Privacy Statement

1. General provisions

This privacy statement aims to provide information to data subjects about the use of their personal data.

Definitions of terms:

  • Data subject: the natural person whose personal data is processed by Expert Training Ltd.
  • Controller: Expert Training Kft., which determines the purposes and means of the processing of personal data.
  • Expert Training Kft. as the Data Controller (hereinafter referred to as the Data Controller) shall act in accordance with the GDPR, Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information and this Privacy Policy in all data processing of the data subjects in connection with the services of the portal available at https://skillnaut.com/ operated by it.
  • Information about the Data Controller:
  1. a) Name of Data Controller: Expert Training Kft.
    b) Registered office: 4032 Debrecen, Böszörményi út 68.
    c) Postal address: 4032 Debrecen, Böszörményi út 68.
    d) Electronic (e-mail) address: hello@skillnaut.com
    e) Company registration number: 09-09-014998
    f) Tax number: 14317543-2-09
    g) Data Controller’s representative: Bálint Kovács, Managing Director
    h) E-mail address of the Data Controller’s representative: balint.kovacs@skillnaut.com

 2. Rights of the data subject

The data subject has the following rights in relation to data processing:

Right to information:

The data subject shall have the right to receive information about the processing of his or her personal data in a concise, transparent and easily accessible form, in a clear and comprehensible manner, in particular:

  1. a) the identity and contact details of the Data Controller and, if any, of the Data Controller’s representative;
  2. b) the contact details of the Data Protection Officer, if any;
  3. c) the purposes for which the personal data are intended to be processed and the legal basis for the processing;
  4. d) in the case of processing based on legitimate interests, the legitimate interests of the Controller or of a third party;
  5. e) where applicable, the recipients of the personal data and the categories of recipients, if any;
  6. f) where applicable, the fact that the controller intends to transfer the personal data to a third country or an international organisation and the existence or absence of an adequacy decision by the Commission or, in the case of a transfer, an indication of the appropriate and suitable safeguards and a reference to the means of obtaining a copy or the availability of a copy.
  7. g) the duration of the storage of personal data or, where this is not possible, the criteria for determining that duration;
  8. h) the right of the data subject to request the Controller to access, rectify, erase or restrict the processing of personal data relating to him or her and to object to the processing of such personal data, and the right of the data subject to data portability;
  9. i) in the case of processing based on consent, the right to withdraw consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of consent prior to its withdrawal;
  10. j) the right to lodge a complaint with a supervisory authority;
  11. k) whether the provision of the personal data is based on a legal or contractual obligation or is a precondition for the conclusion of a contract, whether the data subject is under an obligation to provide the personal data and the possible consequences of not providing the data;
  12. l) the fact of automated decision-making, including profiling, and, at least in those cases, clear information on the logic used and the significance of such processing and the likely consequences for the data subject.

Right of access:

The data subject has the right to obtain from the Controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information:

  1. a) the purposes of the processing;
  2. b) the categories of personal data concerned;
  3. c) the recipients or categories of recipients to whom or which the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
  4. d) where applicable, the envisaged duration of the storage of the personal data or, where this is not possible, the criteria for determining that duration;
  5. e) the right of the data subject to obtain from the controller the rectification, erasure or restriction of the processing of personal data relating to him or her and to object to the processing of such personal data;
  6. f) the right to lodge a complaint with a supervisory authority;
  7. g) where the data have not been collected from the data subject, any available information concerning their source;
  8. h) the fact of automated decision-making, including profiling, and, at least in these cases, the logic used and clear information on the significance of such processing and its likely consequences for him or her.

The right to rectification:

The data subject shall have the right to obtain, at his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her. Having regard to the purposes of the processing, the data subject shall have the right to obtain the rectification of incomplete personal data, including by means of a supplementary declaration.

Right to restriction:

The data subject shall have the right to request that the Controller restrict the processing or use of personal data(s) concerning him or her, if one of the following grounds applies:

  • the data subject contests the accuracy of the personal data (in which case the restriction lasts until the Controller verifies the accuracy of the data);
  • the Controller has unlawfully processed the personal data but the data subject requests restriction instead of erasure;
  • the Controller has ceased to have the purpose for which the data were processed but the data subject requires them for the establishment, exercise or defence of legal claims;
  • the data subject objects to processing based on the legitimate interests of the controller and there are no compelling legitimate grounds for the controller which override the interests, rights and freedoms of the data subject or which are related to the establishment, exercise or defence of legal claims; in this case, the restriction shall continue until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.

In the event of restriction, personal data may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State of the European Union.

The Controller shall inform the data subject in advance of the lifting of the restriction on processing.

Right to erasure

The data subject shall have the right to obtain from the controller the erasure of personal data relating to him or her without undue delay at his or her request and the controller shall be obliged to erase personal data relating to him or her without undue delay where one of the following grounds applies:

  1. a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. b) where the legal basis for the processing is the data subject’s consent, the data subject withdraws the consent which constituted the legal basis for the processing and there is no other legal basis for the processing;
  3. c) the data subject objects to the processing of his or her data and there are no overriding legitimate grounds for the processing;
  4. d) the personal data have been unlawfully processed;
  5. e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject.

The right to protest

Where the processing of the data subject’s data is based on a legitimate interest, the data subject must be provided with adequate information about the processing and the right to object.

