Privacy Policy
I. GENERAL INFORMATION, THE DATA MANAGER
1.1. The identity and activities of the data manager
According to the specific data management described in the present Policy (hereinafer: „Policy”), Szeged International Primary School (head office: 6727 Szeged, Lidicei tér 1.; registration number: 32413-5/2017/KOZNEVIG; OM identifier: 203258; TAX number: 18906585-1-06; e-mail: office@szegedips.com; hereinafter: „Data manager”) is acknowledged as data manager.
1.2. Applicable legislation
The Data manager performs its activities under the governing legislations of the European Union and Hungary. Data management operates primarily under the legislation of the Regulation (EU) No 2016/679 of the European Parliament and Council of 27. April. 2016. on the protection and free movement of the private data of natural persons, and repealing Regulation 95/46/EK (hereinafter: „GDPR”).
The applied legislations are available at: http://net.jogtar.hu
1.3 The validity of the Policy, the subject
The validity of the present Policy exclusively covers the Data manager’s website available on the following address: www.szegedips.com (hereinafter: „Website”).
According to GDPR, any information connected to the identifiable or identified natural person (”subject”) is considered as personal data; any natural person, who can be identified directly or indirectly, especially in connection to any identification, such as by name, number, location data, online identification or by the physical, physiological, genetic, intellectual, economical, cultural or social attributes of the natural person,is deemed identifiable.
According to the restrictions of the present Policy, the person who establishes contact with the Data manager and submits their data and their consent to its management, is considered as a subject of data management. On that basis, the validity of the present Policy does not cover data in connection to other than natural entities (e.g. company data), as well as data unrelated to natural persons (e.g. statistical on anonymised data).
The validity of the present Policy exclusively covers the data management performed by the Data manager. In the absence of any contrary stipulation, the Policy does not cover the services and data management for promotions, prize competitions, services and other campaigns or published content provided by third parties advertising or by any means appearing on the Website. In the absence of any contrary stipulation, the Policy does not cover the services and data management of websites and services referenced or linked on the Website.
II. THE PRINCIPLES, PURPOSE AND LEGAL BASIS OF DATA MANAGEMENT
2.1. The principles of data management
The Data manager handles the data in a legal, honourable and transparent manner. The Data manager aims to keep the managed data accurate and up-to-date. The Data manager provides the enforcement of the subject’s rights, and takes every action necessary to ensure the legality of data management in all stages.
2.2. Purpose of data management
The purpose of data management by the Data manager is to maintain the Website and provide services:
-
to identify and contact with the data subject;
-
keeping a record of the data provided by the data subject;
-
providing the services of the Website, making the Website available;
-
provide the data subject with an offer;
-
market research.
2.3. The legal basis of data management
The consent of the subject (Article 6.(1.)(a) of GDPR)
The legal basis of data management is primarily the consent of the subject. The Data manager exclusively handles the data based on the submission and consent of the subject. The consent is voluntary, the subject expresses their consent by registration, submitting their data and accepting the present policy. The consent can be withdrawn by the subject anytime.
III. DATA COLLECTION, THE SCOPE OF PROCESSED DATA
3.1. Data collection, the scope of processed data
The Data manager collects the data primarily from the subject. The Data manager only collects data from other sources, if the consent of the subject is expressed.
The Data manager handles the subject’s following data: name, e-mail address, phone number, details of proposal.
IV. FURTHER INFORMATION REGARDING DATA MANAGEMENT
4.1. Data transmission
Data transmission for a third party is only performed by the Data manager, if the subject, knowing the scope and recipient of the transmitted data, definitely expressed their consent, or the Data manager possesses the appropriate legal basis to execute the transmission.
4.2 Data security, access to data
The Data manager ensures the safety of the data, takes the necessary technical and organizational actions and establishes the restrictions of procedures to enforce the requirements of data security. The Data manager tracks the processed data in accordance with the applicable legislation, providing that the data is only known by workers and other representatives of Data manager for whom it is necessary to carry out their tasks. Any representative of the Data manager is exclusively entitled to recognize the data that is necessary for them to carry out their tasks. The indicated persons shall handle the data confidential. In connection to their tasks, the Data manager ensures IT security in the following instances especially:
-
Providing security against unauthorized access, including the protection of software and hardware devices, as well as physical safety (access safety and network protection);
-
Actions providing opportunities to restore databases, including regular backup savings and the separated and protected handling of the data (mirroring, backup savings);
-
Anti-virus security for data files (virus prevention)
-
Physical protection of data files and carriers, including protection against fire-, water- and lightning damage, as well as other material damages, and taking care of the restoration of damages caused by said events (archiving and fire prevention)
The Data manager takes the necessary actions towards the protection of paper registers, in particular consideration with physical and fire safety. Employees, trustees and other representatives of the Data manager shall securely protect the data carriers containing personal data that is in their use or possession, regardless of the recording method.
