LINEO INTERNATIONAL CONSULTING Ltd.
1071 Budapest, Damjanich utca 58 1/2

Data Processing Policy – GDPR

TABLE OF CONTENTS

  1. General provisions
  2. Core principles of processing
  3. Updating and access to the Policy, gaining insight into it and its acceptance
  4. Processing operations, its source and legal grounds, scope of data processed, duration or processing, scope authorised to process
  5. Data transfer
  6. Sending newsletters
  7. Cookies and anonymous information through the use of our websites
  8. Personal data of children and third parties
  9. Personal data processed without any legal grounds
  10. Data security measures
  11. Personal data breach
  12. Rights of and opportunities for the data subject to seek legal remedy

 

  1. General provisions

The present data processing policy (Policy) regulates the processing of personal data recorded and processed by the data controller Lineo International Consulting Limited Liability Company (registered seat: 1071 Budapest, Damjanich utca 58, registered by the Metropolitan Court under company registration number 01-09-949687, tax identification number: 23030307-2-42, hereinafter referred to as Lineo), registered under number NAIH-121784/2017 by the National Authority for Data Protection and Freedom of Information (Freedom of Information Act), in the case of valid legal grounds based on the consent of data owners.

The above defined personal data processed by Lineo complies with the definition for personal data defined in GDPR Article 4(1) and Section 3(2) of Act CXII of 2011 on informational self-determination and freedom of information.

Lineo does not, under any circumstance, process special categories of personal data as defined under GDPR Article 9 and special data as defined under Article 3(3) of the Freedom of Information Act or obtain or request any personal data from persons that are not owners of the data.

The scope of the present Policy does not apply to processing the data of legal persons or data based on which it is not possible to identify the data owner.

Lineo provides information in connection with the data processing policy and its interpretation electronically in response to messages sent to the email address info@coaching-nlp.hu.

  1. Key principles of processing

Lineo pays special attention to protecting the personal data of persons it comes into contact with, its accuracy and confidential nature, acts in a preventative manner to process the data solely on valid legal grounds compatible with purpose limitation and storage limitation, refrains from disclosing the personal data it processes to any third party or organisation in the absence of legal grounds and erasing the data after the legal grounds of processing no longer apply.

In light of its above objectives, Lineo shall make every effort to fully comply with the following key principles of personal data processing during the course of the processing of personal data without any restriction and in every case:

  • Principle of lawfulness, fairness and transparency: personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
  • Principle of purpose limitation: personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • Principle of data minimisation: personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Principle of accuracy: personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
  • Principle of storage limitation: personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
  • Principle of integrity and confidentiality: personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
  • Principle of accountability: the controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1.
  1. Updating and access to the Policy, gaining insight into it and its acceptance

Lineo reserves the right to unilaterally amend the present Policy without the explicit consent of data owners.

In light of this, Lineo agrees to always publish the valid version of the Policy and concurrently ensures access to the previous versions of the Policy on the website http://coaching-nlp.hu/ for data owners to always have accurate information in connection with the processing activity undertaken by Lineo and rules regulating this activity.

By providing personal data to Lineo, in particular, in light of Section 3(2) of the Freedom of Information Act, the data owner declares to have gained knowledge of the version of the present Policy valid at the time the data was provided and explicitly accepts its provisions. 

  1. Processing operations, its source and legal grounds, scope of data processed, duration or processing, scope authorised to process

4.1. Processing operations

In the event of valid legal grounds, during the course of technical activities relating to processing operations, Lineo records, processes, transfers the personal data provided previously in the most limited possible scope and blocks and erases such data in the case of due grounds based on the request of the data owner.

4.2. Legal grounds of processing:

Legal grounds detailed in Article 6 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

  • Lineo records and processes the personal data provided voluntarily based on the consent of the data owner to conclude contracts between the client and the student and to perform these to satisfy its legal and contractual obligations.
  • While communicating with Lineo (e.g. subscribing to our newsletter, communicating via email, Facebook, etc.), data owners provide their personal data to Lineo based on voluntary consent.

If the data owner withdraws the consent provided to process personal data, Lineo may nevertheless have due grounds to apply alternative legal grounds to that defined in GDPR Article 6, Lineo may opt to apply alternative legal grounds to process the personal data without the consent of the data owner.

