Cubix Institute of Technology
GENERAL INFORMATION ON DATA PRIVACY
Name: Webuni Ltd.
Registered office: HU-6000 Kecskemet, Magyar street 2.
Data protection officer: Andras Pakucs
Complaints handling: firstname.lastname@example.org
Tax number: HU25081512
Company registration number: 03-09-132232
Physical location of data storage: DoclerNet Hosting Ltd.; HU-1109 Budapest, Expo sqr. 5-7.
The Service Provider offers, mediates or makes available to Users a variety of services that can be accessed electronically through the Website (hereinafter referred to as the "Service" or "Services"). Some of the Services are free of charge, others are available for a fee. The Services are available exclusively to Users upon registration (hereinafter "Registration").
Visiting the Website without using the Services does not require user identification, in which case no data processing takes place, but certain information about visitors is stored using the cookies that are set for this purpose. In any case, the use of the Services by the Users requires user identification, which is subject to the User's registration on the Website and login to the user account. After registration, the data associated with the user account will be saved. Users voluntarily decide to use the Services and agree that this requires the provision of their personal data.
We may use the name provided for the User's profile created during registration in all of the services we provide that require the User to have an account.
When the User contacts us, we keep a record of the communication with the User so that it can be used to help us in the future to resolve any problems the User may have. We may use the User's email address to inform you about our services, sending you notifications of upcoming changes or improvements.
The Service Provider also processes the personal data of natural persons who are interested in the Services and expressly request information about the Services or Registration (hereinafter referred to as "Prospective User" or "Prospective Users").
The Service Provider shall ensure compliance with the requirements of the General Data Protection Regulation of the European Union at all stages of data processing. The Service Provider shall ensure that the processed data only leave the European Economic Area if authorised to do so by the General Data Protection Regulation.
The Service Provider shall ensure the security of the data, take the technical and organisational measures and establish the procedural rules necessary to enforce the data protection and confidentiality rules. In particular, appropriate measures shall be taken to protect the data against unauthorised access, alteration, transmission, disclosure, deletion or destruction, accidental destruction or accidental damage, and against inaccessibility resulting from changes in the technology used.
The Service Provider guarantees that when defining and applying measures for data security, it takes into account the state of the art and in any case chooses the IT solution that ensures a higher level of data protection.
The processing of Users' data in connection with the use of the Services provided by the Service Provider through the Website and the Services available through the Website is carried out for the purposes of identifying Users, enabling, providing, maintaining, documenting, improving, developing new services, enabling the billing of the Services, carrying out promotional activities related to the Services, and other administration related to the Services, including, in particular, the performance of official controls and the handling of any disputes. Prospective Users' data are processed for the purposes of their registration.
Anonymized or pseudonymized personal data of Users and Prospective Users may be used by the Data Controller for its own statistical purposes and to improve the quality of the Services, to customize certain Services.
The User shall have the right to request information at any time before and during the use of the Services and after the termination of the Services, within the period specified in Section 6, on which data are processed by the Service Provider and for what purposes, and on any other matter related to data processing, including, inter alia, the legal basis for processing, the duration of processing, the remedies available to the User, and who receives or has received the personal data and for what purposes. The detailed procedure for requesting information is set out in point 10.
The Services may be used by legal entities registered by eligible Users, unincorporated business entities (limited liability companies, bt.), sole proprietors or other persons with a tax identification number who qualify as an enterprise under the Civil Code (hereinafter referred to as "Client" or "Clients"). Clients are registered on the Website by authorised Users, with the proviso that in the case of sole proprietors, the User is also a Client. The Data Controller processes the personal data of the Users themselves and of other persons provided by them (contact persons of the Customers, contact persons of specific contractual partners), as well as the personal data of Prospective Users. The Data Controller only records personal data that are voluntarily provided by the User or the Prospective User or a contractual partner invited by the User or having a contractual relationship with the User, except for the mandatory provision of data related to the conclusion of a contract or the issuing of an invoice in the case of Services for consideration.
