DATA MANAGEMENT INFORMATION

Oktatoterem.com Limited Liability Company (headquarters: 1075 Budapest, Károly blvd. 3.a.; hereinafter referred to as the "Company") will always treat personal data confidentially and will take all necessary security, technical and organizational measures to ensure the security of personal data.

The purpose of this Privacy Notice is to set out the principles and rules for the processing of personal and other data in the course of the Company's activities and to provide the necessary information to data subjects.

No automated decision-making or profiling is carried out by the Company and data are not transferred to third countries. Access to the data is limited to the Company and its employees.

The Company reserves the right to change this information, in which case the data subjects will be informed as soon as possible.

Important definitions

"GDPR" - REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation);

'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"processing" means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

'profiling' means any form of automated processing of personal data whereby personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with that person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

'pseudonymisation' means the processing of personal data in such a way that it is no longer possible to identify the natural person to whom the personal data relate without further information being required, provided that such further information is stored separately and technical and organisational measures are taken to ensure that no association with an identified or identifiable natural person is possible

'filing system' means a set of personal data, structured in any way, whether centralised, decentralised or structured according to functional or geographical criteria, which is accessible on the basis of specified criteria;

"controller" means a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;

"processor" means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller; "recipient" means a natural or legal person, public authority, agency or any other body with whom or to which personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;

'consent of the data subject' means a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data relating to him or her;

'personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

Processing of data in the course of the Company's activities

Type of personal data processed:

The main activity of the Company is to rent to customers for a limited period of time the classrooms it owns and the equipment required for the training/lecture, as requested by the customer. In doing so, the Company processes the name, address and telephone number of the customer as personal data

Purpose of the processing:

The Company processes the personal data in the context of the above-mentioned activity for the purpose of establishing a rental relationship with the customers. In particular, this includes the processing for the purpose of concluding a rental contract with the customer and for the purpose of subsequent contact.

Legal basis for processing:

Your consent.

Duration of processing

Until your consent is withdrawn or 8 working days after the termination of the lease with the data subjects in the course of the Company's activities.

Data Processor

The Company does not transfer personal data of data subjects to data processors.

Method of storage of personal data, security of processing

The Company and its data processor shall implement appropriate technical and organisational measures to ensure a level of data security appropriate to the scale of the risk, taking into account the state of the art and the cost of implementation, the nature, scope, context and purposes of the processing and the varying degrees of probability and severity of the risk to the rights and freedoms of natural persons.

The information technology tools used to process personal data in the provision of the service are selected and operated in such a way that the data processed are accessible to those authorised to access them, that the processing is authentic, that data integrity is achieved and that the data are protected against unauthorised access,

In addition, appropriate measures are taken to protect the data against, in particular, unauthorised access, alteration, disclosure, disclosure, erasure or destruction, accidental destruction or accidental damage, or inaccessibility resulting from changes in the technology used.

Appropriate technical arrangements will be made to ensure that the data stored cannot be directly linked and attributed to the data subject with other data files electronically processed in different registers.

In addition, technical, organisational and organisational measures are taken to ensure a level of security appropriate to the risks associated with the processing.

The Company will, in the course of its processing

- protect information so that only those who are authorised to access it have access to it,
- protect the accuracy and integrity of the information and the method of processing; and
- ensure that, when the authorised user needs it, he or she has effective access to the information and the means to obtain it.

Our IT systems and networks are protected against a variety of cyber-attacks. Security is ensured through server-level and application-level protection procedures

The Company, as the data controller, keeps records of any data breaches, indicating the facts relating to the data breach, its effects and the measures taken to remedy it.

The Company shall notify a potential data protection incident to the National Authority for Data Protection and Freedom of Information without delay and, if possible, no later than 72 hours after the data protection incident has come to its attention, unless the data protection incident is unlikely to pose a risk to the rights and freedoms of natural persons.

Data controller's details, contact details

Oktatoterem.com Limited Liability Company
Company registration number: 01-09-960098
Tax number: 23322923-2-42
registered office.
represented by: Péter Farkas Dankházi, executive officer
contact: e-mail, tel: info@oktatoterem.com , +36 20-412-1250

Affected rights, legal remedies

The data subject may request information about the processing of his or her personal data, and may request the rectification or - except for mandatory processing - the erasure, the restriction of processing, and exercise his or her right to data portability and objection as indicated when the data were collected, at the above contact details of the controller or through its customer service.

Right to information:

At the request of the data subject, the Company shall take appropriate measures to provide the data subject with all the information referred to in Articles 13 and 14 of the GDPR and each of the information referred to in Articles 15 to 22 and 34 of the GDPR concerning the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language.

