Adatvédelem – Shetland U.K. Nyelviskola

Shetland U.K. Language School

Data protection

2024/25 Autumn Courses

Archívum

Course Search

Shetland U.K. Language School's General Training Data Sheet

Shetland U.K. Language School's short privacy notice

Legal declaration

Complaints handling policy

Shetland U.K. Language School's short privacy notice

A Shetland U.K. Nyelviskola Kft. (székhely: 1192 Budapest, Kábel u. 10, cégjegyzékszám: 01-09-860760, adószám: 13544108-2-43, telefonszám: (1)281 0822, (30)952-1202, e-mail: info@shetland.hu, önállóan képviseli: Tóthné dr. Udvardi Katalin ügyvezető), mint adatkezelő fontosnak tartja ügyfelei és minden egyéb érintett természetes személy (továbbiakban: érintettek) adatkezeléshez kapcsolódó jogának tiszteletben tartását és érvényre juttatását, ezért ezúton tájékoztatja az érintetteket, hogy tiszteletben tartja az érintettek személyhez fűződő jogait, és adatkezelése során a magyar hatályos jog anyagi és eljárásjogi szabályai, a mindenkor hatályos Belső Adatvédelmi Szabályzat, valamint egyéb más belső szabályzatok értelmében jár el.

This short Privacy Notice is a short extract of the Data Controller's Internal Privacy Policy (hereinafter: the Policy), which has been created with the purpose of informing data subjects in a concise manner about the most important data protection rules of the Data Controller. This Notice shall be considered as an annex to the Policy, and the provisions of the Policy and the relevant legislation shall prevail and be interpreted in conjunction with the Policy in relation to issues and topics not covered in the Notice. The full text of the Prospectus and the Rules and Regulations shall be permanently available at the actual place of processing at 10 Kábel u., 1192 Budapest, Hungary.

Who are the stakeholders?

Data subjects: data subject is any natural person who is identified or can be identified, directly or indirectly, on the basis of any specified personal data, and whose data is processed by the Data Controller. The data subjects are therefore primarily the interested parties, customers, the Data Controller's own Employees, the Data Controller's natural person Partners, representatives, contacts, or possibly other employees of its non-natural person Partners. The scope of the data subjects is precisely defined in the course of each processing operation.

What processing activities does the Data Controller perform and for what purposes and for how long does the Data Controller process my data?

One-off request for information

The Controller allows data subjects to request information from the Controller by providing the following details.

The request for information is based on voluntary consent.

Data subjects: all natural persons who contact the Data Controller and request information from the Data Controller, providing their personal data.

Scope and purpose of the data processed:

name*: identification
telephone number: contact
e-mail address*: contact
question content*: answer

The purpose of the processing is to provide the data subject with appropriate information and to maintain contact.

The activity and process concerned by the processing are the following:

The data subject may consult the Data Controller about the Data Controller's services and/or other related matters through the means or ways provided by the Data Controller and accessible to him/her.

The Data Controller shall answer the data subject's question and provide the information to him or her by the same means as the request for information was received, unless the data subject provides otherwise.

The data subject, in accordance with the purpose of the processing, voluntarily consents to being contacted by the Data Controller, if he/she has provided his/her contact details in the request for information, in order to clarify or answer the question.

Duration of processing: until the purpose is achieved. In case the request for information and/or the provision of information has legal effects or affects the data subject or the Data Controller to a similarly significant extent, the Data Controller shall process the data within the applicable limitation period.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure: will not be disclosed to third parties.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

In relation to the data marked with *, the Data Controller draws your attention to the fact that if the data subject does not provide them to the Data Controller, the Data Controller will refuse to provide the service (data processing).

Data processed during ongoing, regular contact with the data subject

This includes, for example, correspondence with a contact.

The data controller shall ensure that the data subject is kept in contact with him or her in various ways and forums on a continuous or regular basis. By way of illustration, such communication may be electronic, such as e-mail, or by post or telephone, etc. (e.g. correspondence with the data subject.)

Legal basis for processing:

voluntary consent of the data subject.

In the event that the Data Controller and the data subject enter into an agreement with each other, for example to use a service of the Data Controller, the regular contact will be related to this processing and its lawfulness will be based on the conclusion of the contract.

Establishing and maintaining contact and thus processing the relevant data may be based on the legitimate interests of the data subject, a third party or the Data Controller, in which case the Data Controller will apply an interest test.

Data subjects: any natural person, including a natural person acting on behalf of an organisation, who, in addition to a one-off request for information, is in continuous or regular contact with the Data Controller.

Scope and purpose of the data processed:

name*: identification
telephone number: contact
e-mail address*: contact
question, query, other data provided by the data subject: reply

The purpose of processing the data is to contact the data subject, to answer and resolve questions, requests and other issues.

The activity and process concerned by the processing are the following:

The data subject contacts or maintains contact with the Data Controller through the means or ways provided by the Data Controller, by way of example, orally (in person, by telephone) or in writing (by post, e-mail), and submits a question, request or other communication to the Data Controller.

Based on the content of the contact and the legislation and internal rules, the Data Controller will take the necessary steps, informing the data subject by way of illustrative list.

Duration of data processing:

pending execution of the request for invalidity, or

until the objective is achieved, or

where performance of a contract or performance of a legal obligation, the interests of the data subject or of a third party or the Data Controller so require, until the performance or the legal obligation has expired or the interest has ceased.

For example: correspondence may be used as evidence in an audit and therefore the Data Controller will treat it as time-barred.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure: will not be disclosed to third parties.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Request for tenders, needs assessment

One-off request for information

Get A Quote

The Data Controller allows data subjects to request an offer from the Data Controller by providing the following details.

The request is based on voluntary consent.

Data subjects: all natural persons who request an offer from the Data Controller in connection with a given service, providing their personal data.

Scope and purpose of the data processed:

name*: identification
telephone number: contact
e-mail address*: contact
language chosen: used for bidding
message: to be used for bidding

The purpose of the processing is to provide the data subject with a suitable offer and to maintain contact.

The activity and process concerned by the processing are the following:

The data subject sends his or her data to the Data Controller through the means or by the means made available to him or her by the Data Controller and requests an offer.

The Data Controller shall prepare an appropriate offer in response to the data subject's request or, if necessary to obtain the information required to make an offer, contact the data subject at the contact details provided by the data subject and, in the light of that information, prepare the offer and, unless the data subject provides otherwise, deliver it to the data subject by the same means as the request was received.

The data subject, in accordance with the purpose of the processing, voluntarily consents to being contacted by the Data Controller, if he/she provides his/her contact details during the request for an offer, in order to clarify the offer or to confirm the order.

Duration of processing: data controller

if the person concerned has not reacted to the offer within the period of validity of the offer, it will be processed until the expiry of the period of validity.

if the data subject has responded to and accepted the offer within the period of validity of the offer, the Data Controller shall process the data until the rights and obligations arising from the legal relationship between the Data Controller and the data subject have expired.

For example: if the data subject does not respond to the offer in substance, the Data Controller deletes all documents containing data relating to the request and the offer (e.g. e-mail, offer).

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure: will not be disclosed to third parties.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Registration via the website (e-learning order)

The Data Controller allows data subjects to register for its service(s) by providing data through its website.

Registration is based on voluntary consent.

Data subjects: any natural person who registers in the database of the Data Controller by entering their data via the website of the Data Controller.

Scope and purpose of the data processed:

name*: identification
e-mail address*: contact
package*: to provide a service

The purpose of the processing is the registration in the database of the Data Controller in relation to one or more services advertised on the website.

The activity and process involved in the processing:

The data subject may provide the above-mentioned data through a specific interface on the website and (by clicking on it) send it to the Data Controller.

The information you provide is sent to the server serving the website via an encrypted channel.

The Data Controller will process the data and contact the data subjects regarding further details of the service, the conditions of application (e.g. test writing, payment conditions, course start dates, etc.).

Duration of processing: until the purpose is achieved. In the event that the application is ultimately unsuccessful and the objective cannot be achieved, the data will be deleted. In the event that the application is successful and, for example, the data subject and the Data Controller enter into a contract, the duration of the processing will be the duration of the processing relating to the agreement.

The data is processed electronically, manually.

Data source: directly from the data subject.

Disclosure: will not be disclosed to third parties.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Data processing in relation to applications for education and training

The present processing is defined as when the data subject indicates his/her intention to participate in education or training to the Data Controller and the application is either not related to a training under the Adult Education Act or falls under the Adult Education Act, but the Data Controller only collects the most basic data from the data subject for further steps in the process.

The Data Controller, in accordance with its purposes and services, enables data subjects to use its education and training services.

Registration and participation in education and training is based on voluntary consent.

Data subjects: all natural persons who voluntarily provide their data and wish to participate in education and training organised by the Data Controller.

Scope and purpose of the data processed:

The data fields defined below are intended to facilitate the conclusion of the contract, as the data will be used in the contract.

name*: identification
telephone number: contact
e-mail address: contact
chosen language: language course
language skills: language level

The purpose of the processing is to enable the application, the identification of the data subject and the verification of his/her rights, and to maintain contact.

The activity and process concerned by the processing are the following:

The data subject indicates his/her intention to participate in the education or training to the Data Controller through the means or ways provided by the Data Controller, in particular, but not limited to, by electronic means or by paper signatures, in addition to providing the data specified above.

The Data Controller enters the intention to participate manually into the electronic registration system and/or records it on paper.

The Data Controller may make participation in education or training subject to the fulfilment of a condition (e.g. conclusion of a contract, payment of a fee), which will be notified to the data subject through one of the contact methods.

If the prerequisite or requirement is not met in full by the person concerned, the Data Controller shall continue to register or delete the application and data on the basis of the applicant's declaration to this effect.

