Our data management policy

formacio.hu webpage

1. Purpose of this document

In the course of the operation of the Website, personal data of customers using the Website (“Data Subject”, “User”) shall be processed by the Controller in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (“GDPR”) and Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (“Info Act”). The Data Controller hereby informs the Data Subjects about the processing of data that necessarily involves the use of the Website. The Data Controller reserves the right to unilaterally amend this document at any time. The amended Privacy Notice shall be effective from the date of its notification.

2. The Data Controller

Knowhouse Consulting Ltd.
Head office: 1141 Budapest, Pered u. 4.
Company registration number: 01-09-419563
Court of registration: Fővárosi Törvényszék Cégbírósága
Tax number: 32350847-2-42
Community Tax Number: HU32350847
Representative: Edina Kálmán
Email address: kalmanedina@formacio.hu

hereinafter referred to as “Data Controller”

3. Data processing during the use of the Website

3.1. Contact by e-mail (kalmanedina@formacio.hu )

Purpose of the processing: to contact the User and respond to his/her e-mail

Legal basis for processin: The User’s voluntary prior informed consent (Article 6(1)(a) GDPR)


Data processed: e-mail address, other personal data provided by the User (typically name)

Data retention period: he Data Controller keeps the e-mail(s) for 6 months from the date of contact/last communication with the User.


Authorised access: authorised employees and agents of the Data Controller, who are responsible for maintaining contact and responding to enquiries.

3.2. Initiate contact (by filling in the contact form)

Purpose of processing: contacting and identifying the Data Subject on the basis of the data provided by the Data Subject
Data processed: name, e-mail address, message
Legal basis for processing: prior informed and freely given consent of the data subject (Article 6(1)(a) GDPR)


Data retention period: The Data Controller will retain the data provided by the Data Subject for 6 months from the date of contact / last communication with the Data Subject.


Authorised access: authorised employees and agents of the Data Controller, who are responsible for maintaining contact and responding to enquiries.

3.3. Registration and user account management

By clicking on the “Register” link
The User declares that he/she has read the GTC and the Privacy Policy, understands their contents and accepts the terms and conditions of data processing.
Purpose of processing: registration on the Website and access to the Website
Legal basis for processing: performance of a contract between the Data Controller and the User (Article 6(1)(b) GDPR)
Scope of data processed: name, tax number, contact person/User name, e-mail address, password of the company contracting with the Data Controller


Data retention period: The Data Controller processes personal data related to registration for five years after the termination of the contract with the User.


The Data Controller shall process the contact details until the User notifies the Data Controller that the contact details have been terminated.
Authorized employees and agents of the Data Controller who are responsible for the operation of the Website.

3.4. Newsletter, DM letter subscription

Pursuant to Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities, the Data Subject may expressly consent in advance to being contacted by the Data Controller with advertising offers and other mailings at the contact details provided at the time of registration. The Data Controller shall not send unsolicited commercial communications and the Data Subject may unsubscribe from receiving such offers without restriction. In this case, the Data Controller will delete all personal data necessary for the sending of advertising messages from its records and will not contact the Data Subject with further advertising offers. The data subject may unsubscribe from advertising by clicking on the link in the message.

Purpose of processing: sending electronic newsletters, information and marketing emails to the User.
Legal basis for processing. Article 6(5) GDPR.
Data processed: name, e-mail address
Data retention period: the Data Controller processes the data until the data subject unsubscribes (until the data subject’s consent is withdrawn).
Authorised access: authorised employees and agents of the Data Controller, whose marketing and sales activities fall within their remit.

3.5. Cookies

When you visit the Website, we place a small data file, called a cookie, on your computer (hereinafter referred to as a cookie or cookie), which may serve a number of purposes, which are described below.

Modern browsers allow you to change your cookie settings. Some browsers automatically accept cookies by default, but this setting can be changed to prevent the user from automatically accepting them in the future. If you change this setting, the browser will offer you the option to set cookies each time you change it.

Please note that, as session cookies are intended to support and facilitate the usability and processes of the Website, we cannot guarantee that the User will be able to use all the functions of the Website to their full extent if these cookies are disabled. The Site may then function differently than intended in the browser.