● to send information and newsletters about training/events,
● to call for information on training/events,
● For system messages sent by the website,
● in the case of training requiring official notification, to the relevant competent authority,
● to use the cookies on the Website.
After the registration is finalized, the Service Provider will send a confirmation to the e-mail address provided by the User, informing the User about the registration details.
The Service Provider shall provide the services available after registration without any fee for an indefinite period of time, until the User's registration is canceled.
The User shall have the right to request the deletion of his/her personal data for which his/her consent was required.
After registration, the purpose of data processing is to identify customers for the use of the services available through the Website, to establish the service contract, to document the provision of services, the adequacy of performance and, where applicable, to enable billing and to provide evidence of the contracts concluded.
The pages of the service may contain links to the pages of other banking or payment service providers. The Service Provider is not responsible for the privacy practices or other activities of such service providers.
● They are technical in nature and are intended to ensure the proper functioning of the Website in order to facilitate the use of the services by users;
● other cookies are necessary to enable users to browse the Website, in particular to remember the actions taken by the visitor on the site;
● Cookies used for statistical purposes, which require the User's consent.
● The scope of personal data provided by the User during registration:
o E-mail address provided during registration;
o phone number;
o your interests.
● The scope of the data processed for the provision of the Services:
o the IP address of the User's computer;
o the start and end times of logins to the Website;
o the browser and operating system type;
o the activity carried out by the User on the Website.
The scope of the data processed when the User handles complaints (e.g. error reports):
● the name, email address or telephone number of the User reporting the complaint (depending on how the complaint is reported);
● the name of the Client represented by the User, if the User is not acting on behalf of and on behalf of the Client but on its own behalf;
● a description of the reported complaint;
● a statement from the Service Provider if the fault/complaint can be investigated immediately;
● in the case of a complaint made by telephone (orally), the unique identifier of the complaint.
The scope of the personal data provided by the prospective User (with the understanding that by registering, the prospective Users become Users themselves):
● the e-mail address you provided during your enquiry;
● phone number;
● your interests.
The personal data of the contact persons of the contractual partners with whom the User has a contractual relationship:
● name and e-mail address of the contact person.
Information about the cookies used on the Company's website and the data generated during the visit
The data processed during the visit
During the use of the Website, the following data may be recorded and processed about the visitor and the device used for browsing:
● the IP address used by the visitor,
● the browser type,
● the characteristics of the operating system of the browsing device (language set),
● date of visit,
● the (sub)page, feature or service visited,
Cookies used on the website
Technically necessary session cookies
Purpose of processing: to ensure the proper functioning of the website. These cookies are necessary to enable visitors to browse the website, to use its functions smoothly and fully, to use the services available through the website, including, in particular, to note the actions carried out by the visitor on the pages concerned or to identify the logged-in user during a visit. The duration of the processing of these cookies is limited to the current visit of the visitor, and this type of cookie is automatically deleted from his/her computer at the end of the session or when the browser is closed.
During the use of the Website, the Service Provider automatically records the User's IP address, the type of operating system and browser program used and other information for technical reasons. The system continuously logs this data, but does not link it to the data provided during registration or use. Users do not have access to the data obtained in this way, only the Service Provider.
The Service Provider may record the data of the Internet pages from which the User accessed the Website and those visited on the Website, as well as the time and duration of the visit. The User's identity and profile cannot be inferred from these data.
Cookies to facilitate use:
These remember the User's choices, for example, what form the User wants the Website to take. These types of cookies are essentially the preferences data stored in the cookie.
The legal basis for processing is the consent of the User.
Purpose of data management: to increase the quality and efficiency of the Service, to enhance the user experience and to make the use of the website more convenient.
This data is on the user's computer, the website just accesses it and recognises the visitor.
They collect information about the User's behaviour on the Website, time spent on the Website, clicks. These are typically third party applications (e.g. Google Analytics, AdWords, GTM, Facebook).