4.3. Technical data and cookies
In case of visiting the Website, the system connected to the Website automatically records the IP address of the user’s computer, with the start date of the visit and in some cases, based on the settings of the computer, the type of the browser and the operating system. Data recorded with this method shall not be connected to other personal data. The processing of the data only serves statistical purposes.
Cookies make the Website possible to recognize former visitors. Cookies aim to assist the Data manager, as the operator of the Website, to optimize the Website, providing services in accordance with the habits of the users. Cookies are also suitable for:
-
memorizing the settings, so the user does not have to fill them out again, when visiting a new page,
-
remembering previously recorded data, so the user does not have to type them in again,
-
analyzing the use of the website, and subtracting information necessary for further development, in order to make it work in accordance with the expectations of the users and helping the users to find the information they look for, and
-
Paying attention to the efficiency of advertisements.
In the event of the Data manager using outside web services to display content on the Website, a few other cookies can get stored, which are not overseen by the Data manager, not having any influence over the data this Website and outsider domains collect. Information about these cookies is provided by the restriction in connection with the given services. The Data manager uses Google Analytics cookies to collect the attendance statistics of the Website.
The Data manager applies a Facebook remarketing code in order to later cater to the visitors of the Website with Facebook remarketing advertisements. The remarketing code uses cookies to make the visitor of the Website identifiable for Facebook.
The Data manager uses a Google Adwords Remarketing cookie which, similarly to the aforementioned Facebook remarketing cookie, makes it possible for the users of the Website to receive advertisements later on Google.
Users can set their web search engines to accept or deny all of the cookies, or to notify the user if a cookie enters their computer. Setting options can usually be found in the browser under ”Options” or ”Settings”. Detailed information can be found on the following website: www.aboutcookies.org, that helps with the settings in multiple browsers.
4.4. Data processing
The Data manager is considered a data processor in this context.
4.5. The duration of data management
The duration of the management of private data shall not exceed the necessary and legal measures. The Data manager shall ensure this by creating and obeying the restrictions regarding deletion.
Data will be deleted for the following reasons:
-
If private data is no longer needed for the purpose it was collected for, or it has been handled in a different manner. If the purpose of data management is terminated and the legislation does not require data management, the data shall be deleted by the Data manager.
-
If the subject withdraws their consent. If the subject withdraws their consent, or the subject requests the deletion of the data, the Data manager shall delete the data in all cases. Deletion can only be denied if it is prohibited by legislation or any official order. If tax payments connected to prizes were involved, tax data will only be deleted, if the duration specified by law has expired.
-
The subject protests against data management. If the subject protests against data management, the Data manager shall delete the connecting data.
-
If illegal data management is confirmed. If the data management is illegal, the Data manager shall delete it in all cases immediately, as soon as the illegal management of data becomes apparent.
-
If the Data manager is legally obligated to delete the data, or the deletion is ordered by the Hungarian National Authority for Data Protection and Freedom of Information. If the deletion is under legal obligation, or it was ordered by court or any legal authority and the judgement is final, the Data manager shall delete the data.
4.6. The management of privacy incidents
Privacy incident is a type of security breach resulting in the accidental or illegal termination, loss, modification or unauthorized publishment or access of the transmitted, stored or, by any means, processed private data. The Data manager shall immediately report the privacy incident to the National Authority for Data Protection and Freedom of Information, unless the privacy incident is unlikely to pose a risk to the subject’s rights and freedom. The Data manager registers privacy incidents and the related measure. In case of a serious incident (it is likely to pose high risk to the rights and freedom of the subject), the Data manager shall notify the subject about the privacy incident without undue delay.
