Data Protection Notice

1. General Provisions

The purpose of this data processing policy is to provide information to data subjects regarding the use of their personal data.

Definitions:

  • Data Subject: A natural person whose personal data is processed by Expert Training Kft.
  • Data Controller: Expert Training Kft., which determines the purposes and means of the processing of personal data.

Expert Training Kft., as the Data Controller (hereinafter referred to as the Data Controller), manages all personal data related to the services of the portal available at https://skillnaut.com/, in compliance with the GDPR, the Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, and this data processing policy.

Information about the Data Controller:

  1. Name of Data Controller: Expert Training Kft.
  2. Registered office: 4032 Debrecen, Böszörményi út 68.
  3. Mailing address: 4032 Debrecen, Böszörményi út 68.
  4. Electronic (e-mail) address: hello@skillnaut.com
  5. Company registration number: 09-09-014998
  6. Tax number: 14317543-2-09
  7. Representative of Data Controller: Bálint Kovács, Managing Director
  8. Representative’s e-mail address: balint.kovacs@skillnaut.com

     2. Rights of the Data Subject

    The data subject is entitled to the following rights concerning the processing of their personal data:

    Right to information:

    The data subject has the right to receive clear, transparent, and easily accessible information about the processing of their personal data, which should include the following:

    1. a) The identity and contact details of the Data Controller and, if applicable, the Data Controller’s representative;
    2. b) The contact details of the Data Protection Officer, if applicable;
    3. c) The purposes of the intended processing of personal data and the legal basis for processing;
    4. d) In the case of processing based on legitimate interests, the legitimate interests pursued by the Data Controller or a third party;
    5. e) Where applicable, the recipients or categories of recipients of the personal data, if any;
    6. f) Where applicable, the fact that the Data Controller intends to transfer personal data to a third country or international organization, and the existence or absence of an adequacy decision by the Commission, or if the transfer is to occur, the appropriate and suitable safeguards, and a reference to how copies of these safeguards can be obtained or their availability;
    7. g) The period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    8.  h) The data subject’s rights to request access to, rectification, erasure, or restriction of processing of their personal data, and to object to such processing, as well as the right to data portability;
    9.  i) In cases of processing based on consent, the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
    10.  j) The right to lodge a complaint with a supervisory authority;
    11.  k) Whether the provision of personal data is based on a legal or contractual obligation or a requirement necessary to enter into a contract, and whether the data subject is obliged to provide the personal data, as well as the possible consequences of failing to provide the data;
    12.  l) The fact of automated decision-making, including profiling, and at least in those cases, meaningful information about the logic involved, as well as the significance and the expected consequences of such processing for the data subject.

    Right of Access:

    The data subject has the right to receive confirmation from the Data Controller as to whether their personal data is being processed, and if such processing is ongoing, they are entitled to access the personal data and the following information:

    1. a) the purposes of the data processing;
    2. b) the categories of personal data concerned;
    3. c) the recipients or categories of recipients to whom the personal data has been or will be disclosed, including, in particular, recipients in third countries or international organizations;
    4. d) where applicable, the planned duration of the storage of the personal data, or if not possible, the criteria used to determine that period;
    5. e) the right of the data subject to request from the Data Controller the correction, deletion, or restriction of processing of their personal data, and to object to such processing;
    6. f) the right to lodge a complaint with a supervisory authority;
      g) if the data was not collected from the data subject, all available information about its source;
    7. h) the existence of automated decision-making, including profiling, and at least in these cases, meaningful information about the logic involved and the significance of such processing, as well as the likely consequences for the data subject.

    Right to Rectification:

    The data subject has the right to request the Data Controller to rectify inaccurate personal data concerning them without undue delay. Considering the purpose of the data processing, the data subject is also entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

    Right to Restriction of Processing:

    The data subject has the right to request the Data Controller to restrict the processing of their personal data if one of the following grounds applies:

    • The data subject contests the accuracy of the personal data (in this case, the restriction lasts until the Data Controller verifies the accuracy of the data);
    • The Data Controller has processed the personal data unlawfully, but the data subject requests restriction of processing instead of erasure;
    • The Data Controller no longer needs the personal data for processing purposes, but the data subject requires it for the establishment, exercise, or defense of legal claims;
    • The data subject objects to the processing based on the legitimate interests of the Data Controller, and there are no overriding legitimate grounds for processing by the Data Controller, or the processing is related to the establishment, exercise, or defense of legal claims; in this case, the restriction remains in place until it is determined whether the legitimate grounds of the Data Controller override the data subject’s rights.

    In the case of restriction, personal data may only be processed with the data subject’s consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State, excluding storage.

    The Data Controller will inform the data subject before lifting the restriction on processing.

    Right to Erasure:

    The data subject has the right to request the Data Controller to erase their personal data without undue delay. The Data Controller is obliged to erase the personal data concerning the data subject without undue delay if one of the following grounds applies:

    1. a) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
    2. b) If the processing is based on the data subject’s consent, and the data subject withdraws their consent on which the processing is based, and there is no other legal basis for the processing;
    3. c) The data subject objects to the processing, and there are no overriding legitimate grounds for processing;
    4. d) The personal data have been unlawfully processed;
    5. e) The personal data must be erased to comply with a legal obligation to which the Data Controller is subject under Union or Member State law.

    Right to Object

    If the data processing is based on legitimate interests, the data subject must be provided with appropriate information and the right to object to the processing.