Duration of data processing: for identification and contact data, the duration of data processing is until the expiry of the statute of limitations for the enforceability of rights and obligations arising from the legal relationship in connection with which the Data Controller processes the personal data, and for data that are included in accounting documents and the document supports the accounting, the duration of data processing is at least 8 years pursuant to Article 169 (2) of Act C of 2000.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Communication of data: to the authorities in the event of an inspection.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Data processing in connection with language proficiency tests

The processing of data related to language proficiency tests is based on voluntary consent.

Who is concerned: any natural person who voluntarily takes part in a language assessment test.

Scope and purpose of the data processed:

name*: identification
telephone number*: contact
e-mail address: contact/posting of test results
date of birth: identification
date*: required to determine the date of the assessment test
test result: used for recommendation to a specific group

The purpose of the data processing is to provide the applicant with a specific course offer/group for the most optimal language learning.

The activity and process concerned by the processing are the following:

Based on its professional experience, the Data Controller selects the language tests that are best suited to assess the language skills of a data subject.

The data controller shall explain in detail to the data subject the circumstances in which the language tests are carried out, how and what exactly is measured and what results the data subject can obtain.

For example, the Data Controller informs the data subject how the scoring is done and that if a certain score/percentage is achieved, the data subject will reach the level of a requirement of one group (e.g. intermediate) for a certain score/percentage and another group (e.g. intermediate) for another performance.

The results of the test will be evaluated by the Data Controller's staff member in charge of this task and communicated to the data subjects in detail and in full, in plain, simple language.

In the light of the results, the person concerned may decide to.

accept the proposal of the Data Controller in relation to the level

request the cancellation of the test result and exercise other rights. The controller will act in accordance with the data subject's request.

Duration of data processing:

if the person concerned is included in a specific group (enters into a contract), for a period of 5 years pursuant to Section 16 of Act LXXVII of 2013, or

if no training is provided, for 1 year, or

at the request of the data subject until erasure

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure: data will not be disclosed to third parties, unless the assessment is carried out by an external data processor of which the data subjects have been informed in advance.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Data processing related to the collection of personal data of adult education participants, data reconciliation, and the conclusion of adult education contracts under the Adult Education Act

This includes all data processing related to the recording and reconciliation of data subjects' data under the Adult Education Act.

If the Data Controller conducts education and training pursuant to Act LXXVII of 2013, it is obliged to process personal data of participants in the training organised by it.

The processing of data is mandatory for the fulfilment of a legal obligation pursuant to Article 21 of Act LXXVII of 2013 in relation to data subjects who participate in adult education.

Data subjects: all natural persons who participate in adult education courses organised by the Data Controller.

Data subject of the processing: the trainee concerned

name, birth name, mother's name, place and date of birth, sex, nationality, address of residence and domicile, telephone number, e-mail address, social security number, tax identification number, title of residence in Hungary of a non-Hungarian citizen and the name and number of the document or document entitling the non-Hungarian citizen to reside in Hungary,

the name, place of residence, place of abode, telephone number of the parent or legal representative of the participant in the case of a participant in training pursuant to Section 1 (1) b) of Act LXXVII of 2013,

the data relating to the training relationship, which the trainee

your educational and professional qualifications and language skills,

by enrolling in training,

assessing and rating your studies,

the name of the qualification or other competence acquired, the place, date and result of the examination

are related to,

The purpose of data processing is to fulfil the legal obligation, to record the data of the participants of the training, to identify the data subjects and to maintain contact.

The activity and process concerned by the processing are the following:

When applying for adult education, the person concerned fills in an application form with the above details, after having been informed (see above).

The Data Controller and the data subject shall conclude an adult education contract with each other in accordance with the provisions of the Act, a copy of which shall be kept by the Data Controller (in paper or electronic form).

By providing the data, the data subject acknowledges that the Data Controller may transfer the data in order to fulfil its obligations under the aforementioned law. The data may be transmitted to the Central Statistical Office free of charge and used for statistical purposes in a way that is suitable for unique identification.

Duration of data processing: 8 years pursuant to § 16 of Act LXXVII of 2013.

Processing method: electronic and/or paper-based, manual.

Data source: directly from the data subject.

Disclosure: may be made to the public authority in the case of an audit or to the tender monitoring body in the case of a call for tenders.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Data processing in connection with the conclusion of an agreement that is not based on the Adult Education Act

This includes, for example, data processing in connection with the conclusion of an educational (contract for services) contract.

The Data Controller makes the provision of certain of its services subject to the prior conclusion of an agreement as a condition.

Legal basis: conclusion of the agreement as from the application of the GDPR, the legal basis for processing in case of conclusion of the agreement is Article 6.1.b (processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into the contract).

Data subjects: all natural persons and natural persons acting on behalf or on behalf of an organisation who enter into an agreement with the Data Controller, providing personal data.

Scope and purpose of the data processed:

name*: identification
telephone number*: contact
e-mail address*: contact
subject of contract: content of contract
payment terms: content of the contract
rights and obligations: content of the contract

The purpose of data processing is the conclusion of an agreement and the maintenance of contact.

The activity and process concerned by the processing are the following:

The data subject and the controller shall consult each other once or several times on the details of the agreement.

You provide your data to the Data Controller to create the agreement, you voluntarily and without any influence enter into the agreement with the Data Controller.

The data subject and the Controller shall jointly or either party shall draw up a draft agreement, which shall be signed by mutual consent.

The Data Controller shall record the agreement in the electronic and/or paper-based registration system established for this purpose.

The Data Controller may notify the data subject or the data subject who has been affected by the Data Controller of certain steps in the process of compliance.

The data subject, in accordance with the purpose of the processing, voluntarily consents to being contacted by the Data Controller via the contact details provided by him/her in order to agree on the details of the performance and/or in connection with related issues.

Duration of data processing:

until the expiry of the limitation period for the enforceability of the rights and obligations arising from the legal relationship in relation to which the Data Controller processes the personal data,

in relation to personal data which are included in supporting documents and the supporting document supports the accounting, the period of data processing is at least 8 years pursuant to Article 169 (2) of Act C of 2000.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure: if disclosed to a third party, the details of this recipient are set out in Annex I.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Data management related to attendance sheets, progress logs, exam completion based on the Adult Education Act

The Data Controller is obliged to manage the progress log and the documents certifying the completion of the examination pursuant to Act LXXVII of 2013.

The Data Controller shall keep track of the participation in education, training, sessions, consultations and examinations by keeping an attendance record, given that it is obliged to do so under Act LXXVII of 2013.

Data processing is mandatory by law.

Data subjects: all natural persons who conclude an adult education contract with the Data Controller.

The scope and purpose of the data processed in relation to the attendance sheet:

name* and signature: proof of identification and participation
date: proof of attendance on a given date

The scope and purpose of the data processed in relation to the progress log:

name* and signature: proof of identification and participation
date, number of absences, date*: proof of attendance/absence at a given time

The scope and purpose of the data processing in relation to the exam:

name* and signature: proof of identification and participation
date: identification
answering the exam questions*: determining the result

The purpose of data processing is to fulfil legal obligations, to provide proof of completion of training and attendance at training and participation in examinations.

The activity and process concerned by the processing are the following:

The data subject shall conclude an adult education contract with the Data Controller, a copy of which shall be stored by the Data Controller on the basis of the Data Management Policy.

The person concerned attends the education/training classes at the specified times and signs an attendance sheet.

The Data Controller keeps a progress log of absences, which is stored in accordance with the Data Management Policy.

The Data Controller keeps records of students and examinations in the electronic registration system and/or on paper for the purpose of conducting education/training and in order to comply with legal obligations.

According to the education/training concerned, the person concerned will/may take an exam on what he/she has learned, which may be electronic, paper-based and/or a practical exam.

The Data Controller shall store the result of the exam.

The data subject, in accordance with the purpose of the processing, acknowledges that.

data provided by you in connection with the provision of education/training, the Data Controller will process the data and transmit them to the authorities if necessary to fulfil its legal obligations.

the Data Controller will contact him or her through his or her contact details to inform him or her of changes to or impossibility of the education or training, or to provide other information related to the organisation of such events, to respond to any complaints or to take other action in relation to the complaint.

Duration of data processing: for 5 years pursuant to § 16 of Act LXXVII of 2013.

Processing method: electronic and/or paper-based, manual.

Data source: directly from the data subject.

Disclosure: may be made to the public authority in the case of an audit or to the tender monitoring body in the case of a call for tenders.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Data processing in connection with education, training, training

This includes the processing of data obtained during education, training, training.

The Data Controller, in accordance with its purposes, enables the data subjects to use its educational and training services after the conclusion of an agreement.

The data processing is based on an agreement between the data subject and the Data Controller. In case the data subject participates in a one-off test day/test training without an agreement, the legal basis for the processing will be the voluntary consent of the data subject.

Data subjects: all natural persons who voluntarily provide their data and wish to participate in training organised by the Data Controller.

Scope and purpose of the data processed:

name*: identification
date(s)*: follow-up
absence(s): follow-up
answering the exam questions*: determining the result
practical test (if any): result declaration

The purpose of the processing is to provide services (education, training, coaching) to the data subject at specified times, for specified duration and content, and to maintain contact.

The activity and process concerned by the processing are the following:

The data subject shall notify the Data Controller of his/her intention to participate in education, training or courses through the means or ways provided by the Data Controller and by providing the data specified above.

The Data Controller enters the intention to participate manually into the electronic registration system and/or records it on paper.

The Data Controller may make participation in the education or training subject to the fulfilment of a condition, which will be notified to the data subject through one of the contact methods.

The Data Controller shall provide the data subject with education, training and training appropriate to the application.

If the education, training or training course ends with an examination, the Data Controller shall provide the opportunity for the data subject to complete it.