4.3. Scope of data processed

The scope of personal data provided to Lineo by data owners includes all personal data provided by clients, students and persons communicating electronically with Lineo (e.g. newsletter subscribers, email senders, persons sending messages on Facebook), which, in particular, includes the following:

  • Within the framework of client relations: postal and permanent address, identity card number, email address, telephone number.
  • Student contracts and for filling in application documents: full name, place and date of birth, mother’s maiden name, postal and permanent address, identity card number, address card number, education and qualifications, copy of document certifying highest level of education, tax identification number, nationality, email address, telephone number.
  • Within the framework of electronic communication (e.g. subscribing to a newsletter or email): name and email address of the person communicating, newsletter subscription status. Communicating with visitors on Lineo Facebook pages (https://www.facebook.com/lineoic/, https://www.facebook.com/coachingnlpinternationalacademy/, https://www.facebook.com/stothmarta/), visitors are able to send comments and messages to Lineo via Facebook, for example may ask about the courses and training Lineo will be holding. Lineo may reply to questions or send comments and reply messages, if necessary.

4.4. Duration of processing

Lineo processes personal data based on the consent provided by the data owner until withdrawal of consent, generally for 5 years following termination of contact with the data owner in the absence of withdrawal of consent. The data owner may withdraw consent at any given time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to withdrawal.

As a general rule, Lineo safeguards data required to perform a contract in which one of the parties is the data owner and Lineo is the other or if processing is required to satisfy any legal obligation of Lineo (e.g. documents containing personal data constitute documents certifying accounting, is, for example, specified in documents relating to contracts concluded between Lineo and the client (e.g. on the order) or on the invoice issued) for a period of 5 years, as regulated in the Civil Code, or for the period set in sectoral rules for given documents irrespective of the consent of the data owner (e.g. for 8 years according to accounting regulations).

4.5. Persons authorised to process data

Rights and obligations of the processor pertaining to the processing of personal data are defined by the controller Lineo as provided for in the Freedom of Information Act and other legal regulations regulating processing.

Lineo provides all employees and data processors (currently a total of 3 persons) the opportunity to perform technical activities relating to processing operations (recording, processing, erasure, blocking, etc.).

As controller, Lineo bears responsibility for the lawfulness of processing. Data processing credentials of the controller are detailed in the present Policy; the controller may not go beyond these in any case, may solely process the personal data provided according to the rules set by the controller Lineo and guidelines set forth in the present Policy, may not perform processing for its own purpose; furthermore, shall store, safeguard personal data according to rules set by the controller Lineo, erase personal data if valid legal grounds no longer apply and block personal data in the case of the rightful request of the data owner.

4.6. The scope of data processed, processing purposes, the duration of processing and the persons eligible to access the data is presented in the table below.

Type and purpose of processing Legal grounds of processing Scope of data processed Duration of processing Who has access to my personal data?
Communicating with clients Section 6(5)a) of the Freedom of Information Act, according to which Lineo may process data recorded based on the consent of the data subject to satisfy relevant legal obligations without the data subject providing any other further consent. Postal and permanent address, identity card number, email address, telephone number Lineo erases the data after performing the contract in 5 years time as defined under CC Section 6:22. If Lineo is required to safeguard the data based on Section 169 of Act C of 2000 on accounting, Lineo shall only erase the data irrespective of the consent of the data subject in eight years time following the performance of the contract. This generally occurs if the data constitutes documents certifying accounting, is, for example, specified in documents relating to contract conclusion between Lineo and the client (e.g. on the order) or on the invoice issued. All Lineo employees
Student contracts Section 6(5)a) of the Freedom of Information Act, according to which Lineo may process data recorded based on the consent of the data subject to satisfy relevant legal obligations without the data subject providing any other further consent.

Identifying the client, keeping in contact and communicating with the client is the purpose of processing.

Full name, name at birth, place and date of birth, mother’s maiden name, postal and permanent address, copy of identity card and address card, education and qualifications, copy of document certifying highest level of education, tax identification number, nationality, email address, telephone number, bank account number Lineo erases the data after performing the contract in 5 years time as defined under CC Section 6:22. If Lineo is required to safeguard the data based on Section 169 of Act C of 2000 on accounting, Lineo shall only erase the data irrespective of the consent of the data subject in eight years time following the performance of the contract. This generally occurs if the data constitutes documents certifying accounting, is, for example, specified in documents relating to contract conclusion between Lineo and the client (e.g. on the order) or on the invoice issued. All Lineo employees
Electronic communication (newsletters, via email, Facebook) Section 6(1) of Act XLVIII of 2008 on the Essential Conditions of and Certain Limitations to Business Advertising Activity (Business Advertising Act) – prior and explicit consent of the data subject Name and email address of subscribers, newsletter subscription status, messages sent on Facebook Personal data must be erased if the data subject withdraws consent or the email address is erased. All Lineo employees
  1. Data transfer

As a principal rule, Lineo does not transfer personal data provided to any third party without the written consent of the data owner or in the absence of valid legal grounds, such as to satisfy obligations ensuing from legal regulations.

