The data processing principles of the Service Provider are in accordance with the applicable legislation on data protection:

• REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation).
• Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.
• Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.
• Act C of 2003 on Electronic Communications.
• Act XLVIII of 2008 - on the basic conditions and certain restrictions of economic advertising activities.
• Act LXVI of 1992 on the Registration of Personal Data and Addresses of Citizens (hereinafter Nytv.),
• Act CXIX of 1995 on the processing of name and address data for the purposes of research and direct marketing.
• Act LXXVII of 2013 on Adult Education
• Act V of 2013 on the Civil Code
• and any other legislation containing mandatory applicable data processing provisions.

Data security:

• The Service Provider shall take all organizational and technical measures to ensure the highest level of security of personal data, with particular attention to the prevention of unauthorized alteration, destruction and use of data.
• The Service Provider shall take all necessary measures to ensure data integrity and the accuracy, completeness and up-to-date status of the personal data it handles and/or processes.

• The Service Provider shall take appropriate measures to protect the data, in particular against unauthorised access, alteration, disclosure, disclosure, erasure or destruction.

Data management:

Personal data may be processed if

1. a) with the consent of the data subject; or
2. (b) it is required by law or by an ordinance of a local authority, empowered by law within the scope specified therein. Special categories of data may be processed if the data subject consents in writing or if the processing is ordered by law.

Personal data may be processed only for specified purposes, for the exercise of a right or the performance of an obligation. The processing must comply with this purpose at all stages.

Only personal data which is necessary for the purpose of the processing, which is adequate for the purpose, to the extent and for the duration necessary for the purposes of the processing, may be processed. Personal data may only be processed with informed consent. The data subject shall be informed in a clear, plain and detailed manner of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and processor, the duration of the processing and the persons who may access the data. The information shall also cover the rights and remedies of the data subject with regard to the processing. The personal data processed must comply with the following requirements:

1. (a) their collection and processing must be fair and lawful;
2. (b) accurate, complete and, where necessary, kept up to date;
3. (c) they are stored in a manner which ensures that the data subject can be identified only for the time necessary for the purposes for which they are stored.

The personal data of the data subjects (i.e. data that can be associated with the person of the customer) may be processed by the Service Provider in four ways:

• automatically, in the context of maintaining the Internet connection, the computer, browser program, Internet address, technical data relating to the pages visited, used by the user who visits the website,
• the user can also provide his/her name, contact details or other data if he/she wishes to contact the Service Provider personally when using our website, so that they can be made available to him/her,
• the user may also provide his/her name, contact details and other data in person if he/she wishes to attend or participate in one of our external or open training courses
• by the user's employer in connection with participation in one of our external or open training courses.

The data subject consents to the processing of the data provided by the Service Provider in accordance with the applicable data protection legislation. The Service Provider undertakes to store and process the personal data that comes to its knowledge in accordance with the applicable legal provisions.

The personal data shall retain this quality during the processing for as long as the relationship with the Data Subject can be re-established. The connection with the Data Subject may be restored if the Service Provider has the technical conditions necessary for restoration.

The Service Provider is not entitled to transfer the data to third parties or to make them available in any form.

The legal basis for the processing of data by the Service Provider as described above is, on the one hand, the Info tv. 5.§ (1) a) of the Data Subjects' explicit and voluntary consent to the processing, on the other hand, and the statutory data processing permit for the provision of specific services.

By accepting this Policy, the Data Subject accepts the provisions of this Privacy Policy and Information Notice and consents to the processing of his or her personal data for the purposes, to the extent, in the manner, to the extent and for the duration set out in this Policy.

Information on data processing:

• The User may request information about the processing of his/her personal data by telephone or in writing, and may request the rectification or erasure of his/her personal data in the manner indicated when he/she provided the information or by using the contact details indicated on the contact page.
• At the User's request, the Service Provider shall provide information about the data processed by the Service Provider, the source of the data, the purpose, legal basis and duration of the data processing, however, the Service Provider shall provide the information in writing in an intelligible form within 30 days at the latest.
• The Service Provider shall block the personal data if the User so requests or if, on the basis of the information at its disposal, it can be assumed that the deletion would harm the legitimate interests of the User. Blocked personal data may be processed only for as long as the processing purpose that precluded the deletion of the personal data persists.
• The Service Provider shall delete the personal data,

• if its processing is unlawful,
• the User requests it,
• the processed data is incomplete or inaccurate - and this situation cannot be lawfully remedied - provided that the deletion is not excluded by law, the purpose of the processing has ceased,
• or the statutory time limit for the storage of the data has expired or has been ordered by a court or the National Authority for Data Protection and Freedom of Information.

• The controller has 30 days to delete, block or rectify the personal data. If the Service Provider fails to comply with the User's request for rectification, blocking or erasure, it shall inform the User in writing within 30 days of the reasons for the refusal.
• The Service Provider shall notify the Customer of the rectification, blocking and erasure.

Definitions

GDPR: (General Data Protection Regulation) the new European Union Data Protection Regulation

Data Processing: The performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;

Data processing: Any operation or set of operations which is performed upon data, whatever the method used, in particular any collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data, prevention of their further use, taking of photographs, sound recordings or images and physical features which can be used to identify a person (e.g. fingerprints, palm prints, DNA samples, iris scans);

Data subject: any natural person identified or identifiable, directly or indirectly, by reference to specific personal data, who subscribes to the site's mailing or contact system or who receives training or consultancy services, either personally or through an employer;

Consent of the data subject: a voluntary, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she gives his or her consent to the processing of personal data concerning him or her;

Controller: a natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and executes decisions regarding the processing (including the means used) or has them executed by a processor on its behalf

Data destruction: the total physical destruction of a data medium containing data;

Transfer of data: making data available to a specified third party;

Data erasure: rendering data unrecognisable in such a way that it is no longer possible to recover them;

Data breach: unlawful processing or handling of personal data, in particular unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction, accidental destruction or accidental damage;

User means any natural person, legal entity, unincorporated business or other entity that accesses the Portal and uses its functionalities;

Third Party: a natural or legal person other than the Data Subject, the Controller or the Processor;

Newsletter: a free service provided by the Service Provider through the Portal, whereby the Service Provider sends to the Users who have given their consent, a message on a specific subject, which is also considered as electronic direct marketing and advertising, to the User's e-mail address provided on the Portal;

Consent: a voluntary and explicit expression of the Data Subject's wishes, based on appropriate information, by which he/she gives his/her unambiguous consent to the processing of personal data concerning him/her, either in full or for specific operations;

Special Data: data revealing racial or ethnic origin, membership of a national or ethnic minority, political opinions or political parties, religious or philosophical beliefs, membership of an interest group, health, pathological or sex life, or data concerning a criminal offence.

Disclosure: making data available to anyone;

Portal: the website operated by the Service Provider under the URL;

Personal Data: data that can be associated with the data subject by the processing - in particular the name, email address of the Data Subject.

Service: the services provided by the Service Provider and available to Users, the scope of which the Service Provider, acting at its discretion, is free to define, modify, discontinue certain services, introduce new services, modify existing services at any time. Services include, but are not limited to, the Service Provider's gaming, online administration, newsletter sending services and functions, as well as all other services provided by the Service Provider, whether on a temporary or permanent basis;

Service provider: Sämling Vállalatfejlesztés Kft. 1124 Budapest, Németvölgyi út 64. Tax number: 10595624-2-43, Company registration number: 0109078837

Objection: a statement by the Data Subject objecting to the processing of his/her personal data and requesting the cessation of the processing or the erasure of the processed data.