V. THE SUBJECT’S RIGHTS AND THEIR ENFORCEMENT
5.1. The rights of the subject
Information (access): The subject has the right to request information about their data management. During registration, the Data manager informs the subject about data management, and the present Policy is also constantly available for the subject. During the entirety of the data management, the subject is entitled to request for comprehensive information about the management of their data. The subject is allowed to ask the Data manager to provide them with copies of the data.
Correction: The subject can request the Data manager to revise incorrect data, and to complete insufficient information.
Deletion, withdrawal of consent: The subject is entitled to withdraw their consent to data management anytime, and can ask for the deletion of their data. The Data manager shall only deny the request, if the data management is based on legally terms, or the data management is required for presenting, endorsing and protecting legal claims.
Limitations: The subject is entitled to ask for limitations regarding data management in the following cases:
-
if the accuracy of personal data is contested by the subject, the limitations apply to the duration of time needed for the Data manager to examine the accuracy of the data;
-
if the data management is illegal and the subject opposes to the deletion of the data, and requests to limit their usage instead;
-
the data manager does not require the private data for data management, yet the subject requires them to present, endorse and protect legal claims;
-
the subject protested against data management; in this case, the limitations apply to the duration of time needed to determine whether the legitimate reasons of the data manager prevail over the legitimate reasons of the subject.
If data management is limited, this personal data can only be managed, aside from storage, with the subject’s consent, or in the interest of presenting, endorsing and protecting legal claims, as well as to protect the personal rights of a natural or legal entity or in the public interests of the European Union or any of its member states.
Opposition: If data management is based on the endorsement of legitimate interests of the Data manager or a third party, the subject is entitled, in relation to their personal circumstances, to protest against the management of their personal data anytime. In this case, the data manager can no longer manage the personal data, unless the data manager proves that data management is necessary due to compelling legitimate grounds, overriding the interests, rights and freedom of the subject, as well as they are connected to the presentation, endorsement and protection of legal claims. If the management of private data is performed for direct marketing purposes, the subject is allowed to oppose against the management of their private data in that manner.
Data portability: The subject is entitled to receive their personal data in a divided, commonly used, machine-readable format, as well as to forward them to another data manager, on the condition that the data management is automated. The subject is allowed to request the transmission of the personal data to another data manager, if it is technically feasible
5.2. The insurance of the subject’s rights, the management of the subject’s requests
Simultaneously to establishing contact, the Data manager informs the subject about data management. For the request of the subject, the Data manager makes the present Policy available, and publishes it to the website of the Company. The present detailed Policy is available for the subject, and its existence and availability is highlighted by the Data manager. The Data manager also makes the privacy policy informant available, which contains the most crucial data protection rules based on the present Policy.
The subject is allowed to send their application for exercising their rights to the Data manager through any of the contact details defined in point 1.1. The Data manager shall inspect the application immediately, makes a decision about the execution of the request and takes the necessary actions. The Data manager notifies the subject about the actions taken within a month. The notification shall, in all cases, include the actions taken by the Data manager or the requested information. In the event of the Data manager denying the execution of the request (does not takes the necessary actions to fulfill the request), the notification shall include the legal basis and the reason of the refusal, as well as the subject’s possibilities of judicial remedy. The Data manager’s execution of the request is free of charge. If the circumstances of the submission indicate that the request was not applied by the subject, the Data manager can ask the applicant to confirm their eligibility, or to submit the application in an unequivocal manner.
The Data manager shall notify every recipient about the correction, deletion or data limitation, who received the personal data, unless the notification is deemed impossible or it takes a disproportionate effort. Upon their request, the subject shall be notified of these recipients by the Data manager.
5.3. Legal remedy
In the event of violating the subject’s rights, the subject can request the abolition of the illegal data management, and the Data manager is asked to investigate the data management and the refusal of the subject’s application. The Data manager shall investigate such complaints in all cases, and the subject shall be notified about the conclusion of the investigation. The subjects can submit their complaints to the addresses defined in the contact details in point 1.1.
The subject can also directly appeal to the National Authority for Data Protection and Freedom of Information (address: 22/C. Erzsébet Szilágyi Alley, Budapest, 1125.; phone number: +36-1-391-1400; email: ugyfelszolgalat@naih.hu; website: www.naih.hu).
In case of the infringement of their rights, the subject is entitled to bring the case to court. The Data manager shall inform the subject about the courts or authorities with competence to deal with applications, as well as the possibilities of taking judicial action.