    The data subject has the right to object to the processing of their personal data and, in such cases, the Data Controller must cease processing the personal data, unless it can be demonstrated that:

    • The processing is based on compelling legitimate grounds that override the interests, rights, and freedoms of the data subject, or
    • The processing is related to the establishment, exercise, or defense of legal claims.

    Automated Decision-Making

    The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which significantly affects them.

    Right to Data Portability

    The data subject has the right to receive their personal data provided to the Data Controller in a structured, commonly used, and machine-readable format, and to transmit those data to another data controller, if the processing is based on consent or a contract and is carried out by automated means.

    Withdrawal of Consent

    If the processing is based on the data subject’s consent, the data subject may withdraw their consent at any time. However, this does not affect the lawfulness of processing based on consent before its withdrawal.

     

    Right to Lodge a Complaint

    The data subject has the right to lodge a complaint with the supervisory authority if they believe that the processing of their personal data infringes the GDPR. The contact details of the supervisory authority are as follows:

    National Authority for Data Protection and Freedom of Information
    1363 Budapest, P.O. Box 9.
    Phone: +36-1-391-1400
    Email: ugyfelszolgalat@naih.hu
    Website: www.naih.hu

    Right to an Effective Judicial Remedy Against a Supervisory Authority

    Every data subject has the right to an effective judicial remedy against a legally binding decision of the supervisory authority concerning them, or if the supervisory authority does not handle the complaint or does not inform the data subject of the progress or outcome of the complaint within three months. The proceedings are within the jurisdiction of the courts. The data subject may also bring the case before the court of their place of residence or habitual residence (GDPR Article 78).

    Right to an Effective Judicial Remedy Against the Data Controller or Processor

    Every data subject has the right to an effective judicial remedy if they consider that their rights under the GDPR have been infringed as a result of the non-compliance of the processing of their personal data with the Regulation (GDPR Article 79).

     

    3. Data Processing

    Recruitment of Employees

    Scope of Data Processed: Candidate’s name, address, place and date of birth, photograph, qualifications, and any personal data included by the applicants in their CV.

    Purpose of Data Processing: To post job advertisements and collect applications for recruitment purposes.

    Legal Basis for Data Processing: The data subject’s consent [GDPR Article 6(1)(a)].

    Duration of Data Processing: 6 months from the receipt of the application.

    Data Processor: Advertising portal operator.

    Recipients of Personal Data:  Managing Director, HR Generalist, Business Development Staff.

    The data subject can withdraw their consent at any time by sending an email to hello@skillnaut.com. However, this does not affect the lawfulness of the processing based on consent before its withdrawal.

    Invoicing

    Scope of Data Processed: Names, addresses, tax identification numbers, and bank account numbers of individual entrepreneurs.

    Purpose of Data Processing: Issuing, sending, and accounting for invoices to clients.

    Legal Basis for Data Processing: Compliance with legal obligations [GDPR Article 6(1)(c)] [Act CL of 2017 on Taxation; Act C of 2000 on Accounting; Act CXVII of 1995 on Personal Income Tax].

    Duration of Data Processing: 8 years from the submission of the financial statements.

    Data Processors:

    • Brown Accounting Ltd. (4220 Hajdúböszörmény, Baltazár Dezső Street 76) as an accounting service provider.
    • szamlazz.hu Ltd. (1031 Budapest, Záhony Street 7) as the operator of the szamlazz.hu portal.

    Recipients of Personal Data: Managing Director, Financial Staff, Authorized Accountant.

    Sales Contact

    Scope of Data Processed: Contact person’s last name and first name, email address, phone number.

    Purpose of Data Processing: Sales-related contact and communication.

    Legal Basis for Data Processing: The data subject’s consent [GDPR Article 6(1)(a)].

    Duration of Data Processing: 10 years from the consent, or if consent is withdrawn, immediately after the withdrawal.

    Data Processor: ATW Internet Ltd. (1138 Budapest, Esztergomi Road 66) as hosting provider.

    Recipients of Personal Data: Managing Director, Customer Relations Team Staff.

    The data subject can withdraw their consent at any time by sending an email to hello@skillnaut.com. However, this does not affect the lawfulness of the processing based on consent before its withdrawal.

    Customer Relationship Management

    Scope of Data Processed: Contact person’s name, email address, phone number.

    Purpose of Data Processing: Managing customer relationship data necessary for contract fulfillment.

    Legal Basis for Data Processing: Legitimate interests of the Data Controller [GDPR Article 6(1)(f)].

    Duration of Data Processing: 8 years from the submission of the financial statements according to accounting law.

    Data Processor: ATW Internet Ltd. (1138 Budapest, Esztergomi Road 66) as hosting provider.

    Recipients of Personal Data: Managing Director, Customer Relations Team Staff.

    4. Cookie Management

    Cookies are small text files stored on the user’s computer or mobile device by the website. The Data Controller uses cookies on the website to ensure essential and convenience functions of the portal, to gather information about user website usage patterns, and to display relevant advertisements to users.

    Most browsers allow users to set preferences on whether to accept cookies. In browser settings, users can also specify whether to receive notifications when a website wishes to place a cookie in their browser and how long various types of cookies should remain or whether they should be deleted when the browser is closed.

    You can find information on cookie settings for the most popular browsers at the following links:

    • Google Chrome
    • Safari
    • Firefox
    • Microsoft Edge