Privacy Policy

Vintage Office Kft.

Effective as of: 25 May 2018

  1. Introduction, material scope

Vintage Office Kft., as Controller, is committed to adhere to the effective data protection regulations and to maintain the legality of data processing. In compliance with the relevant provisions of the GDPR, the current Privacy Policy clearly and transparently details the data processing activities of the Controller. The scope of the current Privacy Policy covers data transmission through the websites operated by the Controller, and personal data transmission to the Controller via a training contract or other legal transaction.

  1. Definitions

Controller: Vintage Office Üzletviteli Tanácsadó Kft. (Vintage Office Business Consultancy Ltd.), for detailed information see Point III.

Processed data: Full set of data collected and managed by the Controller.

Data Subject: The natural person whose personal data are processed by the Controller.

Personal data: Any information relating to an identified or identifiable natural person (“Data Subject”).

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation).

III. Data and contact information of the Controller

Company name: Vintage Office Üzletviteli Tanácsadó Kft. (Vintage Office Business Consultancy Ltd.)

Registered seat: 1012 Budapest, Várfok str. 7, 2nd floor Apt. 4.

Company registration number: 01-09-304268

Registry authority: Company Registry Court of Budapest

E-mail: vintageofficebudapest@gmail.com

Controller represented by: Erika Besnyi

  1. Legal basis and rules of processing
  2. The Data Subject provides personal data for the Controller either via the websites operated by the Controller or via an oral or written contract between the Controller and Data Subject. The Controller performs data processing in full compliance with the rules and principles defined in the GDPR with special regard to Article 32 of the GDPR. The period for which the personal data are processed is 5 (five) years from the transfer of personal data, or the closing date of the training course.
  3. The websites operated by the Controller:

https://www.vintageakademia.hu/

http://www.vintageoffice.hu/

  1. Visitors to the websites operated by the Controller may give their name, e-mail address and telephone number from their personal data, additional data that constitute personal data can be entered in freely editable fields on the sites. By accepting the Privacy Policy and clicking on the application and/or registration surface, the Data Subject consents to the processing of their personal data by the Controller (freely given consent to data processing). The Controller processes the personal data exclusively for the purpose of contacting the Data Subject in order to answer their questions, to support the application to the selected training and to assist contracting.
  2. The Data Subject can transfer their personal data by contract with the Controller, by application form or complaint form. The personal data transferable by the above documents are as follows:
  3. a) name;
  4. b) birth name;
  5. c) mother’s name;
  6. d) place and date of birth;
  7. e) residence address, correspondence address;
  8. f) nationality;
  9. g) social security number;
  10. h) other personal data received by the Controller during the training programme arising from the nature of such activity.

 

By signing the documents listed in this section the Data Subject consents to the processing of their personal data by the Controller (freely given consent to data processing) for the purposes specified in the document. The Controller informs the Data Subject that in the absence of such consent certain parts of the training contract cannot be performed, the consent to personal data processing is a prerequisite for executing training contracts. The Controller informs the Data Subject that processed personal data are transferred exclusively to the authority(ies) having supervisory powers over the training, including the data transfer for issuing certificates. In accordance with Article 7 of the GDPR the Controller informs the Data Subject that the consent to data processing can at any time be withdrawn in writing, however, data processing prior to the withdrawal remains legitimate.

  1. The information technology systems of the Controller are located at their registered seat. The Controller protects the processed personal data by reasonable appropriate measures, specifically from unauthorised access, alteration, transfer, disclosure, deletion or destruction, and inaccessibility. Taking into account the state of the art, the Controller shall implement appropriate technical measures to ensure a level of security appropriate to the risks presented by data processing. The processed data are accessible only for authorised persons, the Controller is continuously available for serving the needs of the Data Subject.
  2. The Controller does not process sensitive data, in particular data regarding racial or ethnic origin, political opinion, religion or beliefs, health status or sexual orientation.
  3. The Controller does not transfer data to third countries, does not apply automated decision making.
  4. Rights relating to processing of personal data

The Controller hereby specifies the rights of the Data Subject in relation to personal data processing:

  1. Right of access. The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and receive information about the circumstances of processing as described in Point (1) of Article 15 of the GDPR.
  2. Right to rectification. The Data Subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  3. Right to erasure (‘right to be forgotten’). The Data Subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay and the Controller shall have the obligation to erase personal data without undue delay where processing of the personal data is no longer necessary, the Data Subject withdraws consent on which the processing is based, or the personal data have been unlawfully processed.
  4. Right to restriction of processing. The Data Subject shall have the right to obtain from the Controller restriction of processing where one of the following applies:
a)  the accuracy of the personal data is contested by the Data Subject, for a period enabling the controller to verify the accuracy of the personal data;

 

b) the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;

 

c)  the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;

 

  1. Right to data portability. The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided.
  2. Contacts of the Authority, information on legal remedy

The Controller informs the Data Subject that complaints in relation to personal data processing can be filed at the following authority:

Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információbiztonsági Hatóság – NAIH)

address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.

postal address: 1530 Budapest, PO Box: 5.;

telephone: +36-1-391-1400;

e-mail: ugyfelszolgalat@naih.hu

VII. Relevant laws

The subject matter of the current document is regulated by the following laws:

  • GDPR
  • Act CXII of 2011 on Informational Self-Determination and the Freedom of Information (“Privacy Act”)

 

The Controller is available to provide further information on data processing at the contacts detailed in Chapter III of the current document, statements regarding data processing shall also be sent to the same contacts.

 

25 May 2018, Budapest

Vintage Office Kft.

 

Print Friendly, PDF & Email