Barion Pixel

Privacy Policy

The following translation is for information purposes only. The governing Privacy Policy  is the Privacy Policy in Hungarian

INTRODUCTION

STRT Management Kft. (headquarters: 1024 Budapest, Lövőház u. 39. 2. emelet, company registration number: 01-09-427488, registered at the Company Registry Court of Budapest - Capital Regional Court; hereinafter referred to as "STRT Management Kft.", "service provider", "data controller"), as data controller, acknowledges the contents of this information as binding upon itself. It undertakes to ensure that its processing of data relating to its services meets the requirements set out in this notice.

The legal guidelines governing the www.kurtakademia.hu portal are permanently available at /data protection/. STRT Management Kft. reserves the right to modify this information at any time and will inform its audience of any changes in due time. If our users have any questions that are not clear from this notice, please contact us and we will answer them.

STRT Management Kft. is committed to maintaining the highest quality of service. STRT Management Kft. is committed to protecting the personal data of its partners and users, and attaches the utmost importance to respecting the right of information self-determination of its customers. STRT Management Kft. treats personal data confidentially and takes all security, technical and organisational measures to guarantee the security of the data.

STRT Management Kft. sets out below its data management principles and the expectations it has set for itself as a data controller and which it complies with. Its data management principles are in accordance with the applicable data protection legislation, in particular the following:

- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as the Data Protection Act);

- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (hereinafter referred to as the Regulation);

- Act LXVI of 1992 - on the registration of personal data and addresses of citizens;

- Act CXIX of 1995 on the processing of name and address data for the purposes of research and direct marketing (DM Act);

- Act CVIII of 2001 - on certain aspects of electronic commerce services and information society services;

- Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions on Commercial Advertising Activities (Act XLVIII of 2008)

2. DEFINITIONS

2.1. data subject: any specified natural person who is identified or identifiable, directly or indirectly, on the basis of personal data;

2.2. personal data: data which can be associated with the data subject, in particular the name, the identification mark and one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the data subject, and the inference which can be drawn from the data concerning the data subject;

2.3. consent: a freely given and freely given indication of the data subject's wishes, based on adequate information, by which he or she signifies his or her unambiguous agreement to the processing of personal data relating to him or her, whether in full or in part;

2.4. objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the processed data;

2.5. controller: the natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are processed, takes and implements decisions regarding the processing (including the means used) or has the data processed by a processor;

2.6. data processing: whatever the method used, any operation or set of operations which is performed upon the data, in particular any collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data, prevention of further use, taking of photographs, sound recordings or images, or any other physical means of identification of a person (e.g. fingerprints, palm prints, DNA samples, iris scans);

2.7. transfer: when the data are made available to a specified third party;

2.8. disclosure: where the data are made available to any person;

2.9. erasure: rendering data unrecognisable in such a way that it is no longer possible to retrieve it;

2.10. 'data blocking' means the marking of data with an identification mark in order to limit their further processing permanently or for a limited period of time;

2.11. 'data destruction' means the total physical destruction of a data medium containing data;

2.12. 'data processing' means the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;

2.13. data processor: a natural or legal person or unincorporated body which processes data on the basis of a contract, including a contract concluded pursuant to a legal provision. The data processor is also the service provider operating the website of STRT Management Kft. and the staff of the service provider performing or supporting online marketing activities;

2.14. third party: any natural or legal person or unincorporated organisation other than the data subject, the controller or the processor;

2.15. third country: any country which is not a member of the European Economic Area.

2.16. Cookie: a text file of no more than 4 kilobytes in size that is stored on our computer by the Internet browser software of the servers we visit. Its function is to make surfing more convenient by allowing us to store various personal data, passwords, etc. It can be used to personalise websites and, knowing your surfing history, to target advertising campaigns.

3. PRINCIPLES OF DATA MANAGEMENT BY STRT MANAGEMENT KFT.

3.1,

if

a) with the consent of the data subject, or

b) it is ordered by law or, on the basis of a statutory authorisation and within the scope specified therein, by a decree of a local authority for a purpose in the public interest.

The consent or subsequent approval of the legal representative of a minor aged 16 or over is not required for the validity of a declaration of consent by the minor concerned.

3.2. The processing must comply with this purpose at all stages and the collection and processing of data must be fair and lawful. Only personal data which is necessary for the purpose of the processing, adequate for the purpose, limited in scope and for the time necessary for the purposes for which it is processed may be processed.