Right of access of the data subject:

The data subject shall have the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, where such processing is taking place, the right to access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom or with which the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations; the envisaged period of storage of the personal data; the right to rectification, erasure or restriction of processing and the right to object; the right to lodge a complaint with a supervisory authority; information on the data sources; the fact of automated decision-making, including profiling, and clear information on the logic used and the significance of such processing and its likely consequences for the data subject. In the event of a transfer of personal data to a third country or an international organisation, the data subject is entitled to be informed of the appropriate safeguards for the transfer.

The Company shall provide the data subject with a copy of the personal data which are the subject of the processing. For additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Upon request by the data subject, the Company shall provide the information in electronic form.

The right to information may be exercised in writing via the contact details provided.

Upon request, information may also be provided orally to the data subject, following a credible identification and proof of identity.

Right to rectification:

The data subject may request the correction of inaccurate personal data relating to him/her processed by the Company and the completion of incomplete data.

Right to erasure:

The data subject has the right, upon request and without undue delay, to have personal data relating to him or her erased by the Company if one of the following grounds applies:

a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

(b) the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;

(d) the personal data have been unlawfully processed;

(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;

(f) the personal data have been collected in connection with the provision of information society services.

The erasure of data shall not be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for public health purposes or for archiving, scientific or historical research purposes or statistical purposes in the public interest; or for the establishment, exercise or defence of legal claims.

Right to restriction of processing:

The Company will restrict processing at the request of the data subject if one of the following conditions is met:

(a) the data subject contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the accuracy of the personal data to be verified;

(b) the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;

(c) the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or

(d) the data subject has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.

Where processing is subject to restriction, personal data, other than storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.

The Company shall inform the data subject in advance of the lifting of the restriction on processing.

Right to data portability:

The data subject has the right to obtain the personal data concerning him or her that he or she has provided to the controller in a structured, commonly used, machine-readable format and to transmit such data to another controller.

Right to object:

The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions.

In the event of an objection, the controller may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.

In the event of an objection to the processing of personal data for direct marketing purposes, the data shall not be processed by the Company for such purposes.

Automated decision-making in individual cases, including profiling

The data subject has the right not to be subject

to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

The above right shall not apply where the processing

(a) necessary for the conclusion or performance of a contract between the data subject and the controller;

(b) permitted by Union or Member State law applicable to the controller which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or

Right of withdrawal

The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.

Procedural rules

The data controller informs the data subject without undue delay, but in any case within one month of receipt of the request, in accordance with Articles 15-22 of the GDPR. on measures taken following a request pursuant to Art. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two months.

The data controller shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request. If the data subject submitted the request electronically, the information will be provided electronically, unless the data subject requests otherwise.

If the data controller does not take measures following the data subject's request, it shall inform the data subject without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as of the fact that the data subject may file a complaint with a supervisory authority and exercise his right to judicial redress.

The Company provides the requested information and information free of charge. If the data subject's request is clearly unfounded or - especially due to its repetitive nature - excessive, the data controller may, taking into account the administrative costs associated with providing the requested information or information or taking the requested measure, charge a reasonable fee or refuse to take action on the basis of the request.

The data manager informs all recipients of all corrections, deletions or data management restrictions carried out by him, to whom or to whom the personal data was disclosed, unless this proves to be impossible or requires a disproportionately large effort. At the request of the data subject, the data controller informs about these recipients.

The data controller provides a copy of the personal data that is the subject of data management to the data subject. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the data subject submitted the request electronically, the information will be provided in electronic format, unless the data subject requests otherwise.

Compensation and damages:

Any person who has suffered material or non-material damage as a result of a violation of the data protection regulation is entitled to compensation from the data controller or data processor for the damage suffered. The data processor is only liable for damages caused by data processing if it has not complied with the obligations specified in the law, which are specifically imposed on data processors, or if it has ignored or acted contrary to the legal instructions of the data controller.

If several data managers or data processors or both the data manager and the data processor are involved in the same data management and are liable for damages caused by the data management, each data manager or data processor is jointly and severally liable for the total damage.

The data manager or the data processor is exempted from liability if it proves that it is not responsible in any way for the event that caused the damage.

Right to go to court:

In the event of a violation of their rights, the data subject may appeal to the court (at the choice of the data subject, competent according to the seat of the defendant or the residence of the data subject) against the data controller. The court acts out of sequence in the case. A lawsuit initiated in connection with the protection of personal data is free of charge.

Official data protection procedure:

You can file a complaint with the National Data Protection and Freedom of Information Authority:

Name: National Data Protection and Freedom of Information Authority
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.

If you have any questions, please feel free to contact us at info@oktatoterem.com.