personal data provided voluntarily based on the consent of the data owner to conclude contracts between the client and the student and to perform these to satisfy its legal and contractual obligations.
- While communicating with S. TÓTH MÁRTA (e.g. subscribing to our newsletter, communicating via email, Facebook, etc.), data owners provide their personal data to S. TÓTH MÁRTA based on voluntary consent.
If the data owner withdraws the consent provided to process personal data, S. TÓTH MÁRTA may nevertheless have due grounds to apply alternative legal grounds to that defined in GDPR Article 6, S. TÓTH MÁRTA may opt to apply alternative legal grounds to process the personal data without the consent of the data owner.
4.3. Scope of data processed
The scope of personal data provided to S. TÓTH MÁRTA by data owners includes all personal data provided by clients, students and persons communicating electronically with S. TÓTH MÁRTA (e.g. newsletter subscribers, email senders, persons sending messages on Facebook), which, in particular, includes the following:
- Within the framework of client relations: postal and permanent address, identity card number, email address, telephone number.
- Student contracts and for filling in application documents: full name, place and date of birth, mother’s maiden name, postal and permanent address, identity card number, address card number, education and qualifications, copy of document certifying highest level of education, tax identification number, nationality, email address, telephone number.
- Within the framework of electronic communication (e.g. subscribing to a newsletter or email): name and email address of the person communicating, newsletter subscription status. Communicating with visitors on S. TÓTH MÁRTA Facebook pages (https://www.facebook.com/lineoic/, https://www.facebook.com/coachingnlpinternationalacademy/, https://www.facebook.com/stothmarta/), visitors are able to send comments and messages to S. TÓTH MÁRTA via Facebook, for example may ask about the courses and training S. TÓTH MÁRTA will be holding. S. TÓTH MÁRTA may reply to questions or send comments and reply messages, if necessary.
4.4. Duration of processing
S. TÓTH MÁRTA processes personal data based on the consent provided by the data owner until withdrawal of consent, generally for 5 years following termination of contact with the data owner in the absence of withdrawal of consent. The data owner may withdraw consent at any given time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to withdrawal.
As a general rule, S. TÓTH MÁRTA safeguards data required to perform a contract in which one of the parties is the data owner and S. TÓTH MÁRTA is the other or if processing is required to satisfy any legal obligation of S. TÓTH MÁRTA (e.g. documents containing personal data constitute documents certifying accounting, is, for example, specified in documents relating to contracts concluded between S. TÓTH MÁRTA and the client (e.g. on the order) or on the invoice issued) for a period of 5 years, as regulated in the Civil Code, or for the period set in sectoral rules for given documents irrespective of the consent of the data owner (e.g. for 8 years according to accounting regulations).
4.5. Persons authorised to process data
Rights and obligations of the processor pertaining to the processing of personal data are defined by the controller S. TÓTH MÁRTA as provided for in the Freedom of Information Act and other legal regulations regulating processing.
S. TÓTH MÁRTA provides all employees and data processors (currently a total of 3 persons) the opportunity to perform technical activities relating to processing operations (recording, processing, erasure, blocking, etc.).
As controller, S. TÓTH MÁRTA bears responsibility for the lawfulness of processing. Data processing credentials of the controller are detailed in the present Policy; the controller may not go beyond these in any case, may solely process the personal data provided according to the rules set by the controller S. TÓTH MÁRTA and guidelines set forth in the present Policy, may not perform processing for its own purpose; furthermore, shall store, safeguard personal data according to rules set by the controller S. TÓTH MÁRTA, erase personal data if valid legal grounds no longer apply and block personal data in the case of the rightful request of the data owner.
4.6. The scope of data processed, processing purposes, the duration of processing and the persons eligible to access the data is presented in the table below.
Type and purpose of processing | Legal grounds of processing | Scope of data processed | Duration of processing | Who has access to my personal data? |
Communicating with clients | Section 6(5)a) of the Freedom of Information Act, according to which S. TÓTH MÁRTA may process data recorded based on the consent of the data subject to satisfy relevant legal obligations without the data subject providing any other further consent. | Postal and permanent address, identity card number, email address, telephone number | S. TÓTH MÁRTA erases the data after performing the contract in 5 years time as defined under CC Section 6:22. If S. TÓTH MÁRTA is required to safeguard the data based on Section 169 of Act C of 2000 on accounting, S. TÓTH MÁRTA shall only erase the data irrespective of the consent of the data subject in eight years time following the performance of the contract. This generally occurs if the data constitutes documents certifying accounting, is, for example, specified in documents relating to contract conclusion between S. TÓTH MÁRTA and the client (e.g. on the order) or on the invoice issued. | All S. TÓTH MÁRTA employees |
Student contracts | Section 6(5)a) of the Freedom of Information Act, according to which S. TÓTH MÁRTA may process data recorded based on the consent of the data subject to satisfy relevant legal obligations without the data subject providing any other further consent.