For more detailed information on cookie settings for the following browsers

Chrome: https://support.google.com/accounts/answer/61416?hl=hu 

Firefox: https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnakszami?redirectlocale=hu&redirectslug=S%C3%BCtik+kezel%C3%A9se

 Internet Explorer: https://support.microsoft.com/hu-hu/windows/cookie-k-t%C3%B6rl%C3%A9se-%C3%A9skezel%C3%A9se-168dab11-0753-043d-7c16-ede5947fc64d

Microsoft Edge: https://support.microsoft.com/hu-hu/windows/a-microsoft-edge-ab%C3%B6ng%C3%A9sz%C3%A9si-adatok-%C3%A9s-az-adatv%C3%A9delem-bb8174ba-9d73- dcf2-9b4a-c582b4e640dd 

Please note that when using an ad-blocker, the cookie notice may not always be displayed. If you wish to view it, please deactivate the ad-blocker application!

3.5.1. Cookies are absolutely necessary for the website to function

Purpose of data management: Session cookies and plug-ins (modules) are necessary for browsing the Website and using the functions, among other things they allow the User to comment on the actions performed on a given page, function or service.

Without the use of “session cookies”, the smooth use of the Website cannot be guaranteed. Their validity period covers the duration of the given visit, “cookies” are automatically deleted at the end of the session or when the browser is closed.

Legal basis for data management: The legitimate interest of the Website Users and the Data Controller in the proper functioning of the Website (GDPR Article 6 (1) point f) of CVIII of 2001. Act (E-ker tv.) 13/A. in accordance with § (3).

Scope of managed data: Unique identifiers of the User (IP address), time of website visit. Duration of data management: The period until the end of the relevant user session. Statistical cookies

Purpose of data management: To collect technical data in connection with the visit to the Website, to improve the service, or to measure the number of visitors. More detailed information about cookies and plug-ins is available below: Google Analytics, Google AdWords: web analytics Websites, helps to measure website visitation data and other web analytics data, and optimizes the display in search results on search result pages.

You can prevent the given service provider from collecting and processing the User’s website usage data (including the IP address) through cookies if you download and install the browser plug-in at the following link.

out, the “cookies” are automatically deleted at the end of the session or when the browser is closed. Legal basis for data management: The legitimate interest of the Website Users and the Data Controller in the proper functioning of the Website (GDPR Article 6 (1) point f) of CVIII of 2001. Act (E-ker tv.) 13/A. in accordance with § (3).

Scope of managed data: User’s unique identifiers (IP address), time of website visit.

Duration of data management: The period until the end of the relevant user session. Statistical cookies

Purpose of data management: To collect technical data in connection with the visit to the Website, to improve the service, or to measure the number of visitors.

More detailed information about cookies and plug-ins is available below: Google Analytics, Google AdWords: web analytics software, helps measure website visitation data and other web analytics data, and optimizes display in search results on search result pages.

More information on the software’s data management is available at: https://policies.google.com/privacy?hl=hu

You can prevent the given service provider from collecting and processing the User’s website usage data (including the IP address) through cookies if you download and install the browser plug-in at the following link.

3.5.2. Marketing cookies

Purpose of processing: to support marketing activities related to the Website

More detailed information about cookies and plug-ins is available below.Facebook Conversation API: tracks your visit to the Website. The server notes what actions the user performs and then the server sends the information back to Facebook.

https://www.facebook.com/about/privacy/update#

Google Ads: a feature that allows you to reach people who have previously visited the Site and then link the relevant messages to the right people.

https://policies.google.com/privacy?hl=hu

HotJar: a service used for heatmap analytics, which collects information about the location of clicks, mouse movements. Detailed information:

https://www.hotjar.com/cookies

Legal basis for data management: The consent of the Website User (GDPR Article 6 (1) paragraph a) Duration of data management: The duration of data management is a maximum of 180 days. More information: https://www.facebook.com/privacy/explanation

4. Data processors, independent data managers ​

Data controller

Regarding the Facebook Conversation API, Facebook Ireland Ltd.