The data subject, in accordance with the purposes of the processing, voluntarily consents to being contacted by the Data Controller, through the contact details provided, to be informed of the impossibility of the education, training, course or examination or to provide other information related to the organisation of the same, to respond to any complaint or to take other action in relation to the complaint.

The Data Controller keeps track of the attendance of the data subject at the education or training by keeping attendance sheets or other records. The provisions of the Data Management Regulations shall apply to the handling of such paper records containing data, subject to the rules of these Regulations.

The processing is carried out electronically and/or on paper, manually or by automated means.

Data source: directly from the data subject.

Disclosure: will not be disclosed to third parties.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Data processing in relation to gift vouchers/coupons

The Data Controller allows the data subject to purchase or acquire various gift vouchers/coupons, which can be used for the services/products of the Data Controller for a given value.

The order and use of the gift voucher/coupon is based on voluntary consent.

Data subjects: any natural person who wishes to purchase or redeem gift vouchers/coupons in connection with a service/product of the Data Controller.

Scope and purpose of the data processed:

name of the person concerned as the customer*: identification
the name of the gift voucher recipient or an indication that the gift voucher may be used by the holder (anonymous recipient)*: identification
telephone number*: contact
e-mail address*: contact
voucher value*: used for fulfilment and invoicing
payment method: invoicing
delivery address (if applicable): information required for delivery of the product

The purpose of data processing is to redeem the value of the gift voucher/coupon in case of purchase of a service/product (e.g. book) of the Data Controller.

The activity and process concerned by the processing are the following:

The data subject indicates his/her intention to purchase a gift voucher/coupon to the Data Controller.

The Data Controller processes the data received and prepares an offer for the data subject.

If the person concerned accepts the offer, the Employee will confirm the order in writing or, in the case of a personal order, prepare a paper gift voucher/voucher.

If the data subject has paid the fee for the gift voucher to the Data Controller in the specified manner and time, the Data Controller's employee will issue the gift voucher/coupon and send it to the data subject or, in the case of personal receipt, hand it over to the data subject.

Duration of data processing: until the limitation period for the enforceability of rights and obligations arising from the legal relationship in connection with which the Data Controller processes the personal data, in relation to data that are entered in supporting documents and the supporting documents support the accounting, the duration of data processing is at least 8 years pursuant to Article 169 (2) of Act C of 2000.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure of data: name, delivery address, if the gift voucher/coupon is delivered by the Data Controller to the address indicated by the data subject, otherwise it will not be disclosed to third parties.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Questionnaire, evaluation system

As part of the quality assurance process applied by the Data Controller, data subjects may give their views electronically and/or by means of a paper questionnaire, using an evaluation system.

Completion of the evaluation questionnaire is based on voluntary consent and no personal data will be included.

Data subjects: any natural person who has used and evaluates the services of the Data Controller for the purpose of quality improvement and/or feedback.

Scope and purpose of the data processed:

training group identifier: (identification)
time of completion: (identification)
Evaluation of the services provided by the data controller: quality assurance

The purpose of data processing is to improve the quality of services, investigate possible complaints and maintain contact.

The provision of the data is not mandatory, it is only for the purpose of accurately investigating any complaints and ensuring that the Data Controller responds to the data subject.

The activity and process concerned by the processing are the following:

The data subject may evaluate the Data Controller, the services/products provided by the Data Controller, by filling in a questionnaire and/or by a free text evaluation, through a channel or means made available to him/her by the Data Controller.

The data subject shall acknowledge his/her assessment to the Data Controller by electronic and/or paper means.

The Data Controller shall store the electronically sent evaluations in the electronic registration system established for this purpose.

The Data Controller processes paper questionnaires to improve quality and stores them in accordance with the Data Management Policy.

The Data Controller will also use the opinions obtained through questionnaires and evaluation systems and data not attributable to the data subject for statistical purposes.

Duration of processing: until the purpose is achieved.

The processing is carried out electronically and/or on paper, manually or by automated means.

Data source: directly from the data subject.

Disclosure: will not be disclosed to third parties.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Send newsletter

You may subscribe to a newsletter before or during the use of the services or otherwise by providing the following information.

Subscription to the newsletter is based on voluntary consent.

Data subjects: any natural person who wishes to receive regular information about news, promotions and discounts from the Data Controller and therefore subscribes to the newsletter service by providing their personal data.

Scope and purpose of the data processed:

name: identification
e-mail address: newsletter
Level 2: Send newsletter

The purpose of data processing in connection with the sending of newsletters is to inform the recipient in a general or personalized way about the latest promotions, events, news, notification of changes or cancellations of services of the Data Controller.

Newsletters are sent only with the prior consent of the data subject.

The Data Controller shall process the personal data collected for this purpose only until the data subject unsubscribes from the newsletter list or, in the case referred to in point 10, provides confirmation.

The data subject may unsubscribe from the newsletter at any time by unsubscribing at the bottom of the e-mails and by sending an unsubscribe request to info@shetland.hu.

You can subscribe to the newsletter by post to Shetland U.K. Nyelviskola Kft., 1192 Budapest, Kábel u. 10

The Data Controller will review the newsletter list every three years and will ask for confirmation of consent to send the newsletter after three years. The data of the data subject who does not give his or her consent shall be deleted from the data file by the Data Controller.

Duration of processing: until erasure at the request of the data subject or if the data subject does not give further consent.

The Data Controller keeps statistics on the readership of the newsletters sent out, by means of the clicks on the links in the newsletters.

The processing is carried out electronically, by automated means.

Data source: directly from the data subject.

Disclosure: data will not be disclosed to third parties unless you use a data processor.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Testimonials/Eventbook

The data subject may write reviews and comments in the online reviews section or guestbook, available on paper at the Data Controller's premises and electronically on the website, in parallel with providing his or her data.

Use of the guestbook is based on voluntary consent.

Data subjects: all natural persons who have used the services of the Data Controller and wish to share their experiences and opinions with the Data Controller and others through the guestbook.

Scope and purpose of the data processed:

name: identification
e-mail address: contact
testimonial: quality assurance

The purpose of data processing is to allow the data subject to express his/her opinion about the services of the Data Controller in order to improve the quality of the services of the Data Controller and to contact the data subject in case of a guest complaint.

The data subject acknowledges that the guestbook may be accessed by other data subjects and third parties, and therefore, by using the guestbook, the data subject expressly consents to the access of other data subjects and third parties to the data specified in the guestbook. Given that the Data Controller does not verify the data provided in the guestbook, but makes the guestbook available, the Data Controller shall not be liable for the use of the guestbook. Accordingly, the data subject should use the guestbook with care.

Duration of processing: until erasure at the request of the data subject.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure: will not be disclosed to third parties.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

To make an appointment

For example, booking an appointment for a test, signing a contract, paying a fee, etc.

The Data Controller allows the data subjects to request an appointment with the Data Controller by providing the following details, during which they can personally consult with the Data Controller about its services and other issues.

Appointments and bookings are based on voluntary consent.

Data subjects: all natural persons who book an appointment by providing their data.

Scope of the data processed:

name*: identification
telephone number*: contact
e-mail address: contact
date*: required to provide the service

The purpose of data processing is to provide the data subject with an appointment and to maintain contact.

The activity and process concerned by the processing are the following:

The data subject may make an appointment with the Data Controller through the means or ways made available to him/her by the Data Controller.

The Data Controller shall record the data revealed to the Data Controller during the appointment reconciliation in an electronic record system and/or on paper and confirm the booked appointment to the data subject orally and/or in writing.

Ideally, the data subject should appear in person at the time and place agreed with the Data Controller, so that the data subject and the Data Controller can meet the purpose of the appointment, which may be, for example, a personal interview, a test or an assignment.

The data subject, in accordance with the purpose of the processing, voluntarily consents to being contacted by the Data Controller, if he or she provides his or her contact details, in order to inform him or her of any missed appointment, to respond to any complaint or to take other action in relation to the complaint.

Duration of data processing:

until the target is met.

in the event that the date (or lack thereof) has or may have legal effect, or is relevant for proving the performance of a legal obligation or asserting a legitimate interest, the Data Controller shall retain the data for the general limitation period or until the legitimate interest has been established.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure: will not be disclosed to third parties.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Event management

The Data Controller allows a small or large group of data subjects to use its services at the same time, at the same time, during a given event.

The processing is based on voluntary consent. If the Data Controller and the data subject have concluded an agreement in connection with the event, the legal basis will be the agreement.

Data subjects: any natural person who, together with other data subjects, wishes to use the services of the Data Controller at the same time for a specific event.

Scope and purpose of the data processed

contact name: identification
e-mail address: contact
address: contact
telephone number: contact
number of staff: data required for organisation
number of adults: data required for organisation
number of children: data required for organisation
arrival date: data required for organisation
date of departure: data required for organisation
other communication by the data subject: response, action taken

The purpose of data processing is to carry out tasks related to the organisation of the event and to maintain contact with the data subject.

The activity and process concerned by the processing are the following:

The data subject may request and consult with the Data Controller about the event by providing the Data Controller with information through a channel or means available to him or her.

The data subject, in accordance with the purpose of the processing, voluntarily consents to the Data Controller contacting him or her in relation to the purpose of the processing, e.g. to answer a question.

Duration of data processing: in the case of data supporting the issue of an invoice, the data (e.g. attendance sheet, register) will share the legal fate of the voucher and the duration of data processing will be at least 8 years pursuant to Article 169 (2) of Act C of 2000. If not, the period of processing is 5 years, general limitation period.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure: if disclosed to a third party, e.g. for the purpose of catering, venue hire, etc., this person is identified in Annex I.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Data processing in relation to camping

The Data Controller allows the data subjects to use its camping services and data management by providing their personal data.

The use of the camping service(s), such as the completion and acceptance of the relevant application forms, declarations, contracts, is necessary for and based on the conclusion of the agreement (Article 6.1.b. GDPR).