The data subject shall have the right to object on this basis to the processing of his or her personal data and, in such a case, the Controller shall no longer process the personal data of the data subject unless it can be demonstrated that

  • the processing is justified by compelling legitimate grounds on the part of the controller which override the interests, rights and freedoms of the data subject, or
  • processing is related to the establishment, exercise or defence of legal claims by the Controller.

Automated data processing

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which would significantly affect him or her.

Right to data portability

The data subject has the right to obtain the personal data relating to him or her which he or she has provided to the controller in a structured, commonly used, machine-readable format, where the processing is based on consent or a contract and the processing is carried out by automated means.

Withdrawal of consent

Where the processing is based on the data subject’s consent, the data subject may withdraw his or her consent at any time for the processing in question, without prejudice to the lawfulness of the processing carried out on the basis of consent prior to the withdrawal.

Right to lodge a complaint

The data subject has the right to lodge a complaint directly with a supervisory authority about the processing of personal data concerning him or her if the data subject considers that the processing of personal data concerning him or her infringes the GDPR. The contact details of the supervisory authority are:

National Authority for Data Protection and Freedom of Information

1363 Budapest, Pf.: 9.

Phone: +36-1-391-1400;

e-mail: ugyfelszolgalat@naih.hu

Website: www.naih.hu

Right to an effective judicial remedy against the supervisory authority

All natural and legal persons have the right to an effective judicial remedy against a legally binding decision of a supervisory authority which is addressed to them, or if the supervisory authority does not deal with the complaint or does not inform the data subject within three months of the procedural developments concerning the complaint lodged or of the outcome of the complaint. The tribunal shall have jurisdiction to hear the case. The action may also be brought, at the choice of the data subject, before the courts for the place where he or she resides or is domiciled (Article 78 GDPR).

Right to an effective judicial remedy against the controller or processor

Every data subject has the right to an effective judicial remedy if he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her personal data not in accordance with this Regulation (Article 79 GDPR).

 

 3. Data management

Recruiting workers

Data processed: applicants’ name, address, date and place of birth, photograph, educational qualifications and personal data provided by applicants in their CVs.

Purpose of the processing: to advertise vacancies and receive applications for recruitment purposes.

Legal basis for processing: consent of the data subject [Article 6(1)(a) GDPR].

Duration of processing: 6 months from the date of receipt of the application.

Data processor used: advertising portal operator.

Recipients of personal data: managing director, HR-generalist, business development staff.

The data subject may withdraw his or her consent at any time by sending an e-mail to hello@skillnaut.com, without prejudice to the lawfulness of the processing carried out on the basis of the consent before its withdrawal.

Billing

Data processed: name, address, tax number, bank account number of self-employed persons.

Purpose of processing: issuing, sending and accounting invoices to customers.

Legal basis for processing: fulfilment of a legal obligation [Article 6(1)(c) GDPR] [Act CL of 2017 on the Rules of Taxation; Act C of 2000 on Accounting; Act CXVII of 1995 on Personal Income Tax]

Duration of data processing: 8 years from the submission of the accounting report.

Use of a data processor:

  • Brown Accounting Kft. (4220 Hajdúböszörmény, Baltazár Dezső utca 76.) as a provider of accounting services;
  • szamlazz.hu Kft. (1031 Budapest, Záhony utca 7.) as the operator of the samlazz.hu portal.

Recipients of personal data: managing director, financial officer, assistant accountant.

 

Contacting for sale

Data processed: first and last name of the contact person, e-mail address, telephone number.

Purpose of processing: contacting and maintaining contact for sales purposes.

Legal basis for processing: consent of the data subject [Article 6(1)(a) GDPR].

Duration of processing: 10 years from the date of consent or, if consent is withdrawn, immediately after withdrawal.

Use of a data processor: ATW Internet Kft. (1138 Budapest, Esztergomi út 66.) as hosting provider.

Recipients of personal data: managing director, employees of the customer relations team.

The data subject may withdraw his or her consent at any time by sending an e-mail to hello@skillnaut.com, without prejudice to the lawfulness of the processing carried out on the basis of the consent before its withdrawal.

 

Customer relationship management

Data processed: contact name, e-mail address, telephone number.

Purpose of processing: processing of customer contact data necessary for the performance of contracts.

Legal basis for processing: legitimate interest of the Controller [Article 6(1)(f) GDPR].

Duration of processing: 8 years after the submission of the accounts under the Accounting Act.

Use of data processor: ATW Internet Kft. (1138 Budapest, Esztergomi út 66.) as hosting provider.

Recipients of personal data: managing director, employees of the customer relations team.

 

4. Cookie management

Cookies are small text files that the website stores on the computer or mobile device of the user visiting its pages. The data controller uses cookies on the website in order to provide the essential and convenient functions of the portal, to collect information about the user’s website usage habits and to display relevant advertisements to the user.

In most browsers, you can set whether or not the user accepts cookies. In the browser settings, it is also possible to set whether the User is notified when the website wishes to place a cookie on his/her browser, as well as how long different types of cookies can be persisted and whether they are deleted when the browser is closed.

You can find out about the cookie settings of the most popular browsers by following the links below:

Google Chrome

Safari

Firefox

Microsoft Edge