Irrespective of the principal rule, Lineo transfers invoices issued to its accountant, students enrolled in trainings and clients containing the name and postal address of the student or client to satisfy obligations ensuing from legal regulations.

In special cases, Lineo is obligated to provide information, disclose data and ensure access to documents based on requests made by the court, the prosecution service, the investigating authority, the infractions authority, the administrative authority or the National Authority for Data Protection and Freedom of Information and as provided for by law at the request of other bodies. In such cases, Lineo only discloses personal data to the extent essentially required to satisfy the purpose of the request made, if the specific purpose and scope of data has been specified.

  1. Sending newsletters

Subscribing to newsletters constitutes a part of automated processing, which newsletters are automatically sent to subscribers via the system used by Lineo according to rules set in possession of the data and consent provided by the data owner subscribing to the newsletter.

The data owner way unsubscribe from the newsletter free of charge at any given time, without restriction and having to state reasons by contacting info@coaching-nlp.hu or on the website by clicking on the link provided in the newsletter.

  1. Cookies and anonymous information through the use of our websites

Lineo uses cookies on certain parts of its website http://coaching-nlp.hu/ to track the activity of site visitors, which, however, are by no means linked to the visitor.

Cookies essentially store specific information on the computer or web browser of the user visiting the website. Cookies help Lineo understand which parts of the website are the most popular ones, because they allow us to see which pages visitors access and how much time they spend there. Cookies record, for instance, the time accessed, whether the user has visited the website before and the website that directed the visitor. By using cookies, the information displayed the next time the website is accessed will meet the user expectation of visitors.

Visitors to the website may block cookies if they use a browser that signals that a cookie has been sent and refuse to accept unwanted cookies

A record of IP addresses is temporarily kept for statistical purposes on the website operated by Lineo; however, it is not linked to the person visiting the site.

Technical data based on which it is not possible to identify the data owner may be automatically saved when visiting the Lineo website. The address of the website that directed the visitor to Lineo’s website, searches performed on the website and the place of access to the website are such technical data.

Data based on which it is not possible to identify the visitor are not deemed personal data and, as such, are not regulated within the scope of the present Policy. This information is only used by the company.

  1. Personal data of children and third parties

Persons under the age of 16 may not provide their personal data without the explicit consent of a parent.

The person providing the personal data declares and guarantees to explicitly act in compliance with the present Policy and that the person’s legal capacity to provide information in not restricted in any manner.

If the person providing the data is not eligible to independently provide the data of the data subject, this person is required to obtain the written consent of the third party data subject  (e.g. legal or transactional representative, caretaker, guardian or other person acting in the name or in the interest of the given person) or ensure other legal grounds for processing the personal data provided.

Lineo is in every case authorised to verify compliance with the legal grounds referred to for processing personal data. As such, Lineo may request authorisation recorded in a document of full probative force from the representative and/or consent to data processing provided by the data subject’s data owner in the given matter. 

  1. Personal data processed without any legal grounds

Lineo is committed to erasing all personal data in which case there are no longer any legal grounds for processing or that it provided in an unauthorised manner.

Furthermore, within the framework of this commitment, Lineo agrees to do everything in its power to refrain from using any personal data it processes without any legal grounds or transferring such data to third parties.

Lineo requests the data owners whose data it processes to notify the company without delay if the data owner notices that a third party provided the personal data of the data owner to Lineo in an unauthorised manner or if Lineo obtained the personal data of a child under the age of 16 without the consent of a parent.

  1. Data security measures

Lineo shall take appropriate security measures to prevent the public disclosure, erasure, loss or destruction of the personal data it processes under any circumstances.