Registered Office: 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland,

Data management information: https://www.facebook.com/help/contact/540977946302970

5. Links

Please note that there may be links on Tomorrow that lead to other websites. The use of such external websites is subject to the privacy policy and notice of the relevant website, and by clicking on the external link or the relevant button, the Data Controller has no control over the collection, storage or processing of personal data.

6. Data security

The Data Controller respects the provisions on the security of personal data, so both the Data Controller and the authorised data processors shall take all technical and organisational measures and establish the procedural rules necessary to enforce the rules of the Info Law and the GDPR on confidentiality and security of data processing.

The Data Controller shall take appropriate measures to protect the data processed by them against unauthorised access, alteration, disclosure, disclosure, deletion or destruction, as well as against accidental destruction or damage.

7. Rights of data subjects and enforcement

The personal data provided by the Data Subject to the Controller must be true, complete and accurate in all respects. The Data Subject may request information about the processing of his or her personal data, and may request the rectification, erasure or withdrawal of his or her personal data, except for mandatory processing, and exercise his or her right to data portability and objection, in the manner indicated when the data were collected or by contacting the Controller at the above contact details. The right to be informed may be exercised in writing via the contact details indicated in this notice.

The data subject’s right of access: the data subject shall have the right to obtain from the controller information as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom or with whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
  • the envisaged period of storage of the personal data;
  • the right to rectification, erasure or restriction of processing and the right to object;
  • the right to lodge a complaint with a supervisory authority;
  • information on the data sources;
  • the fact of automated decision-making, including profiling, and the logic used and clear information on the significance of such processing and its likely consequences for the data subject

The Data Controller shall provide the data subject with a copy of the personal data processed. For additional copies requested by the data subject, the controller may charge a reasonable fee in line with the administrative costs.

At the request of the data subject, the Data Controller shall provide the information in electronic form. The Controller shall provide the information within a maximum of one month from the date of the request.

Right of rectification: 

The data subject may request the rectification of inaccurate personal data relating to him or her processed by the Controller and the completion of incomplete data.

 

Right to erasure: 

The data subject shall have the right to obtain from the Controller, upon his or her request and without undue delay, the erasure of personal data relating to him or her, on one of the following grounds:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • the data subject withdraws his or her consent on the basis of which the processing was carried out and there is no other legal basis for the processing;
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
  • the personal data have been unlawfully processed;
  • the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
  • the personal data have been collected in connection with the provision of information society services

The erasure of data cannot be initiated if the processing is necessary:

  • to exercise the right to freedom of expression and information;
  • for the purposes of complying with an obligation under Union or Member State law to which the controller is subject to which the processing of personal data is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for archiving purposes, scientific and historical research purposes or statistical purposes in the public interest in the field of public health;
  • or for the establishment, exercise or defence of legal claims.

Right to restriction of processing:

At the request of the data subject, the Controller will restrict processing if one of the following conditions is met:

  • the data subject contests the accuracy of the personal data, in which case the restriction applies for a period of time which allows the accuracy of the personal data to be verified;
  • the data processing is unlawful and the data subject opposes the erasure of the data and instead requests the restriction of their use;
  • the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or – the data subject has objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject. Where processing is subject to restriction, personal data, other than storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State. The Controller shall inform the data subject in advance of the lifting of the restriction on processing.

The right to data portability:

The data subject shall have the right to obtain the personal data concerning him or her which he or she has provided to the controller in a structured, commonly used, machine-readable format and to transmit such data to another controller.

The right to protest:

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller may no longer process the personal data, unless there are compelling legitimate grounds for doing so which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing. In the event of an objection to the processing of personal data for direct marketing purposes, the data shall not be processed for those purposes.

Automated decision-making on individual cases, including profiling:

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. The above right shall not apply where the processing is: – necessary for entering into, or the performance of, a contract between the data subject and the controller; – permitted by Union or Member State law applicable to the controller, which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or – based on the data subject’s explicit consent.

Right of withdrawal:

The data subject has the right to withdraw his or her consent at any time. Withdrawal of consent does not affect the lawfulness of the processing based on consent prior to its withdrawal. The data controller shall do so without undue delay, but in any event from the date of receipt of the request.

Updated: 30th of September, 2023