Data subjects: any natural person whose data is provided by the data subject to the Data Controller in connection with the request for the service(s) related to the camping organised by the Data Controller. The data subjects are in particular children and their legal representatives.

Scope and purpose of the data processed:

name*: identification
address*: identification, contact
telephone number*: contact
mother's name*: identification, contact
date of birth*: identification, eligibility verification
e-mail address*: contact
ID number: identification, provision of services
special data: data concerning health conditions (e.g. allergies): used for the proper provision of services
special requests for meals: used for the proper provision of services
indication of advance or full payment: used to check financial execution

The purpose of the processing activity is to identify the data subjects, to establish their rights to use the service, to provide the service, to perform the service and, if necessary, to maintain contact.

The activity and process concerned by the processing are the following:

Before using the camping as a service, the data subject accepts an application form, other declaration and/or contract by providing the specified data, which is stored by the Data Controller's staff in accordance with the Data Management Policy.

If the data subject is under 16 years of age, the written consent of his/her legal representative is required for the validity of applications, declarations, contracts and the use of the service.

Following the completion and acceptance of the application form, other declaration and/or contract, the Data Controller shall manually enter the data of the data subject into the Data Controller's electronic registration system for camping and/or into a paper register and the Data Controller shall store the paper documents in accordance with the Data Management Policy.

The data subject, in accordance with the purpose of the processing, voluntarily consents to be contacted by the Data Controller, if he/she provides his/her contact details, in order to inform him/her of the impossibility of the service linked to the provision of the declaration of liability, the camping, or to answer any complaint or take any other action regarding his/her complaint, or to inform the person designated by the data subject in the event of an accident.

Duration of processing: until the expiry of the limitation period for the enforceability of rights and obligations arising from the legal relationship in connection with which the Data Controller processes the personal data, in relation to data that are included in supporting documents and the supporting documents support the accounting, the duration of processing is at least 8 years pursuant to Article 169 (2) of Act C of 2000.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure: not disclosed to third parties/to third parties, as identified in Annex I.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Order-related data processing

This includes, for example, ordering textbooks.

The controller allows the data subject to order one or more products (or services).

The legal basis for processing is based on the conclusion and performance of the agreement (Article 6.1.b. GDPR)

Data subjects: any natural person who orders a product (or service) from the Data Controller by providing personal data.

Scope and purpose of the data processed:

name*: identification
e-mail address*: contact
password: login/identification
address: data required for invoicing
telephone number: contact
name and quantity of the product/service ordered: data required for fulfilment and invoicing
payment method: data required for invoicing
billing address*: information required for billing
delivery address*: data required for delivery
order identifier*: required for later order retrieval
order date*: required for fulfilment, retrieval
total amount: data required for financial execution

The purpose of data processing is to identify the data subjects who order the product (service), to ensure and verify their rights, to simplify and ensure the ordering process and to maintain contact.

The activity and process involved in the processing:

The data subject sends his or her order to the Data Controller through the means or by the means made available to him or her by the Data Controller.

The Data Controller will process the order.

The Data Controller shall record the order in the electronic and/or paper-based registration system provided for this purpose.

The Data Controller, if the order is accepted, will notify the data subject in writing (electronically) of the acceptance of the order via the contact details provided. The notification is a confirmation of the order, which may also contain additional information on the fulfilment.

If the order needs to be clarified, the Data Controller will contact the data subject using the contact details provided by the data subject. It will also contact the data subject if it is unable to accept the order or rejects it.

The data controller may inform the data subject about certain processes of fulfilment (e.g. packaging, delivery, etc.) in the process of order fulfilment.

The way the data is processed: electronically, with manual ordering and processing.

Data source: directly from the data subject.

Disclosure: in the case of an order for a product, it may be disclosed to a third party that carries out the delivery in the case of home delivery, these parties are listed in Annex I.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Processing of bank data, transfers

This includes, for example, the processing of data relating to transfers to and from the Controller.

The Data Controller pays the salaries and other benefits of the Employees by bank transfer, and the financial obligations towards third parties are paid by bank transfer, in certain cases the data subject may make a financial payment to the Data Controller or receive a financial payment from the Data Controller. In all these cases, the Controller processes personal data.

Legal basis for processing:

the financial performance to data subjects and the related processing of data subjects' data is required by legal obligation and/or contract.

Where the data subject makes a transfer to the Data Controller, he or she has provided the related data on the basis of his or her voluntary consent, unless the financial performance to the Data Controller is required by law or by an agreement with the Data Controller.

Data subjects: all natural persons to whom a transfer is made initiated by the Data Controller and all natural persons who wish to make a financial payment to the Data Controller by means of a bank transfer.

Scope and purpose of the data processed

Account holder name*: identification
bank account number*: identification, transfer
communication*: identification
amount*: identification

The purpose of data processing is to facilitate and monitor financial performance.

In order to preserve banking and business secrecy, the Data Controller shall take all reasonable steps to ensure that the above data are disclosed only to those employees who have the necessary and appropriate authorisation to know them for the performance of their tasks.

The activity and process concerned by the processing are the following:

The data subject provides his/her bank details in advance for the execution of the transfer by the Data Controller or the data subject initiates a transfer to the Data Controller, and thus the data subject makes his/her above details available to the Data Controller after the bank transfer has been made, so that the amount transferred and the above details are received in the bank account of the Data Controller after the successful bank transfer.

In the case of bank transfers by the Data Controller, the Data Controller compiles a list of the recipients of the transfer based on invoices, receipts and other documents, and the amounts representing the financial settlement, and then executes the bank transfer after management approval.

The Data Controller checks bank transfers, whether incoming or outgoing.

Duration of data processing: until the expiry of the limitation period for the enforceability of rights and obligations arising from the legal relationship in connection with which the Data Controller processes the personal data.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosures: disclosed to third party(ies), such as a bank, as identified in Annex I.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Marketing on social networking sites

The data controller can be reached at https://www.facebook.com/shetlanduk/ and on other social networking sites.

The use of social networking sites, including in particular the Facebook page, and the contact, communication and other operations permitted by the social networking site, is based on voluntary consent.

Data subjects: natural persons who voluntarily follow, share or like the social networking pages of the Data Controller, in particular the page on facebook.com or the content on it.

Scope and purpose of the data processed:

public name of the person concerned: identification
public photo: identification
public e-mail address: contact
message sent via the social networking site concerned: basis for contact, basis for reply
assessment by the data subject or as a result of other operations: quality improvement or purpose of the other operations

The Data Controller communicates with data subjects through the social networking site only, and thus the purpose of the scope of the data processed becomes relevant when the data subject contacts the Data Controller through the social networking site.

The purpose of the presence on social portals, in particular Facebook, and the related data processing is to share, publish and market the content of the website on the social networking site. The social networking site also allows the data subject to be informed about the latest promotions.

The data subject voluntarily consents to follow and like the content of the Data Controller on the basis of the terms and conditions of the social networking site. By way of example, the data subject can subscribe to the news feed posted on the Facebook wall by clicking on the "like" link on the Facebook wall, thereby consenting to the publication of the Controller's news and offers on his/her own wall, and unsubscribe by clicking on the "dislike" link on the same wall, and delete unwanted news feeds on the wall by using the settings on the wall.

The data subject can evaluate the Data Controller in text and numerical form, if the social networking site allows this.

The Data Controller also publishes pictures/video clips on its social networking sites, in particular on Facebook, about various events, services and other things. The Data Controller may link the Facebook page with other social networking sites in accordance with the rules of the facebook.com social networking portal, so the publication on the Facebook page shall be understood to include publication on such linked social networking sites.

If it is not a public or public performance recording (Civil Code 2:48), the Data Controller will always ask for the written consent of the data subject before publishing the images.

The data subject can obtain information about the data processing of a given social networking site on the social networking site concerned, and accordingly, information about the data processing of the Facebook page can be obtained at www.facebook.com.

Duration of processing: until erasure at the request of the data subject.

Method of data processing: electronically, manually.

Data source: directly from the data subject.

Disclosure of data: data is disclosed to third parties when a Partner carries out marketing on the social networking site. In such cases, the Partner is identified in Annex I.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision making, profiling: the Data Controller does not carry out this in connection with data processing. However, the Controller draws attention to the fact that profiling or other automated processing may be carried out by the controller of the social networking site, but in this case the controller will be the operator of the social networking site.

Organising a prize draw

The Data Controller allows data subjects to participate in a prize draw by providing the following details, in accordance with the rules applicable to that prize draw. The current competition(s) and the relevant game rule(s) and conditions are available from the Data Controller.

Participation in the competition is based on voluntary consent.

Data subjects: any natural person who wishes to participate by providing their data in a prize draw organised by the Data Controller.

Scope and purposes of the data processed:

name*: used for identification/sorting
telephone number: contact
e-mail address: contact

The purpose of data processing is to identify the data subjects during the draw and to maintain contact.

The activity and process concerned by the processing are the following:

The data subject may enter the competition by providing his/her details, in accordance with the rules of the competition.

The Data Controller records the data electronically and/or on paper and carries out the draw in accordance with the rules of the prize draw.

The Data Controller will contact the winners using the contact details provided.

The Data Controller may make the names of the winners available to other data subjects and third parties on the website in accordance with the relevant game rules, and therefore draws the attention of data subjects to consider participating in the prize draw with this in mind.

The data subject, in accordance with the purpose of the processing, voluntarily consents to being contacted by the Data Controller via the contact details provided, in order to inform him/her of the possible impossibility of the prize draw or to clarify the receipt of the prize, to respond to any complaint or to take other steps in relation to the complaint.

Duration of processing: for identification and contact data, until the expiry of the limitation period for the enforceability of rights and obligations arising from the legal relationship in relation to which the Data Controller processes the personal data.

Data source: directly from the data subject.

