For our Hungarian policy please click the link: ide kattintva letölthető.
GORDIUS LEARNING PLC. GENERAL DATA PROTECTION REGULATION
The protection of personal data is of utmost importance in today’s world. Accordingly, Gordius Learning Plc. (hereinafter: Data Controller) dedicates special attention to this area as a priority and handles the personal data in its daily work with the strictest adherence to the requirement of transparency, as well as of the 2016/679 of the European Parliament and of the Council of 27 April 2016.
1. WHO IS THE DATA CONTROLLER?
Gordius Learning Plc., a Hungarian-owned company, is the controller of personal data that is provided during any transactions with the company; and it is responsible for the personal data under applicable data protection laws.
- Company name: Gordius Learning Zártkörűen Működő Részvénytársaság
- Address: 1052 Budapest, Aranykez u. 6, 5th floor
- Registered office: 1075 Budapest, Rumbach Sebestyén 10./B. building, mezzanine 28.
- Company registration number: 01 10 140510
- Tax number: 27082210-2-42
- The principal field of activity: other education M.n.s. (8559 '08)
- Official representative and his function: Mr. István Hangonyi, Managing Director
2. WHICH LEGISLATION PROVIDES THE BASIS FOR THE DATA HANDLING?
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the handling of personal data and the free movement of these data, and repealing Regulation (EC) No 95/46/EC, in its current version: https://eur-lex.europa.eu/legal-content/HU/TXT/?uri=CELEX%3A32016R0679
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, in its current text: https://net.jogtar.hu/jogszabaly?docid=A1100112.TV
- Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities, in its current text: https://net.jogtar.hu/jogszabaly?docid=A0800048.TV
- Act CLV of 1997 on Consumer Protection, applicable text: https://net.jogtar.hu/jogszabaly?docid=99700155.TV
3. HOW THE CONTROLLER STORES THE DATA AND WHO HAS ACCESS TO IT?
Your data will never be sold, resold, utilized or exchanged for marketing purposes to external companies, institutions, or organisations (hereinafter: third parties). The data transmitted to third parties is used by the Data Controller only for the purposes of enabling the cooperation with the person concerned, in the scope of the controller's activities, and for the provision of services to the person concerned (e.g. project management, training courses). In order to protect your personal data, we keep paper documents locked away in a secure place where unauthorized third parties cannot access them. In the case of electronically stored data, access is restricted to duly authorized staff of the controller and may only be used to the extent to and in the case that it is appropriate for providing the service falling within the scope of the Data Controller's activities.
4. WHAT IS THE LEGAL BASIS AND PURPOSE OF THE PROCESSING?
When we process your personal data, we will inform you in each case whether the collection of the personal data is based on a legal requirement or is necessary for concluding a contract, whether it is obligatory to provide personal data what are the possible consequences of refusing to do so. The general purposes of the processing are the following:
➢ To prepare, enter into and execute contracts concluded or to be concluded with the controller;
➢ To comply with the legal obligations of the owner of the personal data and the controller, to assert his or her legitimate interests;
➢ To exercise the rights and fulfill the obligations arising from the contract after the termination of the contract with the controller, in particular, the enforcement of claims based on the contract;
➢ To prevent investigate and detect abuse;
➢ To improve the quality of the service that fits the profile of the controller, and to make market research and survey of habits to this end.
5. THE PRINCIPLES OF DATA MANAGEMENT:
➢ PURPOSE LIMITATION PRINCIPLE OF: Personal data may only be processed for specified purposes, for the exercise of a right, or the fulfilment of an obligation. At all stages of the handling, the purpose of the handling must be fulfilled and the collection and handling of data must be fair and lawful.
➢ PRINCIPLES OF LEGALITY, FAIR HANDLING, AND TRANSPARENCY: The handling of personal data must be lawful, fair, and transparent for the data subject.
➢ PROPORTIONALITY AND NECESSITY: Only those personal data can be processed that are essential for the attainment of its objective, capable of achieving that objective. Personal data may only be processed to the extent and for the duration necessary for the purpose of the handling. Accordingly, the Data Controller shall process only and exclusively such data that is strictly necessary.