3.3 Personal data may only be processed with appropriate informed consent. The data subject must be informed, in a clear, plain and detailed manner, of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and processor, the duration of the processing and the persons who may access the data. The information shall also cover the rights and remedies of the data subject with regard to the processing.

4. STRT MANAGEMENT KFT. DATA PROCESSING RULES

4.1:

a) The legal basis for data processing may be your informed consent in accordance with Article 5(1)(a) of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as the "Data Protection Act") and Article 6(1)(a) of the Regulation. Your consent is voluntary. By giving your consent, you agree that STRT Management Kft. may process personal data concerning you, including images of you (hereinafter collectively referred to as "Data"), for the purposes specified in advance, in particular to collect, record, store, use or delete the Data, in accordance with the provisions of this Privacy Policy.

(b) Some processing may be necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into a contract (Article 6(1)(c) of the Regulation).

(c) Certain processing operations are based on the fulfilment of a legal obligation to which the controller is subject (Article 6(1)(c) of the Regulation). For such processing operations, the controller does not seek your consent because the processing is necessary for compliance with a binding legal obligation to which the controller is subject.

If you wish to request the deletion of your data, please send your request to the following email address: info@strt.hu

In the case of processing based on the data subject's consent, the data subject shall give his or her consent to the processing of his or her personal data by electronic means, by sending an e-mail to STRT Management Kft. / on its website, by checking a box, or by making the relevant technical settings when using information society services, as well as by any other statement or action that unambiguously indicates the data subject's consent to the intended processing of personal data in the given context.

Silence, ticking a box or inaction does not constitute consent.

Consent covers all processing activities carried out for the same purpose or purposes. If the processing serves more than one purpose at the same time, the consent shall be obtained for all processing purposes by STRT Management Kft. Where the data subject gives his or her consent following an electronic request by STRT Management Kft., the request by STRT Management Kft. must in any case be clear, concise and not unnecessarily restrict the use of the service for which STRT Management Kft. is seeking consent.

The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of the processing based on consent prior to its withdrawal. Before giving consent, the data subject shall be informed thereof by STRT Management Kft. STRT Management Kft. shall make it possible to withdraw consent in the same simple manner as it is made possible to give it.

If the personal data have been collected with the consent of the data subject, STRT Management Kft. may process the collected data for the purpose of fulfilling a legal obligation to which the data subject is subject, unless otherwise provided by law, without further specific consent and even after the withdrawal of the data subject's consent.

4.2 Identity of the Data Controller and Data Processor:

The Data is processed by STRT Management Kft. as the Data Controller.

4.3 Duration of processing:

The processing of the Data shall last for an indefinite period of time, but not longer than until you prohibit the use of the Data for the purpose of the processing or you request the termination of the processing of the Data.

4.4 Persons having access to the Data:

The employees and the respective representatives of STRT Management Kft. authorised to register companies are entitled to access the Data.

5. DATA SUBJECTS' RIGHTS:

5.1. Right to information

5.1.1.1 The data subject has the right to be informed by STRT Management Kft. of the information related to the processing of his/her data before the start of the activity concerning the processing of his/her data.

5.1.2:

- the name and contact details of STRT Management Kft. and its representative;

- the purposes for which the personal data are intended to be processed and the legal basis for the processing;

- in the case of processing based on legitimate interests, an indication of the legitimate interests of STRT Management Kft. or a third party;

- where applicable, the recipients or categories of recipients of the personal data;

- the fact if STRT Management Kft. intends to transfer the personal data to a third country or an international organisation

5.1.3 In addition to the information referred to in point 5.1.2, STRT Management Kft. shall, at the time of obtaining the personal data, in order to ensure fair and transparent processing, provide the data subject with the following additional information:

- the duration of the storage of the personal data or, if this is not possible, the criteria for determining this duration;

- the right of the data subject to request access to, rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data, as well as the right to data portability;

- in the case of processing based on the data subject's consent, the right to withdraw consent at any time without prejudice to the lawfulness of the processing carried out on the basis of consent prior to its withdrawal;

- the right to lodge a complaint with a supervisory authority;

- whether the provision of the personal data is based on a legal or contractual obligation or is a precondition for the conclusion of a contract, whether the data subject is under an obligation to provide the personal data and the possible consequences of not providing the data;

- the fact of the automated decision-making, including profiling, referred to in Article 22(1) and (4) of the Regulation and, at least in these cases, clear information on the logic used and the significance of such processing and its likely consequences for the data subject.

5.1.4 If STRT Management Kft. intends to carry out further processing of personal data for purposes other than those for which they were obtained, it shall inform the data subject of that other purpose and of any relevant additional information referred to in points 1.2 and 1.3 prior to the further processing.