Disclosure of data: data is disclosed to third parties when a Partner conducts the draw and/or the delivery of prizes to data subjects. This Partner is identified in Annex I.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Processing of data related to registration or application for competitions

For example, taking part in language competitions.

The Data Controller, in accordance with its purposes, allows data subjects to participate in competitions organised by it or by third parties following prior registration or application.

Pre-registration or application for events is based on voluntary consent.

Data subjects: all natural persons who wish to participate in an event organised by the Data Controller by voluntarily providing their data.

Scope and purpose of the data processed:

name*: identification
e-mail address: contact
telephone number*: contact
address: identification
mother's name: identification
place and date of birth: identification
address: identification, contact
name of legal representative (if under 16): identification, contact details
phone number of legal representative: contact

The purpose of data processing is to identify the data subject and to check the conditions of participation in the competition and to maintain contact.

The activity and process concerned by the processing are the following:

The data subject shall notify the Controller of his or her intention to participate in the event through the means or ways made available to him or her by the Controller.

The Data Controller enters the intention to participate manually into the electronic registration system set up for this purpose and/or records it on paper.

The Data Controller may make participation in the event subject to the fulfilment of a condition, which will be notified to the data subject through one of the contact methods.

The data subject, in accordance with the purpose of the processing, voluntarily consents to being contacted by the Data Controller through the contact details provided, in order to inform him/her of the impossibility of the competition, exhibition and/or event or to provide other information related to the organisation of the same, to respond to any complaint or to take other action in relation to the complaint.

The Data Controller keeps track of the attendance of the data subject at the event by keeping an attendance sheet or other record. The provisions of the Data Management Regulations shall apply to the handling of such paper documents containing data, subject to the rules of these Regulations.

Duration of data processing: until the purpose is achieved, for data that are included in accounting documents and that support the accounting, the duration of data processing is at least 8 years pursuant to Article 169 (2) of Act C of 2000.

The processing is carried out electronically and/or on paper, manually or by automated means.

Data source: directly from the data subject.

Disclosure: not disclosed to third parties/to third parties, as identified in Annex I.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Processing of data relating to subscriptions to services via e-mail

The data subject may also request, access and use certain services of the Data Controller via e-mail.

Subscription to such service is based on voluntary consent.

Data subjects: all natural persons who wish to subscribe to the services of the Data Controller available via e-mail by providing their personal data.

Scope and purpose of the data processed:

name*: identification
e-mail address*: identification
name of service: to use the service

The purpose of data processing is to record the data of the data subject in connection with the services ordered, to perform the services ordered, to enforce the rights and obligations related to the performance, to grant and control the rights and access of the data subject, to enforce his/her benefits, and to maintain contact.

The processing of data relating to the subscription to the service via e-mail is otherwise governed by the processing of data relating to the sending of newsletters.

The data is processed electronically, manually.

Data source: directly from the data subject.

Disclosure: will not be disclosed to third parties.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Data processing in relation to the conclusion of a consent form/agreement

The Data Controller may make the provision of certain of its services subject to the prior conclusion of a declaration of consent and/or an agreement as a condition, of which the Data Subject will be informed.

Consent is based on voluntary agreement and the legal basis for the conclusion of the agreement is the agreement itself.

Data subjects: any natural person who, in addition to providing personal data, gives consent to the Data Controller and/or enters into an agreement with the Data Controller in relation to the use of a service provided by the Data Controller.

Scope and purpose of the data processed:

name*: identification
address*: identification/contact
place and date of birth*: identification
mother's name: identification
telephone number*: contact
e-mail address: contact

The purpose of the processing is to identify the data subject, to provide the data subject with an appropriate service in accordance with the provisions of the consent form and/or the agreement, and to maintain contact.

The activity and process concerned by the processing are the following:

The data subject, at his/her own discretion, decides to use the services of the Data Controller on a voluntary basis, without any influence. If he/she wishes to use the service(s), he/she gives his/her consent and/or enters into an agreement with the Data Controller by providing the above data.

The consent form and/or the agreement shall be stored by the Data Controller in an electronic filing system specifically used for this purpose and/or on paper.

If a data subject discloses to the Data Controller a fact that affects or excludes the provision of the service, or the Data Controller finds such a fact clearly and demonstrably relating to the data subject, the Data Controller shall refuse to provide the service(s) in question.

Duration of processing: in relation to personal data that are included in supporting documents and that support the accounting records, the duration of processing (in relation to the supporting document) is at least 8 years pursuant to Article 169 (2) of Act C of 2000.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure: not disclosed to third parties/to third parties, as identified in Annex I.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Processing of data relating to health conditions

This includes allergies, disabilities, etc.

Before or during the use of the services, the data subject has the possibility to share his or her health-related data with the Data Controller in order to receive the services in a personalised manner.

The transfer of health-related data is based on voluntary consent.

Data subjects: any natural person who wishes to share data about his or her health with the Data Controller.

Scope and purpose of the data processed:

name: identification
health data: appropriate use of services, e.g. meals or accessible areas

The purpose of data processing is to provide personalised services and to maintain contact.

The activity and process involved in the processing:

The Data Controller provides services, before and/or during the use of which the data subject may share health data with the Data Controller's staff.

Health data are stored by the Data Controller on paper or in an electronic record system specifically used for this purpose.

The Data Controller only collects the most necessary health data.

Access to the data subject's health data is limited to the Staff member with whom the data subject has shared the data and to the Staff member who is providing the service to the data subject and who needs to know the health data for the provision of the service and has the data subject's voluntary consent.

The data subject has the right to be informed about the processing, to obtain access to his or her health and personal data, to consult and obtain copies of the medical records at his or her own expense.

Health data may be transferred only if the data subject has given his or her explicit, voluntary and written consent to the transfer, with the knowledge of the recipient of the transfer, or in the event of danger to life, or if the transfer of health and personal data is required by law.

Duration of processing: until revocation, but no later than the expiry of the limitation period for the enforceability of rights and obligations arising from the legal relationship in connection with which the Data Controller processes the personal data.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure: not disclosed to third parties/to third parties, as identified in Annex I.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

With the consent of the data subject, images, video and audio recordings of the data subject taken during the use of the service.

The Data Controller shall, in strict compliance with the provisions of the applicable Civil Code Article 2:48 (1), create audio, image and video recordings of the data subject and/or of the data subject and take the steps (e.g. transmission, publication) to which the data subject has consented in the relevant declaration only with the prior consent of the data subject.

Data processing may only take place with the explicit, voluntary consent of the data subject.

Data subjects: any natural person who gives his or her prior consent to the recording of images, video and/or audio recordings (for example, when using the service).

Scope and purpose of the data processed:

audio recording with the person concerned: identification, marketing
image of the person concerned: identification, marketing
other images, including video, of the data subject from which the data subject can be identified: identification, marketing

The purpose of the processing is the purpose specified in the data subject's consent, such as the transmission to the Partner or a third party of audio, video and image recordings of the data subject made with the data subject's consent, or the publication on the website or social networking site of the Data Controller, and thus the marketing of the Data Controller.

The Data Controller declares that the data subject acknowledges that if the data subject can be identified from the audio, image and video recordings made, the data shall be considered personal data and the following rules shall apply to the processing thereof:

If the data subject is identifiable from the data, he or she may withdraw his or her prior consent at any time, either before or after uploading to the website or social networking site (request for erasure).

The Controller shall take steps to remove the data immediately upon receipt of the request for erasure.

The Data Controller will provide more information on the processing of data relating to data subjects upon request sent to info@shetland.hu. The deletion or blocking of data from the website and/or social networking site and/or from the data file can also be requested here.

Duration of processing: until erasure at the request of the data subject.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure of data: the Data Controller may disclose the data produced in accordance with the voluntary consent of the data subject, so that the data (such as images) will be available to third parties.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Complaints handling

The Data Controller shall ensure that the data subject may make a complaint about the service and/or the conduct, activity or omission of the Data Controller orally (in person, by telephone) or in writing (in person or by means of a document delivered by another person, by post, by electronic mail).

The complaint handling process is based on voluntary consent.

Data subjects: any natural person who wishes to communicate, orally or in writing, a complaint regarding a service used and/or the conduct, activity or omission of the Data Controller.

Scope and purpose of the data processed:

complaint identifier: identification
name: identification
billing/mailing address: contact
telephone number: contact
e-mail address: contact
date of notification: identification
place of notification: identification
method of notification: identification
description of complaint: investigation of complaint
attached documents: investigation of complaint
training statement: complaint investigation
place of recording: investigation of complaint
time of recording: investigation of complaint
further action: investigation of complaint
responsible: investigate complaint

The purpose of processing the data is to identify the data subject and the complaint, and to handle the complaint and contact.

The activity and process concerned by the processing are the following:

The data subject shall communicate his or her complaint to the Data Controller orally (in person, by telephone) or in writing (in person or by means of a document delivered by another person, by post, by electronic mail).

If the data subject makes a complaint orally, the Data Controller shall record the complaint on a complaint form or a record of its content.

If the data subject wishes to make a complaint in writing, he or she may do so.

The Data Controller will process the complaint and respond to it as soon as possible.

The Data Controller shall seek to resolve any complaints that may arise as soon as possible in the common interest.

Duration of processing: the Data Controller shall keep the record of the complaint and a copy of the reply for a period of limitation (5 years) from the date of the complaint.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure: data will only be disclosed to a third party if the disclosure is necessary for the exercise of the rights or obligations of the data subject or of the Data Controller or of a third party.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Data processing in relation to the consent form

This includes the processing of consent forms for data processing.

The Data Controller asks the data subjects to give their consent on paper or electronically to the access, processing and, where applicable, transfer of their data.

The giving of consent is based on voluntary consent.

Data subjects: all natural persons who give their consent to the Controller to process their data for any purpose.