➢ PRINCIPLE OF ACCURACY: The handling must ensure that the data are accurate, complete and - where necessary for the purposes for which they are processed - kept up to date and that the data subject can be identified only for the time necessary for the purposes for which they are processed.
➢ LIMITED RETENTION PREREQUISITE: Personal data must be stored in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods only if the handling of personal data under Article 89. Article 89(1) of the EU Privacy Act, subject to the implementation of appropriate technical and organizational measures to protect the rights and freedoms of data subjects, for archiving purposes in the public interest, scientific and historical research purposes, or statistical purposes.
➢ INTEGRITY AND SECURITY PRINCIPLE: The controller shall ensure the prevention of accidental or unlawful destruction or accidental loss, access, alteration, or dissemination of personal data stored in automated files by applying appropriate security measures to protect personal data.
➢ ELIGIBILITY: The controller is responsible for compliance with the requirements of the policy and must be able to demonstrate such compliance.
➢ PRIVACY BY DESIGN PRINCIPLE: A very privacy-aware mindset, which is very brief terms means that both in determining how data is processed and in the course of handling, the controller implements appropriate technical and organizational measures, such as pseudonymization, to effectively implement the above principles, fulfill obligations, incorporate legal safeguards, etc., and does so in a regulated and well-documented manner.
6. EFFECT OF THIS POLICY
➢ TEMPORARY EFFECT: This Policy is in effect until further notice or until it is revoked.
➢ PERSONAL EFFECT: applies to the Data Controller and to the person(s) whose data are included in the handling operations covered by this Policy, the owner(s) of the personal data.
➢ PERSONAL AUTHORITY: covers all data management and data containing personal data in all organizational units of the controller, whether carried out electronically and/or on paper.
7. WHAT ARE YOUR RIGHTS REGARDING THE HANDLING OF PERSONAL DATA?
➢ RIGHT TO INFORMATION: You have the right to request and receive at any time, in writing or orally and based on a reasoned request, appropriate information about the handling of your personal data. Upon request, the controller is obliged to provide the appropriate information within one month (with a possible extension of two months), for which no fee may be charged.
➢ RIGHT OF REQUEST: feedback can be requested at any time on whether personal data are being processed, what kind of data is being processed (if you did not provide the data directly), to whom, where they will be transferred, how long they will be stored, etc., i.e. any information related to personal data, including the fact of automated decision-making, profiling.
➢ RIGHT OF CORRECTION: at any time, the correction of inaccurately or incompletely recorded personal data processed may be requested within a reasonable time.
➢ RIGHT OF ERASURE: you may request the erasure of your personal data from the database within a reasonable period if: the handling or storage of the personal data is no longer necessary for the purposes for which it was collected; consent to the handling of the personal data is withdrawn; you object to the handling of the personal data, or your data has been processed unlawfully.
➢ RIGHT OF RESTRICT DATA HANDLING: if for any reason, the adequacy of the handling is contested, the handling or use of the data may be restricted until the adequacy of the handling is clarified.
➢ RIGHT TO PROTEST: the handling of personal data may be objected to at any time. In this case, the controller may no longer process the personal data.
➢ RIGHT TO COMPLAINT: If the owner of the personal data believes that the controller is handling the data incorrectly, he/she has the right to contact the controller to redress the handling or to file a complaint with the supervisory authority, whose contact details are set out below:
- National Authority for Data Protection and Freedom of Information Office: 1024 Budapest, Szilágyi Erzsébet fasor 22/C
- Website: www.naih.hu
- Phone: +36 (1) 391-1400
- E-mail: ugyfelszolgalat [k] naih.hu">ugyfelszolgalat [k] naih.hu
➢ RIGHT TO APPEAL TO THE COURT: If your rights regarding the handling of personal data are infringed the matter can be taken to court.
➢ RIGHT OF ACCESS TO DATA: upon request, personal data may be obtained from the controller in electronic form. Furthermore, at the express request of the holder of the personal data, the controller may transfer the personal data to third parties.