5.2 Right of access of the data subject

5.2.1 The data subject has the right to obtain from STRT Management Kft. feedback as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access the personal data and the following information (Article 15 of the Regulation):

- the purposes of the processing;

- the categories of personal data concerned;

- the recipients or categories of recipients to whom or with whom the personal data have been or will be disclosed by STRT Management Kft. including, in particular, recipients in third countries or international organisations;

- where applicable, the envisaged period of storage of the personal data or, if this is not possible, the criteria for determining that period;

- the data subject's right to obtain from STRT Management Kft. the rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data;

- the right to lodge a complaint with a supervisory authority;

- if the data have not been collected by STRT Management Kft. from the data subject, any available information on their source;

- the fact of automated processing referred to in Article 22(1) and (4) of the Regulation, including profiling, and, at least in these cases, clear information on the logic used and the significance of such processing and its likely consequences for the data subject.

5.2.2 Where personal data are transferred to a third country or an international organisation, the data subject shall have the right to be informed of the appropriate safeguards for the transfer in accordance with Article 46.

5.2.3. For additional copies requested by the data subject, STRT Management Kft. may charge a reasonable fee based on administrative costs. If the data subject has submitted the request by electronic means, the information shall be provided by STRT Management Kft. in a commonly used electronic format, unless the data subject requests otherwise.

5.3. Right to rectification

5.3.1 The data subject has the right to have inaccurate personal data concerning him or her corrected by STRT Management Kft. without undue delay upon request.

5.4 Right to erasure ("right to be forgotten")

5.4.1 The data subject shall have the right to have personal data concerning him or her erased by STRT Management Kft. without undue delay upon his or her request, and STRT Management Kft. shall be obliged to erase personal data concerning him or her without undue delay if:

- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed by STRT Management Kft.;

- the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;

- the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

- the personal data have been unlawfully processed by STRT Management Kft.;

- the personal data must be erased in order to comply with a legal obligation under EU or Member State law applicable to STRT Management Kft.;

- the personal data were collected in connection with the provision of information society services referred to in Article 8(1) of the Regulation.

5.4.2 The right to erasure may not be exercised if the processing is necessary:

◦ for the exercise of the right to freedom of expression and information;

◦ to comply with an obligation under EU or Hungarian law applicable to STRT Management Kft. that requires the processing of personal data, or for reasons of public interest;

◦ in the public interest in the field of public health;

◦ for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes, where the right of erasure would be likely to render impossible or seriously jeopardise such processing; or

◦ for the establishment, exercise or defence of legal claims.

5.5 Right to restriction of processing

5.5.1 Where processing is restricted, such personal data, with the exception of storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.

5.5.2 The data subject shall be entitled to have the data processing restricted by STRT Management Kft. at his or her request if one of the following conditions is met:

◦ the data subject contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow STRT Management Kft. to verify the accuracy of the personal data;

◦ the processing by STRT Management Kft. is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;

◦ STRT Management Kft. no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or

◦ the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is established whether the legitimate grounds of STRT Management Kft. prevail over the legitimate grounds of the data subject.

5.5.3.

5.6. Obligation to notify the rectification or erasure of personal data or the restriction of processing

5.6.1. STRT Management Kft.. will inform any recipient of the rectification, erasure or restriction of processing to whom or with which the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort.

5.7 Right to data portability

5.7.1 The data subject shall have the right to receive personal data concerning him or her which he or she has provided to STRT Management Kft. in a structured, commonly used, machine-readable format, and the right to transmit such data to another controller without hindrance by STRT Management Kft. if:

◦ the processing is based on consent or a contract; and

◦ the processing is carried out by automated means.

5.7.3. The exercise of the right to data portability shall be without prejudice to Article 17 of the Regulation (right to erasure). The right to data portability shall not apply where the processing is in the public interest. This right must not adversely affect the rights and freedoms of others.

5.8. The right to object

5.8.1 The data subject has the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data carried out in the exercise of official authority or in the public interest, or to processing necessary for the purposes of the legitimate interests pursued by STRT Management Kft. or by a third party (processing based on Article 6(1)(e) or (f) of the Regulation), including profiling based on the aforementioned provisions. In such a case, STRT Management Kft. may no longer process the personal data, unless STRT Management Kft. proves that the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the data subject or are related to the establishment, exercise or defence of legal claims.

5.8.2. Where personal data are processed by STRT Management Kft. for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such purposes, including profiling, insofar as it relates to direct marketing. If the data subject objects to the processing of personal data for direct marketing purposes, the personal data will no longer be processed for these purposes by STRT Management Kft.