Identifying the client, keeping in contact and communicating with the client is the purpose of processing. |
Full name, name at birth, place and date of birth, mother’s maiden name, postal and permanent address, copy of identity card and address card, education and qualifications, copy of document certifying highest level of education, tax identification number, nationality, email address, telephone number, bank account number | S. TÓTH MÁRTA erases the data after performing the contract in 5 years time as defined under CC Section 6:22. If S. TÓTH MÁRTA is required to safeguard the data based on Section 169 of Act C of 2000 on accounting, S. TÓTH MÁRTA shall only erase the data irrespective of the consent of the data subject in eight years time following the performance of the contract. This generally occurs if the data constitutes documents certifying accounting, is, for example, specified in documents relating to contract conclusion between S. TÓTH MÁRTA and the client (e.g. on the order) or on the invoice issued. | All S. TÓTH MÁRTA employees |
Electronic communication (newsletters, via email, Facebook) | Section 6(1) of Act XLVIII of 2008 on the Essential Conditions of and Certain Limitations to Business Advertising Activity (Business Advertising Act) – prior and explicit consent of the data subject | Name and email address of subscribers, newsletter subscription status, messages sent on Facebook | Personal data must be erased if the data subject withdraws consent or the email address is erased. | All S. TÓTH MÁRTA employees |
- Data transfer
As a principal rule, S. TÓTH MÁRTA does not transfer personal data provided to any third party without the written consent of the data owner or in the absence of valid legal grounds, such as to satisfy obligations ensuing from legal regulations.
Irrespective of the principal rule, S. TÓTH MÁRTA transfers invoices issued to its accountant, students enrolled in trainings and clients containing the name and postal address of the student or client to satisfy obligations ensuing from legal regulations.
In special cases, S. TÓTH MÁRTA is obligated to provide information, disclose data and ensure access to documents based on requests made by the court, the prosecution service, the investigating authority, the infractions authority, the administrative authority or the National Authority for Data Protection and Freedom of Information and as provided for by law at the request of other bodies. In such cases, S. TÓTH MÁRTA only discloses personal data to the extent essentially required to satisfy the purpose of the request made, if the specific purpose and scope of data has been specified.
- Sending newsletters
Subscribing to newsletters constitutes a part of automated processing, which newsletters are automatically sent to subscribers via the system used by S. TÓTH MÁRTA according to rules set in possession of the data and consent provided by the data owner subscribing to the newsletter.
The data owner way unsubscribe from the newsletter free of charge at any given time, without restriction and having to state reasons by contacting info@coaching-nlp.hu or on the website by clicking on the link provided in the newsletter.
- Cookies and anonymous information through the use of our websites
S. TÓTH MÁRTA uses cookies on certain parts of its website http://coaching-nlp.hu/ and https://www.stothmarta.com/ to track the activity of site visitors, which, however, are by no means linked to the visitor.
Cookies essentially store specific information on the computer or web browser of the user visiting the website. Cookies help S. TÓTH MÁRTA understand which parts of the website are the most popular ones, because they allow us to see which pages visitors access and how much time they spend there. Cookies record, for instance, the time accessed, whether the user has visited the website before and the website that directed the visitor. By using cookies, the information displayed the next time the website is accessed will meet the user expectation of visitors.
Visitors to the website may block cookies if they use a browser that signals that a cookie has been sent and refuse to accept unwanted cookies
A record of IP addresses is temporarily kept for statistical purposes on the website operated by S. TÓTH MÁRTA; however, it is not linked to the person visiting the site.
Technical data based on which it is not possible to identify the data owner may be automatically saved when visiting the S. TÓTH MÁRTA website. The address of the website that directed the visitor to S. TÓTH MÁRTA ‘s website, searches performed on the website and the place of access to the website are such technical data.
Data based on which it is not possible to identify the visitor are not deemed personal data and, as such, are not regulated within the scope of the present Policy. This information is only used by the company.
- Personal data of children and third parties
Persons under the age of 16 may not provide their personal data without the explicit consent of a parent.
The person providing the personal data declares and guarantees to explicitly act in compliance with the present Policy and that the person’s legal capacity to provide information in not restricted in any manner.
If the person providing the data is not eligible to independently provide the data of the data subject, this person is required to obtain the written consent of the third party data subject (e.g. legal or transactional representative, caretaker, guardian or other person acting in the name or in the interest of the given person) or ensure other legal grounds for processing the personal data provided.
S. TÓTH MÁRTA is in every case authorised to verify compliance with the legal grounds referred to for processing personal data. As such, S. TÓTH MÁRTA may request authorisation recorded in a document of full probative force from the representative and/or consent to data processing provided by the data subject’s data owner in the given matter.
- Personal data processed without any legal grounds
S. TÓTH MÁRTA is committed to erasing all personal data in which case there are no longer any legal grounds for processing or that it provided in an unauthorised manner.
Furthermore, within the framework of this commitment, S. TÓTH MÁRTA agrees to do everything in its power to refrain from using any personal data it processes without any legal grounds or transferring such data to third parties.
S. TÓTH MÁRTA requests the data owners whose data it processes to notify the company without delay if the data owner notices that a third party provided the personal data of the data owner to S. TÓTH MÁRTA in an unauthorised manner or if S. TÓTH MÁRTA obtained the personal data of a child under the age of 16 without the consent of a parent.