Legal basis for processing: consent of the data subject.
Purpose of data processing: analysis of the website, sending promotional offers.
The above information is used by the Service Provider solely for the technical operation of the Website and for statistical purposes.
The Service Provider only stores the User's password hash, not the password itself.
Legal basis for data processing
During the registration process, the User voluntarily provides his/her data, in which case the legal basis for the provision of data is the User's voluntary, explicit and informed consent.
The Prospective User who is interested in registering voluntarily provides his/her data, in which case the legal basis for the provision of the data is the voluntary, explicit and informed consent of the Prospective User.
The Service Provider shall process the personal data voluntarily provided by the User and the Prospective User solely for the purposes specified in point 3 and for the period specified in point 6, or in case of mandatory data processing for the period specified by law. The Service Provider's data processing activities shall comply with the above conditions at all times.
The present consent shall also constitute the consent of the natural persons (executives, contact persons) designated by the User to represent the Client during the Registration and after the Registration, as well as of the Invited Persons designated by the User and the contact persons of the contractual partners having a contractual relationship with the User. The consent of the User and the Prospective User is voluntary, informed and definite; it constitutes the legal basis for the Service Provider's data processing activities.
In the case of mandatory processing (for example, billing data), the legal basis for processing is the law applicable to the Service.
In certain cases (e.g. non-payment of the price of the Service, debts of the User) or in case of public interest, the Service Provider may also process data on the basis of a balance of interests. In the case of processing based on a balancing of interests, the Service Provider will always carry out a balancing of interests test, which will be based on a case-by-case assessment of the User's freedoms against an overriding private or public interest in the necessity of the processing.
To comply with the legal obligation within the scope of the following legislation: the processing of data by the Service Provider as Data Controller.
It applies to data processing by the Service Provider as Data Processor:
The Service Provider has a legitimate interest vis-à-vis the User to enforce any claim arising from the contract. The limitation period after the termination of the contract is 5 years after the expiry of the general limitation period of the Civil Code. The Data Controller shall keep the data necessary for the enforcement of the interest until the end of the statutory limitation period under the Civil Code following the termination of the contract (unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child).
Duration of data processing
In the case of processing based on consent, the processing lasts until the consent is withdrawn, but not longer than 8 (eight) years from the date of the termination of the possibility to use the Services. If the User has used more than one Service, the above period shall start from the date on which the use of the last of the Services used by the User validly ceases.
If the Prospective User does not register or does not complete the registration for any reason, the Service Provider may send a notification to his/her e-mail address.
Data transmission, data linking
The Service Provider is also entitled and obliged to transfer the personal data of the data subject in the cases provided for by law, at the request of the competent authority, with the understanding that the Service Provider is obliged to verify the legal basis for the transfer of data in such cases.
Personal data will only be shared with companies, organizations or persons outside the Service Provider if we have the User's consent.
We will also share personal information with companies, organizations or individuals outside the Service Provider if we have a good faith belief that there are reasonable grounds to access, use, retain or disclose the information:
Data processing, data processor
In the performance of the contract, the Service Provider, as Data Controller, shall only use data processors that provide adequate guarantees for the compliance of data processing with the requirements of the law and for the implementation of appropriate technical and organizational measures to ensure the protection of the rights of the data subjects.
The Data Controller is entitled to use a data processor for the performance of its activities. Processors do not take independent decisions and are only entitled to act in accordance with the contract concluded with the Data Controller and the instructions received. The Controller shall monitor the work of the processors. Processors shall be entitled to engage an additional processor only with the consent of the Controller.
The processing carried out by the processor is governed by a contract which defines the subject matter, duration, nature and purposes of the processing, the type of personal data, the categories of data subjects, the confidentiality obligation and the obligations and rights of the controller, and which binds the processor to the controller.