5.8.3. The right referred to in points 5.8.1. and 5.8.2. shall be explicitly drawn to the attention of STRT Management Kft. at the latest at the time of the first contact with the data subject, separately from any other information.

5.8.4. The data subject may also exercise the right to object by automated means based on technical specifications.

5.8.5. Where personal data are processed for scientific and historical research purposes or statistical purposes pursuant to Article 89(1) of the Regulation, the data subject shall have the right to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

5.9 Right not to be subject to automated decision-making

5.9.1 The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

5.9.2 Clause 5.9.1 does not apply where the decision:

◦ necessary for the conclusion or performance of a contract between the data subject and STRT Management Kft.;

◦ it is permitted by Union or Hungarian law applicable to the controller, which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or

5.9.3. is based on the explicit consent of the data subject.

5.9.3 In the cases referred to in points 5.9.2(a) and (c), STRT Management Kft. shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including ensuring that the data subject may request human intervention by STRT Management Kft., express his or her views and object to the decision.

5.9.4 The decisions referred to in point 5.9.2 shall not be based on the special categories of personal data referred to in Article 9(1) of the Regulation, unless Article 9(2)(a) or (g) applies and appropriate measures have been taken to safeguard the rights, freedoms and legitimate interests of the data subject.

5.10. Right of the data subject to lodge a complaint and seek redress

5.10.1 Right to lodge a complaint with the supervisory authority: the data subject has the right to lodge a complaint with the supervisory authority under Article 77 of the Regulation if the data subject considers that the processing of personal data relating to him or her infringes the Regulation. The supervisory authority with which the complaint has been lodged is obliged to inform the data subject of the procedural developments and the outcome of the complaint, including the right to judicial remedy under Article 78 of the Regulation.

The right to lodge a complaint can be exercised by the data subject using the following contact details:

National Authority for Data Protection and Freedom of Information.

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.

Phone: +36 (1) 391-1400;

Fax: +36 (1) 391-1410

Website: http://www.naih.hu

e-mail: ugyfelszolgalat@naih.hu

5.10.2 Right to an effective judicial remedy against the supervisory authority: without prejudice to other administrative or non-judicial remedies, all natural and legal persons have the right to an effective judicial remedy against a legally binding decision of the supervisory authority concerning them. Without prejudice to any other administrative or non-judicial remedy, any person concerned shall have the right to an effective judicial remedy if the competent supervisory authority does not deal with the complaint or does not inform the person concerned within three months of the procedural developments concerning the complaint lodged under Article 77 of the Regulation or of the outcome of the complaint. Proceedings against the supervisory authority shall be brought before the courts of the Member State in which the supervisory authority is established.

5.11. Information about the data breach

5.11.1 If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, STRT Management Kft. shall inform the data subject of the personal data breach without undue delay.

5.11.2. In the information provided to the data subject referred to in point 5.11.1, STRT Management Kft. shall clearly and plainly describe the nature of the personal data breach and shall at least provide the following information:

◦ the name of the Data Protection Officer or other contact person who will provide further information;

◦ the likely consequences of the personal data breach;

◦ the measures taken or envisaged by STRT Management Kft. to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of the personal data breach.

5.11.3 The data subject shall not be informed by STRT Management Kft. if any of the following conditions are met:

◦ STRT Management Kft. has implemented appropriate technical and organisational protection measures and has applied those measures to the data affected by the personal data breach, in particular measures, such as the use of encryption, which render the data unintelligible to persons not authorised to access the personal data;

◦ STRT Management Kft. has taken additional measures following the data breach to ensure that the rights and freedoms of the data subject are not violated.

◦ freedoms referred to in point 11.1 are no longer likely to materialise;

the provision of information would require a disproportionate effort. In such cases, the data subject shall be informed by STRT Management Kft. by means of publicly disclosed information or by taking similar measures to ensure that the data subject is informed in a similarly effective manner.

5.12. Procedure to be followed in the event of a request by the data subject

5.12.1. STRT Management Kft. shall facilitate the exercise of the rights of the data subject and shall not refuse to comply with a request to exercise the rights of the data subject, including those set out in this Policy, unless it proves that it is not possible to identify the data subject.

The data subject may send any request or query regarding the processing to the following address:

◦ by post to the following address: 1024 Budapest, Lövőház u. 39. 2. emelet

◦ electronically to info@strt.hu

STRT Management Kft. will send its reply without delay, but within 30 days at the latest, to the address specified by the data subject.