- Data security measures
S. TÓTH MÁRTA shall take appropriate security measures to prevent the public disclosure, erasure, loss or destruction of the personal data it processes under any circumstances.
To enforce these data security measure requirements, S. TÓTH MÁRTA created an IT environment in a manner to comply with the following requirements:
- The IT system is capable of restricting access to the data processed, as such, the data is protected from unauthorised third parties (as such, from unauthorised access, alteration, transfer, public disclosure, erasure, destruction).
- Preventing unauthorised data entry during the course of the automated processing of personal data, use of its data processing system by unauthorised persons and use via a data transfer device; all changes to data to ensure verification and accountability in connection with information relating to data entry (such as who and when) and data transfer are made by specifying the time changes were made.
- An error report is prepared in connection with errors arising during the course of automated processing, the incorrect data is erased.
- A data backup is made to protect the data from accidental destruction, alteration and inaccessibility ensuing from changes to the technology used and to be able to recover the data in the event of a breakdown.
S. TÓTH MÁRTA operates a registration system to record data transfer, termination of data transfer, personal data breaches, requests made by data owners and authorities and replies provided to these in connection with the customer database to efficiently enforce the security measures taken.
S. TÓTH MÁRTA ‘s IT system provides the security level expected during the course of personal data processing and provided protection against cybercrimes. The operator ensures protection through password protection, a firewall and server security procedures.
- Personal data breach
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
The controller reports the personal data breach without delay and preferably no later than 72 hours after gaining knowledge of the personal data breach to the National Authority for Data Protection and Freedom of Information, except if the personal data breach presumably does not represent a risk to the rights and liberties of natural persons. Reasons certifying delay must be stated if the breach is not reported within 72 hours.
The controller registers personal data breaches by recording facts relating to the personal data breach, its impacts and measures taken to rectify it. This registry allows the supervisory authority to verify compliance with legal requirements.
The controller informs the data subject of personal data breach without delay if the personal data breach presumably represents a high risk to the rights and liberties of natural persons. The nature of the personal data breach is to be explained simply and clearly to the data subject.
- Rights of and opportunities for the data subject to seek legal remedy
The data subject may request
- information in connection with the processing of his or her personal data,
- rectification in the case of an error in his or her personal data and
- the erasure or blocking of personal data, with the exception of mandatory processing,
from the controller.
Furthermore, the data subject may object to the processing of his or her personal data.
S. TÓTH MÁRTA is required to provide clear information in writing to satisfy the request within a reasonable deadline of the receipt of the request or maximum within 25 days. S. TÓTH MÁRTA shall state the reasons and legal grounds of refusal in writing within 25 days of the receipt of the request or electronically based on the consent provided by the data subject if it fails to satisfy the request made.
The data subject may object to the processing of his or her personal data in the cases listed under section 21 of the Freedom of Information Act. The controller reviews the complaint made within the shortest possible space of time following its submission or within 15 days, renders a decision in the matter of its acceptance and informs the complainant of the decision in writing.
Should S. TÓTH MÁRTA find the complaint made substantiated, it shall terminate data processing, block the data and notify all persons to whom it previously transferred the personal data against which a complaint was lodged and the measures taken based on it, which persons are required to take measures to enforce the right to object.
S. TÓTH MÁRTA informs the data owner of the following opportunities to seek legal remedy at court or to turn to the National Authority for Data Protection and Freedom of Information in the case of the rejection of the above applications:
1) The data owner may take legal action against the controller in the event of the breach of the rights of the data subject and in the cases listed in section 21 of the Freedom of Information Act. Legal action may also be taken at the court competent in the place of residence or habitual residence of the data subject, according to the choice of the data subject.
2) Anyone may initiate review by filing a report to the National Authority for Data Protection and Freedom of Information (http://naih.hu/; 1530 Budapest, Pf.: 5; Tel.: +36-1-391-1400; Fax: +36-1-391-1410; Email: ugyfelszolgalat@naih.hu) with reference to the violation of rights pertaining to right of access to data of public interest and data public on the grounds of public interest or its imminent risk.
Rights in connection with data processing and opportunities to seek legal remedy are detailed in subchapters 13-17 and 30 of the Freedom of Information Act.
Last updated: 01 October 2018
Opt-out options
Google gives you the opportunity to control cookies (also known as web re-design ads) used for remarketing ads. Please click on the appropriate opt-out link here: https://www.google.com/settings/ads/plugin (You must be signed in to your Google account to edit).
Facebook does not provide opt-out control for cookies. For more information on managing your Facebook cookie, please click here: https://www.facebook.com/policies/cookies/ (You must be logged in to your Facebook account).
Please follow the instructions under “How do I check my cookies?”
The best way to clean your browser from cookies is to regularly (or at any time) delete cookies from your browser. The other option is to use the “Don’t Follow” option (“incognito” or “private” browsing).
To manually delete your data from our database (including physical data), please send your cancellation request to the following email address: info@coaching-nlp.hu.