Scope and purpose of the data processed:

name: identification
place and date of birth: identification
data indicated in the consent form: necessary to give consent

Purpose of processing: the processing of consent statements is necessary for the purposes of proving the legal basis for processing and for the fulfilment of the consent (principle of accountability) and for contact management.

The activity and process concerned by the processing are the following:

The data subject gives his or her consent to the processing of the data through the means or by the means made available to him or her by the Controller.

By way of example, the data subject gives his or her prior consent to the processing of the data either electronically on the website or on paper.

The Data Controller stores and processes the consent forms on paper or electronically for future retrieval and evidence. Consent forms shall be processed in a sealed manner by the Data Controller.

Duration of data processing:

until the expiry of the limitation period for the enforcement of rights and obligations arising from the legal relationship in relation to which the Controller processes the personal data, or

if such a relationship has not been established, at the request of the data subject, until erasure.

Processing method: electronic and/or paper-based, manual.

Data source: directly from the data subject.

Disclosure of data: listed in Annex I if the consent relates to a transfer of data.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Data management of volunteers' data and agreements

After the selection of the data subjects as volunteers, the Data Controller shall make further cooperation with the data subjects subject subject to the prior conclusion of an agreement.

The processing is based on the agreement (Article 6.1.b GDPR).

Data subjects: any natural person who enters into a voluntary legal relationship with the Data Controller by providing personal data.

The scope of the data processed in connection with the voluntary contract under Act LXXXVIII of 2005 is as follows:

name of the volunteer concerned*

place and date of birth*

mother's name*

your nationality*

residence, place of residence*

phone number*

your e-mail address*

The purpose of data processing is to identify the data subject, to establish a voluntary relationship and to maintain contact.

The activity and process concerned by the processing are the following:

The Data Controller shall notify the data subject of the selection.

If the data subject wishes to maintain his/her application and cooperate with the Data Controller, he/she shall notify the Data Controller accordingly and make an appointment to conclude an agreement.

The agreement is concluded between the controller and the data subjects.

Where required by law, the valid conclusion of the agreement requires the inclusion and signature of the data of the legal representative as the data subject.

The Data Controller shall store the paper agreements and their annexes and other declarations in accordance with the Data Management Policy.

The Data Controller shall record the agreement in the electronic and/or paper-based registration system established for this purpose.

As a data subject, you may voluntarily come into contact with personal and specific data of other data subjects, and therefore you accept an agreement or make a declaration that obliges you to keep such personal data confidential.

In the agreement, the data subject and the Data Controller may agree that the image or image and sound material generated during the service, from which the data subject can be identified, may be used by the Data Controller on its social networking site, website or other platform for its own advertising or marketing purposes. In such a case, the data subject may withdraw his or her consent and the data shall be deleted by the Controller on the basis of such withdrawal, subject to any other provisions of the relevant agreement, which may be restrictive.

Duration of data management:The Data Controller is obliged to collect and record the data of the voluntary data subjects as defined below for 5 years from the termination of the voluntary relationship, pursuant to Article 14 of Act LXXXVIII of 2005.

Scope of the data processed in relation to the compulsory registration:

the natural identity of the volunteer concerned and, if the volunteer is not a Hungarian citizen, his/her nationality,

the volunteer's place of residence or, in the absence of a place of residence or accommodation,

in the case of a minor volunteer and a volunteer partially incapacitated for voluntary activities in the public interest, the natural identity and residence, or, in the absence of such, the place of residence of the legal representative,

the content of voluntary activities in the public interest,

the place where the voluntary activity in the public interest is carried out,

time spent on voluntary activities in the public interest and rest periods,

the date of the start of the voluntary activity in the public interest, and

the date on which the legal relationship ends.

The Data Controller shall keep the above records electronically.

The processing is carried out electronically and/or on paper, manually or by automated means.

Data source: directly from the data subject.

Disclosure: may be disclosed to public authorities in the event of an inspection.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Processing data of job applicants

The data controller allows data subjects to apply for a job advertised by the data controller by the means or method specified in the job advertisement (e.g. electronically, but typically on paper).

Application for a job is based on voluntary consent.

Data subjects: any natural person who applies for a job advertised by the Data Controller or who applies for a job without an advertised job.

Scope and purpose of the data processed:

name*: identification
place and date of birth: identification
name of position applied for*: used to identify the application
special data, e.g. health data: special data will only be processed if it is necessary for the assessment of the vacancy
experience name and length of time in previous job*: will be used to assess your application
experience - job description*: used to assess the vacancy
educational qualifications*: to be used for the assessment of the vacancy
knowledge of foreign language, foreign language and level of knowledge*: to be used for the assessment of the vacancy
other information on the CV attached: to be used for the assessment of the vacancy
cover letter attached: to be used for the assessment of the position
indication of consent to processing of data for 2 years after application if the data subject is not admitted: necessary for the legal basis for processing in case of non-selection

The purpose of the data processing is the application and contact.

The activity and process involved in the processing:

The data subject shall provide his/her data to the Data Controller by the means specified in the job application (job advertisement). Applications are typically, but not exclusively, submitted on paper.

During the selection process, the Data Controller compares the applications with the requirements for the position to be filled and the conditions for the establishment of the employment/other legal relationship (if the application was submitted in response to a published job application) and, on the basis of the comparison, invites the most suitable persons for a personal interview. If the application was not made in response to a published vacancy notice, the Data Controller will consider the application, and therefore the use of personal data, for the personal interview.

The selection process continues with a personal interview and, where appropriate, an aptitude test.

In the event of selection, if the candidate concerned holds a post for which moral competence is relevant, he/she will be issued with a certificate of good character. The selection process ends with the conclusion of a contract with the data subject, with the note that the Data Controller may process the data of data subjects who have not been selected only if the data subject has given his or her specific consent and has made a specific, verifiable request to this effect.

The Data Controller shall notify the result of the selection to the data subjects who have applied and request their consent to further processing of the data for 2 years after the application for the same or similar job application or for an application for a job matching the competences of the data subject, if the data subject has not previously given such consent.

Such consents shall be linked to the data and stored by the controller.

The data subject acknowledges that if he or she has provided a reference person when applying for a job, the Data Controller may contact that person to verify the professional experience of the data subject.

Duration of data processing:

The Data Controller processes (stores) the data of the data subjects who have not been recruited and have not given their consent for a period of 6 months after the purpose has been achieved (the position has been filled) for legitimate interests, in particular to enable the Data Controller to prove that the data subject is liable to be prosecuted by the Equal Treatment Authority,

on the basis of the consent of the data subject who has not been admitted, for the period specified in the consent after the application, or

until the data subject's request for erasure has been complied with.

The data is processed electronically and on paper, manually and automatically.

Data source: directly from the data subject.

Data disclosure: the data of the non-admitted data subject will not be disclosed to third parties, the data of the admitted data subject as defined by law (e.g. CL Act 2017) will be transferred to the data processor in charge of accounting/payroll processing as defined in Annex I, which will be informed to the data subjects.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Managing your own staff data

The data controller is obliged to collect, record and transmit data to the state tax and customs authorities in the case of insurance relationships, such as employment relationships, simplified employment or agency relationships, in accordance with the provisions of the legislation in force.

Legal basis for processing:

Act LXXX of 1997, § 46, para 2.

the provision of data to the State Tax and Customs Authority in accordance with point 3 of Annex 1 to Act CL of 2017, and

is mandatory for the data listed below, marked with *, as defined in § 3 and § 11 of Act LXXV of 2010 on Simplified Employment, and therefore data processing is also mandatory.

For other data not marked with *, the processing is not mandatory and the legal basis is the legitimate interest of the Data Controller or

voluntary consent of the data subject.

Data processed and provided to the state tax and customs authorities in the case of employment: surname and first name*, tax identification number*, date of birth*, start*, code*, termination* of insurance, duration of interruption*, weekly working hours*, FEOR number*, social security number*, education, vocational training, qualification, name of the institution issuing the certificate and the certificate number*. If the insured person does not have a tax identification number, the surname and forename at birth, place of birth, mother's surname and forename at birth and the nationality of the insured person must also be provided*, bank account number, identity card number, telephone number, e-mail address, personal image of the person concerned, knowledge of foreign languages, job title, job description, managerial assignments, traineeship, examination, probationary period, disciplinary proceedings, penalty, dismissal, salary grade, length of service, period of creditable service, data relating to grading.

In the case of an assignment relationship, the following data are processed in addition to the above: gross assignment fee, net assignment fee*, bank account number, place of performance of the assignment.

The Data Controller is obliged to keep a register pursuant to Article 46(2) of Act LXXX of 1997, which contains the name and personal data of the Employee/Client as the insured, the social security number, the Employer/Client's data, the data on the insurance period and the length of service, the basis and amount of the contributions deducted from the insured.

The purpose of the processing is to fulfil obligations under the law.

Regardless of the legal relationship, in addition to the above data, the Data Controller processes the following data for the following purposes and for legitimate interests:

telephone number of the person concerned: contact
e-mail address of the data subject: contact

The legitimate interest is expressed in the interest of the data subject or the Data Controller to be able to contact the data subject in connection with the establishment, performance or termination of the legal relationship.

Regardless of the legal relationship, in addition to the above data, the Data Controller may process the following categories of data for the following purposes and with the following legal basis:

health data: proof of reduced capacity for work / fulfilment of the Data Controller's legal obligations (towards public authorities)
health data - see separate processing: fitness for work / legitimate interest of the controller/need of the data subject

The Data Controller shall keep the data for 5 years from the end of the calendar year in which the Employee leaves the Company, provided that the records of employment, payroll and social security are not to be deleted as documents of permanent value.

The activity and process involved in the processing:

The Data Controller informs the data subject that he/she has a statutory obligation to notify the State Tax and Customs Authority of the data to be provided, which the data subject acknowledges in writing.