5.12.2 STRT Management Kft. shall inform the data subject of the measures taken in response to the request without undue delay, but in any event within one month of receipt of the request. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months. STRT Management Kft. shall inform the person concerned of the extension of the time limit within one month of receipt of the request, stating the reasons for the delay.

5.12.3 If the data subject has submitted the request by electronic means, the information shall be provided by STRT Management Kft. electronically, unless the data subject requests otherwise.

5.12.4 If STRT Management Kft. does not take action on the request of the data subject, it shall inform the data subject without delay, but at the latest within one month of receipt of the request, of the reasons for the failure to take action and of the possibility for the data subject to lodge a complaint with the supervisory authority and to exercise his or her right of judicial remedy.

5.12.5 STRT Management Kft. shall provide the data subject free of charge with the information detailed in Articles 13 and 14 of the Regulation and the information and measures provided for in Articles 15 to 22 and 34 of the Regulation (feedback on the processing of personal data, access to the processed data, rectification, integration, erasure, restriction of processing, data portability, objection to processing, notification of a personal data breach).

5.12.6 If the data subject's request is manifestly unfounded or excessive, in particular because of its repetitive nature, STRT Management Kft. may, taking into account the administrative costs of providing the requested information or taking the requested action, charge a fee of HUF 5,000 or refuse to take action on the basis of the request.

The burden of proving that the request is manifestly unfounded or excessive shall lie with STRT Management Kft.

If STRT Management Kft. has reasonable doubts as to the identity of the natural person submitting the request pursuant to Articles 15-21 of the Regulation, it may request further information necessary to confirm the identity of the person concerned.***

6. THE PURPOSES FOR WHICH THE DATA ARE PROCESSED:

A.) EVENT AND OPEN DAY REGISTRATION

sending informative and promotional offers by e-mail and post concerning the training courses available. Open Day registration is periodically available by registering on www.kurtakademia.hu. The personal data provided at the time of registration are indispensable for contact purposes and for sending information and offers related to the training courses, due to the nature of the mailing. By registering for an open day or other event, you agree that STRT Management Kft. may take photographs of you during the open day or event and use them as part of its educational and promotional material, without remuneration, for an indefinite period of time, without territorial limitation, in any way it chooses (including, in particular, in Internet advertising, print media, other promotional material), publish them and distribute them in any number of copies.

The legal basis for such processing is your explicit consent.

If you no longer wish to receive informational and promotional offers from STRT Management Kft. you can unsubscribe from the newsletter by clicking on the link in the footer of the newsletter and by sending an e-mail to info@strt.hu.

Please note that the applicant is responsible for the accuracy of the personal data provided. If you provide false data or personal data of another person, you may suffer damage and may be subject to civil, criminal and criminal liability proceedings.

Event and Open Day Registration Registration Registration Number: 03716-0002

B.) APPLICATION FOR TRAINING

You can apply for training courses on the website www.kurtakademia.hu under APPLY. To apply, you will be asked to provide some personal information (e.g. name, address, telephone number, e-mail address, highest level of education, etc.). You may also be required to upload a CV. The personal data provided at the time of application are indispensable for contacting you and for sending you information and offers relating to the training, given the nature of the mailing, for preparing the interview and for completing the training.

The legal basis for the processing is the performance of a contract to which the data subject is a party or the taking of steps prior to the conclusion of the contract.

From time to time, STRT Management Kft. sends informative and promotional offers concerning the available training courses to the persons applying for the training courses by e-mail or post.

By registering for the training, you agree that STRT Management Kft. may take photographs of you as part of the training and use them as part of its educational and promotional materials, without remuneration, for an indefinite period of time, without territorial limitation, in any way (including, without limitation, in Internet advertising, print media, other advertising materials), publish them and distribute them in any number of copies.

The legal basis for processing in such cases is your explicit consent.

If you no longer wish to receive informational and promotional offers from STRT Management Kft. you can unsubscribe from the newsletter by clicking on the link in the footer of the newsletter and by sending an e-mail to info@strt.hu.

Please note that the applicant is responsible for the authenticity of the personal data provided. If you provide false data or personal data of another person, you may suffer damage and may be subject to civil, criminal and criminal liability proceedings.

Registration number of the training application: 03716-0001

C.) SUBSCRIBE TO THE NEWSLETTER

You can subscribe to the newsletter at www.kurtakademia.hu. In the form, the user can select the courses of interest, so that he/she will receive only their news in the form of informative and promotional offers by e-mail. The data provided for registration are essential for contact purposes and for sending information and offers on the training courses, given the nature of the mailing.