To enforce these data security measure requirements, Lineo created an IT environment in a manner to comply with the following requirements:

  • The IT system is capable of restricting access to the data processed, as such, the data is protected from unauthorised third parties (as such, from unauthorised access, alteration, transfer, public disclosure, erasure, destruction).
  • Preventing unauthorised data entry during the course of the automated processing of personal data, use of its data processing system by unauthorised persons and use via a data transfer device; all changes to data to ensure verification and accountability in connection with information relating to data entry (such as who and when) and data transfer are made by specifying the time changes were made.
  • An error report is prepared in connection with errors arising during the course of automated processing, the incorrect data is erased.
  • A data backup is made to protect the data from accidental destruction, alteration and inaccessibility ensuing from changes to the technology used and to be able to recover the data in the event of a breakdown.

Lineo operates a registration system to record data transfer, termination of data transfer, personal data breaches, requests made by data owners and authorities and replies provided to these in connection with the customer database to efficiently enforce the security measures taken.

Lineo’s IT system provides the security level expected during the course of personal data processing and provided protection against cybercrimes. The operator ensures protection through password protection, a firewall and server security procedures.

  1. Personal data breach

Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

The controller reports the personal data breach without delay and preferably no later than 72 hours after gaining knowledge of the personal data breach to the National Authority for Data Protection and Freedom of Information, except if the personal data breach presumably does not represent a risk to the rights and liberties of natural persons. Reasons certifying delay must be stated if the breach is not reported within 72 hours.

The controller registers personal data breaches by recording facts relating to the personal data breach, its impacts and measures taken to rectify it. This registry allows the supervisory authority to verify compliance with legal requirements.

The controller informs the data subject of personal data breach without delay if the personal data breach presumably represents a high risk to the rights and liberties of natural persons. The nature of the personal data breach is to be explained simply and clearly to the data subject. 

  1. Rights of and opportunities for the data subject to seek legal remedy

The data subject may request

  1. information in connection with the processing of his or her personal data,
  2. rectification in the case of an error in his or her personal data and
  3. the erasure or blocking of personal data, with the exception of mandatory processing,

from the controller.

Furthermore, the data subject may object to the processing of his or her personal data.

Lineo is required to provide clear information in writing to satisfy the request within a reasonable deadline of the receipt of the request or maximum within 25 days. Lineo shall state the reasons and legal grounds of refusal in writing within 25 days of the receipt of the request or electronically based on the consent provided by the data subject if it fails to satisfy the request made.

The data subject may object to the processing of his or her personal data in the cases listed under section 21 of the Freedom of Information Act. The controller reviews the complaint made within the shortest possible space of time following its submission or within 15 days, renders a decision in the matter of its acceptance and informs the complainant of the decision in writing.

Should Lineo find the complaint made substantiated, it shall terminate data processing, block the data and notify all persons to whom it previously transferred the personal data against which a complaint was lodged and the measures taken based on it, which persons are required to take measures to enforce the right to object.

Lineo informs the data owner of the following opportunities to seek legal remedy at court or to turn to the National Authority for Data Protection and Freedom of Information in the case of the rejection of the above applications:

1) The data owner may take legal action against the controller in the event of the breach of the rights of the data subject and in the cases listed in section 21 of the Freedom of Information Act. Legal action may also be taken at the court competent in the place of residence or habitual residence of the data subject, according to the choice of the data subject.

2) Anyone may initiate review by filing a report to the National Authority for Data Protection and Freedom of Information (http://naih.hu/; 1530 Budapest, Pf.: 5; Tel.: +36-1-391-1400; Fax: +36-1-391-1410; Email: ugyfelszolgalat@naih.hu) with reference to the violation of rights pertaining to right of access to data of public interest and data public on the grounds of public interest or its imminent risk.

Rights in connection with data processing and opportunities to seek legal remedy are detailed in subchapters 13-17 and 30 of the Freedom of Information Act.

 

Last updated: 24 April 2018

Opt-out options

Google gives you the opportunity to control cookies (also known as web re-design ads) used for remarketing ads. Please click on the appropriate opt-out link here: https://www.google.com/settings/ads/plugin (You must be signed in to your Google account to edit).

Facebook does not provide opt-out control for cookies. For more information on managing your Facebook cookie, please click here: https://www.facebook.com/policies/cookies/ (You must be logged in to your Facebook account).

Please follow the instructions under “How do I check my cookies?”

The best way to clean your browser from cookies is to regularly (or at any time) delete cookies from your browser. The other option is to use the “Don’t Follow” option (“incognito” or “private” browsing).

To manually delete your data from our database (including physical data), please send your cancellation request to the following email address: info@coaching-nlp.hu.