The Data Controller uses the following data processors:
Servergarden Ltd.; (HU-1023 Budapest, Lajos utca 28-32.) - server services
Mailchimp, The Rocket Science Group LLC (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308) - Manage and send group emails to students for training-related communication
Mailgun Technologies, Inc. (535 Mission St., San Francisco, CA 94105) - Automated system message management, sending
Barion Payment Zrt. (HU-1117 Budapest, Infopark boulevard 1, building I 5) - online payment
OTP Mobil Ltd. (HU-1093 Budapest, Kozraktar str. 30-32.) - online payment
Szamlazz.eu, KBOSS.hu Trading and Service Provider Limited Liability Company (HU-1031 Budapest, Zahony utca 7.) - online invoicing
Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - page view statistics, advertising
Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) - site visit statistics, advertising
Smartsupp.com, s.r.o (Milady Horakove 13, Brno, 602 00, Czech Republic) - online chat, customer service
The Data Controller shall implement appropriate technical and organizational measures to ensure a level of data security appropriate to the scale of the risk, taking into account the nature, scope, context and purposes of the processing and the varying likelihood and severity of the risk to the rights and freedoms of natural persons.
The Service Provider will take all necessary steps to ensure the security of the personal data provided by the Users, both during network communication and during the storage and safekeeping of the data.
Access to personal data is strictly limited to prevent unauthorized access, unauthorized alteration or unauthorized use of personal data.
The Data Controller also facilitates the exercise of Users' rights by providing the following information.
The Data Controller shall inform the User of the measures taken in response to the request to exercise his/her rights without undue delay, but no later than one month from the date of receipt of the request. This period may be extended by a further two months, which shall be communicated to the User.
If the Data Controller fails to take action on the User's request, the Data Controller shall inform the User without delay, but no later than one month after receipt of the request, of the reasons for the failure to take action and of the User's right to lodge a complaint and exercise his/her right to judicial remedy.
The controller provides the information and the information and action on the rights of the data subject free of charge, but in certain cases a fee may be charged. The Data Controller shall inform all recipients to whom or with whom the personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or would involve a disproportionate effort.
Users' rights are listed as follows:
Transparent information, communication
The User has the right to be informed of the facts and information related to the processing before the processing starts.
The Data Controller undertakes to provide, at the User's request, all information and any particulars relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language. The information shall be provided in writing or by other means, including, where appropriate, by electronic means.
Right to prior information
The User has the right to be informed of the facts and information related to the processing before the processing starts.
User access rights
The User has the right to receive feedback from the data controller as to whether his/her personal data are being processed and, if such processing is ongoing, the right to access the personal data and related information described in the previous point.
requested by the User, the Data Controller may
reasonable fee based on administrative costs
The right to rectification
At the User's request, the Data Controller shall correct inaccurate personal data concerning the User without undue delay.
Right to erasure ("right to be forgotten")
Upon the User's request, the Data Controller shall delete the personal data concerning the User without undue delay. If:
(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the User withdraws his or her consent on the basis of which the processing is based and there is no other legal basis for the processing;
c) the User objects to the processing and there are no overriding legitimate grounds for the processing,
d) the personal data have been unlawfully processed;
(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
(f) the personal data were collected in connection with the provision of information society services directly to a child.
Right to restriction of processing
In the event of restriction of processing, such personal data, except for storage, may be processed only with the consent of the User or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.
Right to data portability
Subject to the conditions set out in the Regulation, the User has the right to receive personal data concerning him/her provided by him/her to a controller in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without hindrance from the controller.
The User may also request the direct transfer of personal data between data controllers.
The right to protest
The User has the right to object to the processing of his/her personal data. In this case, the controller may no longer process the personal data, unless the controller proves that the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the User or are related to the establishment, exercise or defense of legal claims.
Informing the user of the data breach
If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller must inform the data subject of the personal data breach without undue delay.
All Users have the right to an effective judicial remedy if they consider that their rights have been infringed as a result of the improper processing of their personal data.