If you no longer wish to receive informative and promotional offers from STRT Management Kft., you can unsubscribe here in the footer of the newsletter sent out by clicking on "If you no longer wish to receive information about our latest events, you can unsubscribe here." you can unsubscribe from the newsletter by clicking on the link in the footer of the newsletter and by sending an e-mail to info@strt.hu.

Please note that the applicant is responsible for the authenticity of the personal data provided. If you provide false data or personal data of another person, you may suffer damage and may be subject to civil, criminal and criminal liability proceedings.

The legal basis for the processing is the consent of the data subject, which he or she gives by ticking the box next to the text "Subscribe to our newsletter" on the STRT Management Kft. website after being informed about the processing of his or her data.

The scope of the personal data processed: the name and e-mail address of the natural person.

Purpose of the processing of personal data: to inform the data subject about the services and products of STRT Management Kft., changes in them, news and events.

The recipients or categories of recipients of personal data: the manager of STRT Management Kft., employees performing customer service and marketing tasks, employees of the service provider operating the website of STRT Management Kft. as data processors.

Duration of the storage of personal data: until the newsletter service is maintained or the consent of the data subject is withdrawn. The newsletter can be unsubscribed at any time by clicking on the link in the footer of the e-mails sent to the data subject or by a written declaration or e-mail, which constitutes withdrawal of consent. In such a case, all data of the data subject will be deleted immediately by STRT Management Kft.

D.) DATA MANAGEMENT IN CONNECTION WITH ORDINANCES, OFFERS, CONTACT USE STRT MANAGEMENT KFT. WEBSITE

In order to use certain services available on the website (ordering, requesting an offer) and to contact us, the data subject must voluntarily provide personal data. Accordingly, sending an order or request for a quotation to STRT Management Kft. or providing data when contacting the company implies voluntary acceptance of the provisions of this Policy and consent to data processing.

The legal basis for data processing is the consent of the data subject based on his/her voluntary data provision, which the data subject gives on the STRT Management Kft. website by ticking the box next to the text Order / Request for Proposal Contact after being informed about the processing of his/her data.

The data subject is any natural person who gives his/her consent to the processing of his/her personal data on the website of STRT Management Kft.

The scope of the data processed: name, e-mail address, telephone number of the natural person.

Purpose of the processing of personal data: to provide services on the website, to place an order, to request an offer, to contact the person concerned in preparation for the conclusion of a contract or for any other purpose, such as providing information about STRT Management Kft. products, services, terms and conditions, promotions.

Recipients and categories of recipients of personal data: the manager of STRT Management Kft., employees performing customer service and marketing tasks, employees of the service provider operating the website of STRT Management Kft. as data processors.

Duration of the storage of personal data: until the order or request is fulfilled or until the data subject's consent is withdrawn (deletion at the request of the data subject).

E.) DATA PROCESSING IN CONNECTION WITH DIRECT MARKETING ACTIVITIES

The legal basis for STRT Management Kft.'s processing of data for direct marketing purposes is the data subject's consent, which is clear and explicit. The data subject gives his or her unambiguous, explicit prior consent by ticking the box next to the text "consent to direct marketing" on the STRT Management Kft. website or by providing information on the processing of his or her data in the relevant contract of employment.

The data subject is any natural person who gives his or her explicit and unambiguous consent to the processing of his or her personal data by the Company for direct marketing purposes.

The purpose of the processing of personal data is to carry out direct marketing activities related to the activity of STRT Management Kft., i.e. sending advertising publications, newsletters, current offers in printed (postal) or electronic form (e-mail), on a regular or periodic basis, to the contact details provided at the time of registration or contract conclusion.

Recipients or categories of recipients of personal data: the manager of STRT Management Kft., employees performing customer service and marketing tasks on the basis of their job function, employees of service providers operating the website of STRT Management Kft. as data processors.

The personal data processed include the name, address, telephone number and e-mail address of the natural person.

Duration of processing: until the data subject withdraws the processing of personal data for direct marketing purposes.

F.) TRANSFER OF DATA TO THE REGISTER OF ADULT EDUCATION KEPT BY THE STATE ADULT EDUCATION ADMINISTRATION

STRT Management Kft. will transfer the data provided by you in relation to the training provided by the STRT Management Kft. and which are essential for the compulsory registration and data provision by the STRT Management Kft. in the adult education system to the adult education state administration body, in the so-called FAR system maintained by the latter.

The data subjects are all natural persons who participate in training courses organised by STRT Management Kft.

