GENERAL TERMS AND CONDITIONS (GTC)

  1. SERVICE DATA

Name of the Service Provider: „Legjobb vagyok” Tehetségmentoráló Közhasznú Nonprofit Kft. (“I Am The Best” Talent Mentoring Public Nonprofit Ltd.) (hereinafter referred to as Service Provider)

Headquarters: 1148 Budapest, Szervián u. 28. Hungary

Office: 1146 Budapest, Thököly út. 58-60. Hungary

E-mail: info@legjobbvagyok.hu

Company Registration Number: 01-09-935740

Tax number: 22611505-1-42

Name of registration authority in the register: Court of Budapest as Court of Registration

Phone number: +36 (70) 618 6822

Language of the contract: Hungarian

  1. BASIC PROVISIONS

2.1. Issues not governed by these Rules and the interpretation of these Rules shall be governed by Hungarian law, in particular the Act V of 2013 on the Civil Code (“the Civil Code”). The mandatory provisions of the relevant legislation shall apply to the parties without any specific clauses.

2.2. In the absence of a different written contract, these Terms and Conditions apply to all training, performance, and service contracted by the “I Am The Best ” Talent Mentoring Public Nonprofit Ltd..

2.3. The contract between the parties enters into contracts with the providers announced by the Service Provider or by concluding a consumer contract.

2.4. The Service Provider reserves its copyright to any intellectual product that it presents and transfers.

 

DATA MANAGEMENT RULES – PRIVACY POLICY

  1. Purpose of the Regulations

1.1. The purpose of the Regulations is to record the „Legjobb vagyok” Tehetségmentoráló Közhasznú Nonprofit Kft. (“I Am The Best” Talent Mentoring Public Nonprofit Ltd.), address: 1148 Budapest, Szervián u. 28, tax number: HU22611505, contact: info@legjobbvagyok.hu  hereafter referred to as “Service Provider”, the data protection and data management principles and the Service Provider’s data protection and data management policy, which the Service Provider recognizes as compulsory.

1.2. The scope of this Privacy Policy applies to the website www.iamthebest.hu  (hereinafter referred to as “Website”).

1.3. In order to protect the personal information of our dedicated customers and partners, the Service Provider considers it important to respect the client’s right to information self-determination. The Service Provider shall treat the personal data in a confidential manner and shall take all security, technical and organizational measures that guarantee the security of the data. The Service Provider describes its data management practices below.

  1. Concept Definitions

2.1. Personal data or data:

Any data or information that allows a natural person (hereinafter referred to as “the User”) to be identified in an indirect or direct manner.

2.2. Data management:

Irrespective of the method used, any action on the Personal Data or any of the operations, including the collection, recording, systemisation, tagging, storage, modification, alteration, use, retrieval, access, use, communication, transmission, dissemination or other making available, disclosing, aligning or linking (including profiling), limiting, deleting and destroying it.

2.3 Data Manager:

A person who determines the purposes and means of data management, independently or with others. For the cases described in these Regulations, the Service Provider is considered a Data Controller.

2.4. Data processing:

The service provider who manages personal data on behalf of the Data Manager. (The Data Processing Agents used by the Service Provider are presented in Section 11 of these Rules.

2.5. User:

The natural person:

a) who registers on the website and in this context gives the following 4.2. above,

b) who gives the user the opportunity to contact the User (sending an interested message) in section 4.6.

3. Details of the Data Manager (Service Provider)

Name: „Legjobb vagyok” Tehetségmentoráló Közhasznú Nonprofit Kft. (“I Am The Best” Talent Mentoring Public Nonprofit Ltd.)

Headquarters: 1148 Budapest, Szervián u. 28, Hungary

Company Registration Number: 01-09-935740

VAT number: 22611505-1-42

Phone: +36706186822

E-mail: info@legjobbvagyok.hu

3.1. Data controller representative: Nóra Szuhai

3.2. Privacy Officer: András Hintya

Privacy Policy Manager: hintya.andras@legjobbvagyok.hu

+36706186822

3.3. If you would like to contact the Service Provider, you can do so at info@legjobbvagyok.hu and/or +36706186822.

  1. Managed personal information

4.1. Based on the User Registration, the Service Provider manages the following data provided by the User:

a) the name

b) e-mail address

c) IP address used for registration

d) last entry date

4.2. Upon registration, the User may enter the telephone number of the Service Provider, but this information is not required.

4.3. Regardless of the foregoing, it may happen that a technically connected service provider, without informing the Service Provider, is engaged in the processing of data on the web site. Such activity is not considered Data Management by the Service Provider. The Service Provider will do its utmost to prevent and block such data processing.

4.4. If the User sends an email to the Service Provider (eg a message, a complaint), the Service Provider records the User’s e-mail address and handles it to the extent and time required to provide the service.