If the person concerned does not wish to acknowledge the fulfilment of the statutory obligations, does not consent to them, no employment relationship, simplified employment relationship or agency relationship may be established with him/her.

Following the acknowledgement, the data subject, the future employee, shall enter into an employment relationship, simplified employment relationship, or a contract of assignment with the Data Controller by concluding a contract with the Data Controller, which shall be stored by the Data Controller in accordance with the Data Management Policy.

The Data Controller shall notify the competent first-level state tax and customs authority of the data to be provided by the data subject in order to comply with the statutory obligations by communicating its own tax identification number, name, designation, registered office, place of business, place of residence, as well as the name and tax number of its predecessor in title, by electronic means or by using the form provided for this purpose, i.e. by transmitting the data.

The controller records data processed for legitimate interests and data based on the data subject's voluntary consent.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure: if disclosed to a third party, that person is identified in Annex I.

Organisational and technical measures to protect the data processed:

When the Data Controller processes data relating to the Data Controller's employees, it is necessary to ensure that the data are processed only by the employee(s) whose processing is indispensable for the performance of the specific operations required.

If the processing of data relating to the Data Controller's employees is not necessary for the performance of the tasks of each employee, they may not be disclosed to other employees.

see other rules in a separate chapter.

Automated decision-making, profiling: no such processing takes place.

Employees, in particular if they are also data owners, must familiarise themselves with these Rules, other relevant internal rules, instructions and other documents on the day on which their employment starts, but not later than the first day of work.

Management of data of our own staff: data management during internal training and management of documents certifying qualifications obtained

The Data Controller shall process the data collected during internal trainings in accordance with the provisions set out herein, taking into account that, among other things, the employees receive training in accordance with the fire safety, occupational health and safety and data protection regulations in force at the Data Controller, in connection with which attendance sheets and minutes are recorded. The Data Controller shall also process the certificates and qualifications of the staff members in accordance with these rules.

Legal basis for processing:

compulsory by law (e.g. fire safety training, health and safety at work, job-specific training, etc.), or

the legitimate interest of the Data Controller (e.g. HACCP, data protection training). The Data Controller has a legitimate interest in the continuous development of the knowledge, skills and abilities of its staff in order to perform tasks of increasing quality.

The data subjects are: all employees of the Data Controller.

Scope and purpose of the data processed in relation to the education diary:

subject of training: identification
list of participating staff (attendance sheet): identification
Participating Staff signatures: identification, later proof
training date: identification
name and signature of the rapporteur: identification

Scope and purpose of the data processed in relation to individual training:

Staff name: identification
subject of instruction: identification
date of instruction: identification
name and signature of the rapporteur: identification

Scope and purpose of data processed in relation to staff certificates and examinations:

Staff name: identification
certificate, examination serial number: identification, proof, declaration to tax and customs authorities
copies of state certificates, exams: evidence if required by a public authority, otherwise copies are not kept by the Data Controller.

The purpose of data processing is to fulfil legal obligations, to prove professional qualifications and to monitor the training and development of staff.

The activity and process concerned in the case of internal training:

The Data Controller shall announce the dates and times of the internal training, and the Employee shall attend the internal training.

The Data Controller shall record the internal training in an attendance sheet or other document of probative value, signed by the Staff member.

If required by the training, a Staff member will take an exam, the results of which will be stored by the Data Controller.

The activity and process concerned by the data management is related to examinations and certificates issued by third parties to Staff:

The Data Subject shall present to the Data Controller the certificate, certificate or attestation of the examination obtained.

The Data Controller will verify the authenticity of the document and store its number.

Where the existence of the document may be verified by the labour or other authorities at the place of work, the Data Controller may, after the consent of the data subject, make a copy of the document, which it shall store in accordance with the requirements of data security. In other cases, the Data Controller may not make copies of the documents.

Duration of data processing: the logbook of the training on safety, security and fire safety is kept by the Data Controller for 3 years, the logbook of the individual training of the Employee, the data of his/her certificates and exams (and copies thereof, if necessary) are kept for the duration of the employment relationship.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Disclosure: to authorities, to certification body.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Processing of data of our own staff: processing of images, video recordings and audio recordings of our staff

Data processing may only take place with the explicit, voluntary consent of the data subject.

Data subjects: any natural person, in particular a Staff member, who gives his or her prior consent to the recording of images, video and/or audio recordings (for example, when using the service).

Scope and purpose of the data processed:

audio recording with the person concerned: identification, marketing
face image of the person concerned: identification, marketing
other images, including video, of the data subject from which the data subject can be identified: identification, marketing

The purpose of the processing is the purpose specified in the data subject's consent, by way of example, the publication of audio, video and image recordings of the data subject made with the data subject's consent in the media (e.g. television, radio), social media (e.g. Facebook page) for the purpose of marketing by the Data Controller.

The Data Controller declares that the data subject acknowledges that, if the data subject can be identified from the audio, video and video recordings made, the following rules apply to the processing of the data:

the prohibition on disclosure of data (e.g. images) does not apply to recordings of public events, events, landscapes and streetscapes, including videos used for marketing purposes in shops, where the way of representation is not individual, where the recording captures the overall effect of the events in public;

if, in view of all the circumstances, the uniqueness of the recording and the nature of the individual portrait can be established, the data subject must be asked for prior consent, which he or she may withdraw at any time, for example, before uploading to the website or social networking site or after uploading (request for deletion).

The Controller shall take steps to remove the data immediately upon receipt of the request for erasure.

Duration of processing: until erasure at the request of the data subject.

The data is processed electronically and/or on paper, manually.

Data source: directly from the data subject.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

Disclosure

For example, this includes the transfer of data subject's data to a foreign accommodation provider for the purpose of booking accommodation, or the transfer of data to foreign language schools for the purpose of language learning.

If the data subject has voluntarily consented to the transfer of the data, or if the possibility of data communication (transfer, data transmission) is based on another legal basis, the controller shall communicate (transmit, transfer) the data subject's data to the data recipient designated for the data subject.

Legal basis for the transfer

the voluntary consent of the data subject, or

necessary for the conclusion and performance of the contract.

In some cases it may be

is required by law, or

other legal basis (e.g. legitimate interest) provided for by law. The Data Controller shall in principle seek the data subject's voluntary consent or use the need for the transfer for the conclusion or performance of the contract, and shall inform the data subject in writing if another legal basis is used.

Data subjects: any natural person, including a natural person acting on behalf of an organisation, whose data is disclosed by the Data Controller to a third party.

Scope and purpose of the data processed and transferred:

name: identification
email address: contact
telephone number: contact
other data needed to achieve the objective (e.g. duration): achievement of the objective

The above data may only be disclosed to third parties if.

the addressee, purpose and expected time of the communication are clear and known to the data subject, and

the data subject has given his or her consent, or

the data subject's consent is not required on another legal basis.

The activity and process concerned by the processing are the following:

The data subject explicitly consents in writing to the transfer of his or her data as defined above, or the Data Controller uses another legal basis for the transfer.

Where the legal basis is the consent of the data subject, the Data Controller shall store the consent.

The Data Controller will send the data to the Partner electronically in encrypted form or on paper.

Duration of processing: until the purpose is achieved or until the rights and obligations arising from the legal relationship in connection with which the Data Controller processes the personal data expire.

Processing method: electronic and/or paper-based, manual.

Data source: directly from the data subject.

Disclosure: data is disclosed to third parties, the Data Controller's Partners are listed in Annex I.

Organisational and technical measures to protect the data processed: see separate chapter.

Automated decision-making, profiling: no such processing takes place.

With regard to the data marked with *, the Data Controller draws your attention to the fact that if the data subject does not provide them to the Data Controller, the Data Controller cannot provide the service (data processing).

Website visit data

References and links

The website of the Data Controller may also contain links to other websites that are not operated by the Data Controller, but are merely for the information of visitors. The Data Controller has no control over the content and security of the websites operated by partner companies and is therefore not responsible for them.

The Data Controller therefore asks data subjects to review the privacy notice of the sites they visit before providing any form of data on a site not belonging to the Data Controller.

With regard to the provisions of Article 155.4 of Act C of 2003, according to which "Data may be stored or accessed on the electronic communications terminal equipment of a subscriber or user only on the basis of the clear and full consent of the user or subscriber concerned, including the purpose of the processing," the Data Controller provides the following information on the analytical tools it uses, i.e. cookies.

The Data Controller uses the following cookies, the purpose of which is set out below:

Cookies that are strictly necessary

Such cookies are essential for the proper functioning of the website. Without the acceptance of these cookies, the Data Controller cannot guarantee that the website will function as expected, nor that all the information sought by the user will be available to the user.

These cookies do not collect personal data from the data subject or data that can be used for marketing purposes.

Examples of cookies that are strictly necessary are Performance cookies, which collect information about whether the website is working properly and whether there are any errors in its operation. They help the Data Controller to improve the website by indicating possible errors and which parts of the website are the most popular.

Functional cookies

These cookies ensure a consistent presentation of the website, tailored to the needs of the data subject, and remember the settings chosen by the data subject (for example: colour, font size, layout).

Targeted cookies

Targeting cookies ensure that the ads displayed on the website are tailored to the interests of the data subject. The website mainly contains advertisements related to the services and products provided by the Data Controller and serves to facilitate the data subject's access to more favourable offers.

Third-party cookies

A cookie may be placed on the website by a third party, such as a social networking site, that allows you to share or like content and sends information to the third party that can later be used by the third party to serve ads to you on other websites.

The cookie also helps to improve the ergonomics of the website, to create a user-friendly website, to enhance the online experience of visitors.