The purpose of the processing of personal data is to fulfil the legal obligation applicable to STRT Management Kft.

Legal basis for the processing: to fulfil a legal obligation imposed on the controller (Article 6(1)(c) of the Regulation).

Recipient of the personal data: The Metropolitan Government Office as the state administration body for adult education

Scope of the personal data processed: the data content required by the applicable legislation to be transmitted by the training provider.

7. OTHER RULES RELATING TO INTERNET USE

7.1. INFORMATION ABOUT VISITORS TO THE WEBSITE

Anyone can visit the website without providing any personal data. During visits to the / website, a small file called a "cookie" (hereinafter referred to collectively as "Cookie") is stored on the user's computer (or other Internet-enabled device such as a smart phone or tablet), through which the user's browser will be uniquely identified, provided that the user has given his/her explicit (active) consent to this by continuing to browse the website after being clearly and unambiguously informed. By accessing (browsing) the website, the data subject gives his or her consent to the processing and recording by STRT Management Kft. of information that does not constitute personal data. Information of a technical nature, from which the person concerned cannot be identified, is not considered personal data and is therefore not subject to the Info Act. This information includes, in particular, the IP address, the time of the visit to the / website, the type of operating system of the computer, the address of another website that directed the data subject to the / website, etc. This information - which is not personal data - is processed in automated form for statistical and development purposes and for the purpose of Google and Facebook marketing and remarketing campaigns, for a maximum period of 60 days after the visit.

Cookies are essential for the proper functioning of the website and collect information about the use of the website in order to improve the user experience, i.e. to make the site more convenient and useful. Some Cookies are only stored temporarily (they are created until the browser is closed), while other Cookies remain on your computer for a longer period of time.

Data processed during a visit to the website: / When using the website, the following data is recorded and processed about the visitor and the device used for browsing: the IP address used by the visitor, the type of browser, the operating system characteristics of the device used for browsing (language set), the time of the visit, the (sub)page, function or service visited, clicks. The cookies used on this website do not store any personally identifiable information, and STRT Management Kft. does not process any personal data in this context.

By using the / website, the user gives his/her consent to the use of cookies by the website as described in this section 1. By default, most internet browsers are set to allow the storage of cookies without any user intervention and/or indication. If the user does not agree to the use of Cookies, he/she should configure his/her browser accordingly. The user can change the default browser settings to block cookies or to request a warning about which cookies are used by the website visited. For more information or to change the settings, the user can consult the browser's help section.

7.2. DATA COLLECTION FROM EXTERNAL SERVICE PROVIDERS ON THE WEBSITE

The html code of the website www.kurtakademia.hu may contain links from and to external servers independent of STRT Management Kft. The external server helps to independently audit the website for traffic and other web analytics data. The web analytics service provider is not entitled to process personal data on behalf of STRT Management Kft. Currently, the web analytics service is provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043) as part of its Google Analytics service. Info: www.google.com.

Online credit card payments are made through Barion's system. Credit card information is not passed to the merchant. The service provider Barion Payment Zrt. is an institution supervised by the National Bank of Hungary, licence number H-EN-I-1064/2013.

8. DATA SECURITY MEASURES

8.1 STRT Management Kft. may process personal data only in connection with the activities set out in this Policy and only for the purposes for which the data is processed.

8.2. STRT Management Kft. takes care of the security of data, in this context it undertakes to take all technical and organisational measures that are indispensable for the enforcement of the legislation on data security, data protection and confidentiality rules, and to establish the procedural rules necessary for the enforcement of the above-mentioned legislation.

8.3 STRT Management Kft. shall take appropriate measures to protect data against accidental or unlawful destruction, loss, alteration, transmission, damage, unauthorised disclosure or access, and against inaccessibility due to changes in the technology used. The technical and organisational measures to be implemented by STRT Management Kft.:

◦ pseudonymisation and encryption of personal data;

◦ ensuring the continued confidentiality, integrity, availability and resilience of the systems and services used to process personal data;

◦ in the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner;

◦ the use of a procedure to test, assess and evaluate regularly the effectiveness of the technical and organisational measures taken to ensure the security of data processing.

8.4. STRT Management Kft. shall ensure that personal data processed by it may only be accessed by employees or persons acting on behalf of STRT Management Kft. who have a genuine need to know them in order to perform their duties.

8.5. STRT Management Kft. stores personal data provided in the course of each data management activity separately from other data, with the understanding that, in accordance with the above provision, only employees with the appropriate access rights may have access to the separate data files.