Analytics, Facebook pixel (pixels)

The data controller embeds JavaScript code in the website (or any sub-page thereof) using a tool called Facebook pixel (formerly known as a conversion tracking pixel), which sends a message to Facebook when a user visits or performs an action on the page. This both helps the Data Controller to understand the return on its advertising spend and makes it easier to serve ads to users who are more likely to convert outside of Facebook. Facebook pixel does not collect, store or transmit any personal data. For more information about how Facebook pixels are used and how they work, please visit www.facebook.com.

Facebook remarketing

The Data Controller places a set of code on the website (or any sub-page thereof), the purpose of which is to make the Data Controller's advertisements available to the user visiting the website while using Facebook. The Facebook remarketing code set does not collect, store or transmit any personal data. For more information on the use and operation of the code set, please visit www.facebook.com.

Google Adwords remarketing

The Data Controller places a code set on the website (or any sub-page thereof), the purpose of which is to make the Data Controller's advertisement or advertisement available to the user visiting the website while browsing the Google Display Network websites and/or searching for the Data Controller or a term related to the Data Controller's services in Google. The code set does not collect, store or transmit any personal data. More information about the use and operation of the code set can be found at http://support.google.com.

Therefore, the Data Controller does not use analytics systems to collect personal data.

The Data Controller reminds users that most Internet browsers automatically accept cookies, but visitors have the option to delete or automatically reject them.

As each browser is different, the user can set his or her preferences for cookies individually, using the browser toolbar.

The Data Controller draws users' attention to the fact that they may not be able to use certain features of the website if they choose not to accept cookies.

Who handles my data?

Data may be processed by the Data Controller's staff only to the extent strictly necessary for the performance of their tasks.

Does the Data Controller transfer or transfer data to another party?

The processing of personal data is essentially carried out by the Data Controller or, if the task is outsourced, by the data processor(s) specified in Annex I of the Policy. In this case, the Data Controller shall transfer data to the processor(s) and shall be responsible for the activities of the processor(s).

The Data Controller may transfer the data specified by the data subject to its Partners if the legal basis for the processing is clear (e.g. the data subject has given his or her prior and voluntary consent) AND the data is necessary for the processing.

What rights do I have?

The rights of the data subject under the Info Act and Regulation (EU) 2016/679 of the European Parliament and of the Council are: the right to information, the right to rectification, the right to erasure, the right to be forgotten, the right to block/restrict data, the right to object, the right to apply to the courts, the right to apply to the authorities.

The detailed definitions and limits of each right are set out in the Rules.

Where and how can I request detailed information about the processing and transfer of my data, and where and how can I exercise my rights?

The Data Controller draws the attention of the data subjects to the fact that they may request information and exercise their other rights, unless excluded by law, by sending a statement to the e-mail address info@shetland.hu or to any other contact details of the Data Controller. The Data Controller will examine and reply to the declaration as soon as possible after receipt, but within a maximum of 15 days, and will take the necessary steps in accordance with the declaration, the Policy and the law. In the event of joint joint processing, the data subject may exercise his or her rights with either controller.

Where can I turn if my right to self-determination is infringed?

National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
www: http://www.naih.hu
e-mail: ugyfelszolgalat@naih.hu

In case of violation of the rights of minors in relation to offensive, hateful, exclusionary content, rectification, rights of a deceased person, defamation of reputation:

National Media and Communications Authority
1015 Budapest, Ostrom u. 23-25.
Mailing address: 1525. Pf. 75
Tel: (06 1) 457 7100
Fax: (06 1) 356 5520
E-mail: info@nmhh.hu

The data subject may take legal action if his or her rights are infringed. The court will rule on the case out of turn. The Data Controller shall prove that the processing complies with the law.

In the event that the Data Controller infringes the personal rights of the data subject by unlawful processing of the data subject's data or by breaching the requirements of data security, the data subject may claim damages from the Data Controller.

How does the Data Controller ensure the security of my data?

The Data Controller shall ensure the security of the data. To this end, it shall take the technical and organisational measures and establish the procedural rules necessary to enforce the applicable laws, data protection and confidentiality rules.

The Data Controller shall take appropriate measures to protect the data against unauthorised access, alteration, disclosure, disclosure, deletion or destruction, accidental destruction or damage and against inaccessibility resulting from changes in the technology used.

The Data Controller shall (also) ensure the enforcement of data security rules by means of internal rules, instructions and procedures, which are separate in content and form from the Internal Data Protection Policy and this Notice.

When defining and applying measures to ensure the security of data, the controller shall take into account the state of the art and shall choose the most appropriate processing solution from among several possible processing solutions which ensure a higher level of protection of personal data, unless this would involve a disproportionate effort.

The Data Controller shall ensure, in particular, in the context of its IT security responsibilities:

Measures to protect against unauthorised access, including protection of software and hardware devices and physical protection (access protection, network protection);
Measures to ensure that data files can be recovered, including regular backups and separate secure management of copies (mirroring, backup);
Protecting data against viruses (virus protection);
The physical protection of data files and the media on which they are stored, including protection against fire, water, lightning and other natural hazards, and the recoverability of damage caused by such events (archiving, fire protection).

Other information

The Data Controller declares that

has registered the notifiable data processing activities with the National Authority for Data Protection and Freedom of Information, the numbers of the relevant official decisions can be found at https://shetland.hu/.
the right to amend the Prospectus to bring it into line with changes in the legal framework, the Rules and other internal rules

Tóthné dr. Udvardi Katalin
Managing Director
Shetland U.K. Language School Ltd.

Legal declaration

This website (with the exception of external websites accessible via hyperlinks) is managed by Shetland U.K. Nyelviskola Oktató és Szolgáltató Kft. (registered office: 1192 Budapest, Kábel u. 10, tax number:13544108-2-43, company registration number:01-00-860760).

Introduction

By accessing this website, you agree to be bound by this legal notice. If you do not agree with the terms of this statement, do not use the website or any services available through it.

The website is a copyright work. You are entitled to print or download parts of the website onto a hard disk and share it with other persons, provided that you do so for information purposes only.

Without prior written consent, any copying, reproduction, retransmission to the public, and/or any distortion, mutilation, use, processing, sale, in whole or in part, of the website content in any form whatsoever, for purposes other than for information (e.g. commercial purposes), and/or any use, processing, sale of the website content in whole or in part, without the written consent of Shetland U.K. Language School Ltd as the author, is prohibited.

Without prior written consent, you may not modify the website (or any part of it) or incorporate it into any other work, including, but not limited to, a printed document, blog, your own website or a third party website.

The reader or user of the website acknowledges that the author is liable to pay a penalty in the event of unauthorised use. The amount of the penalty is HUF 25.000.- gross per sentence and/or per image and/or per video. The reader or user of the website acknowledges that this penalty is not excessive and uses the website with this in mind. In the event of copyright infringement, Shetland U.K. Language School Ltd. will apply for a notarial certificate of fact, the amount of which will also be charged to the infringing user.

Responsibility

The content of this website has been compiled as carefully as possible by Shetland U.K. Language School Ltd, but is provided for information purposes only and is subject to change at the discretion of Shetland U.K. Language School Ltd. In this regard, Shetland U. K. Language School Ltd. assumes no responsibility for the accuracy, completeness, correctness, timeliness or uninterrupted or error-free operation of the website.

To the fullest extent permitted by law, Shetland U.K. Language School Ltd. hereby disclaims any and all liability for any and all damages caused by or in connection with your use of the Website and/or the results of use of the Website in any way, directly and/or indirectly, including, but not limited to, any damages caused by and/or resulting from:

any activity you may have engaged in that may have been prompted by information, data or services posted on the website;
inability to use the website;
certain information on the website is incorrect, incomplete or out of date.

The limitations in the preceding paragraph do not apply if and to the extent that the damage, death or personal injury results from the wilful act, omission or gross negligence of Shetland U.K. Language School Ltd.

Hyperlinks

Hyperlinks on the website are provided for convenience only and the inclusion of any link does not imply endorsement by Shetland U.K. Language School Ltd of the content of the website accessible via the hyperlink. Shetland U.K. Language School Ltd. is not responsible for the content of any linked site or any link contained in a linked site. Any use of data and information accessed through the website and hyperlinks is at the user's own risk.

Embedded technology

The website may use embedded player technologies (e.g. youtube). By using the website, you agree to the terms and conditions of use of the website. By using an embedded technology on the website, you accept the terms and conditions of use of that embedded technology (for Youtube: www.youtube.com/t/terms).

Information submitted

In compliance with the provisions of Act CXII of 2011 (Info tv.), Act XLVIII of 2008 (Grt.) and other legislation, in the event that you send any information or material - other than personal data, special data - to Shetland U. K. Language School Ltd, you agree that Shetland U. K. Language School Ltd may use such information and material free of charge for marketing and other purposes and by sending it you confirm that such use does not infringe the rights of any other person.

In those areas of the website where information is submitted by users of the website, the information submitted is not controlled by Shetland U.K. Language School Ltd and Shetland U.K. Language School Ltd disclaims any responsibility for such information.

Data protection

For information on data protection and data management, please follow the link below: https://shetland.hu/adatvedelem/

Contact

If you have any questions or complaints about this website, you can contact Shetland U.K. Language School Ltd using the following contact details:

e-mail: info@shetland.hu, telephone: 1/2810822, 30/952 1201

Details of the hosting provider:

Név: Szoftvermanufaktúra

Székhely: 22 High Street, Clacton-on-Sea, CO15 1NR, United Kingdom

Elérhetőség: +3620-4084659, iroda@szoftvermanufaktura.hu

Other provisions

Shetland U.K. Language School Ltd. reserves the right to change or modify this disclaimer without prior notice. This disclaimer and your use of this website are governed by the laws of Hungary.

Tóthné dr. Udvardi Katalin

Managing Director

Data protection

December 2024 timetable

2024/25 Winter Courses

SZÓKINCS podcast

Euroexam language exams 2025.

2024/25 Autumn Courses

Archívum