8.6 STRT Management Kft. classifies personal data as confidential and treats them as such. Employees who handle personal data in the course of their duties are bound by confidentiality obligations regarding the handling of personal data. Access to personal data is restricted by STRT Management Kft. by granting levels of authorisation.

8.7 STRT Management Kft. shall take the following necessary measures to ensure the security of its IT records:

◦ It shall provide the data files it manages with permanent protection against computer viruses (real-time virus protection software).

◦ Ensure the physical protection of the hardware assets of the IT system, including protection against elementary damage,

◦ Ensure the protection of the IT system against unauthorised access, both software and hardware,

◦ Take all measures necessary for the recovery of data files, perform regular back-ups and implement separate and secure management of back-ups.

8.8 STRT Management Kft. shall take the necessary measures to protect the paper records, in particular with regard to physical security and fire protection. The management, employees and other persons acting on behalf of STRT Management Kft. shall keep secure and protect the data media containing personal data which they use or have in their possession, irrespective of the way in which the data are recorded, against unauthorised access, alteration, disclosure, disclosure, deletion or destruction, as well as against accidental destruction or damage.

8.9 STRT Management Kft. shall ensure that when processing personal data by automated means:

◦ the prevention of unauthorised data input;

◦ the prevention of the use of automated data processing systems by unauthorised persons using data transmission equipment;

◦ the verifiability and ascertainability of the bodies to which personal data have been or may be transmitted by means of a data transmission installation;

◦ the verifiability and ascertainability of which personal data have been introduced into automated data-processing systems, when and by whom;

◦ the recoverability of the installed systems in the event of a failure and

◦ that errors in automated processing are reported.

8.10. STRT Management Kft. shall ensure the control of incoming and outgoing electronic communications in order to protect personal data.

8.11. STRT Management Kft. does not allow the sharing of personal data processed by STRT Management Kft. on the Internet, as well as the visiting of sites offering file downloading, gaming, chat, sexual services. The use of unauthorised programs obtained from external sources or downloaded from external sources is also prohibited.

8.12. Only authorised employees have access to documents in the course of ongoing work or processing, and STRT Management Kft. ensures that documents containing personnel, payroll, employment and other personal data are kept securely locked. STRT Management Kft. shall ensure adequate physical protection of the data, the media on which they are stored, the hardware of the IT system and the documents.

9. HANDLING DATA BREACHES

9.1 A data breach is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed; (Article 4(12) of the Regulation)

9.2 A data protection incident is the loss of a device (laptop, mobile phone) containing personal data, unsecure storage of personal data (e.g. employment papers thrown in the trash); unsecure transmission of data, unauthorised copying, transmission, disclosure of customer and customer partner lists, attack on the IT system, e-mail containing personal data sent in error.

9.3. Handling and remediation of data protection incidents

9.3.1. The prevention and handling of data protection incidents and compliance with the relevant legal requirements is the responsibility of the senior officer of STRT Management Kft.

9.3.2 In case of detection of a data protection incident, the STRT Management Kft. In this context, STRT Management Kft. shall investigate and determine:

◦ the time and place of the occurrence of the incident,

◦ the description, circumstances and effects of the incident,

◦ the scope and the number of data compromised during the incident,

◦ the number of persons affected by the compromised data,

◦ a description of the measures taken to remedy the incident,

◦ a description of the measures taken to prevent, remediate and mitigate the damage.

9.3.2 In the event of a data breach, STRT Management Kft. shall contain and isolate the systems, persons and data concerned and shall ensure the collection and preservation of evidence supporting the occurrence of the breach. STRT Management Kft. will then begin to repair the damage and restore lawful operations.

9.3.3. STRT Management Kft. shall notify the data protection incident to the competent supervisory authority without undue delay and, if possible, no later than 72 hours after the data protection incident has come to its attention, unless the data protection incident is unlikely to pose a risk to the rights and freedoms of natural persons.

9.4. Recording of data breaches

9.4.1:

◦ the scope of the personal data concerned,

◦ the scope and number of persons affected by the personal data breach,

◦ the date of the personal data breach,

◦ the circumstances and effects of the personal data breach,

◦ the measures taken to remedy the personal data breach,

◦ other data specified in the legislation requiring the processing.

9.4.2. shall keep the records of the data protection records concerning the data protection records of the Data Protection Academy shall be kept for 5 years.

10. CHANGE THE CONTENT OF THE WEBSITE AND THE PRIVACY NOTICE

STRT Management Kft. expressly reserves the right to unilaterally change the content of its website and this Privacy Policy at any time without limitation or notice, and to terminate or suspend any service.

STRT Management Kft.