  1. The scope of additional data managed by the Service Provider

5.1. The Service Provider places a small data packet (so-called “cookie”) on the user’s computer for tailor-made service. The purpose of the cookie is to ensure that the site operates at the highest level, to provide personalized services and to increase the user experience. The user can delete the cookie from your computer or set up your browser to disable cookies. By prohibiting the use of cookies, the User acknowledges that without the cookie, the operation of the site is incomplete.

5.2. Cookies allow Websites to recognize previous visitors. Cookies help the Service Provider as the Website Operator to optimize the Website to shape the Website’s services in accordance with Users’ habits. Cookies are also suitable for:

a) note the settings so you do not have to re-record them to the user when they enter a new page,

b) analyze the use of the Websites in order to maximize the user’s expectations as a result of the improvements made using this information, the user can easily find the information sought and c) monitor the Service Provider’s effectiveness.

5.3. When providing a personalized service, the Service Provider manages the following Personal Information anonymously, through the use of cookies: interest information, habits, preferences (based on browsing history).

5.4. Technically recordable data during operation of the system: the data of the user’s logged in computer generated during the use of the Service and recorded by the Service Provider as an automatic result of the technical processes. The information that is automatically recorded will be logged automatically upon logging in or exiting without the user’s specific statement or action.

5.5. User can set up your web browser by accepting all cookies, rejecting them, or notifying the user when a cookie is sent to your machine. Setup options are usually in the browser’s “Options” or “Settings” menu item. Detailed information on the www.aboutcookies.org website in English can also help with settings in different browsers.

  1. The purpose and the legal basis of Data Management

6.1. The purpose of data management by the Service Provider is to:

a) online content delivery;

b) identification of the User, contact with the User (eg system messages);

c) Identification of User Permissions (User-accessible Services);

d) order the services that the User wishes to purchase;

e) ordering a newsletter (subscription);

f) Protection of Users’ Rights;

g) enforcing the legitimate interests of the Service Provider.

6.2. Provider of Personal Data in Section 6.1. does not use it for purposes other than those summarized in this section.

6.3. The legal basis for data handling

6.3.1. Data Management is based on User’s voluntary, prior informed statement, which includes the express consent of Users to use their Personal Data and the Personal Data generated by them during the use of the Site. The User is entitled to revoke his consent at any time in the case of consent-based data handling, which, however, does not affect the lawfulness of the pre-revocation of data handling.

6.3.2. The Service Provider records the User’s IP address in connection with the provision of the Service in connection with the Service Provider’s legitimate interest and on the lawful provision of the Service (eg for the purpose of eliminating unlawful use or illegal content) without the User’s separate consent.

6.3.3. In the context of content delivery, in addition to the User’s voluntary contribution, the contract between the Service Provider and the User as Client may be the legal basis for Data Management related to Data Management, the essential legitimate interest of the Service Provider and the fundamental rights of information and expression within the framework defined by the law.

In the event that the Legal Basis of Data Management is a substantial legitimate interest of the Service Provider, the Service Provider has performed and may continue to perform a stake assessment test in the future in accordance with the relevant provisions of the GDPR, which confirms that the Service Provider’s legitimate interest in data management is stronger than the data rights szabadságainál. On request, the Service Provider provides information to the affected party in accordance with this Policy as described in this section.

6.3.4. Data Transfers for Data Processors as defined in these Rules may be made without the user’s own consent. Issuance of personal data to a third party or authorities may, unless otherwise provided by law, be solely based on an official decision or at the express prior consent of the User.

6.3.5. The User warrants that the consent of the person concerned, of course, has been lawfully obtained by the person concerned, in order to manage the personal data made or made available to him by other natural persons when using the Services.

6.3.6. When submitting any User’s email address and registration information (such as user name, ID, password, etc.), you are also responsible for entering the e-mail address or email address you entered. using the information provided by him only uses the service. With respect to this responsibility, any liability associated with any given access to a given e-mail address and / or data shall be borne exclusively by the User who has registered the e-mail address and entered the data.

  1. Principles and methods of data management

7.1. The Service Provider treats Personal Data in accordance with the principles of good faith and fairness and transparency, as well as the provisions in force and the provisions of this Code.

7.2. The Personal Data is strictly necessary for the use of the Services by the Service Provider on the basis of the consent of the User concerned and solely on purpose.

7.3. The Service Provider shall only disclose Personal Data in this Regulation or for the purposes specified in the relevant legislation. The scope of the Personal Data handled is proportionate to the purpose of data management and can not be expanded. In all cases where the Personal Data is intended to be used by the Service Provider for purposes different from the purpose of the original data collection, he / she shall inform the User of this and obtain his / her prior express consent or give him the opportunity to prohibit the use.

7.4. The Service Provider does not control the Personal Data you entered. Only the person who gave it will be responsible for the compliance of the provided Personal Data.

7.5. The personal data of a person who has not reached the age of 16 can only be treated if the adult consent of parental control is over. The Service Provider is not in a position to control the rights of the contributing person or the content of his / her statement so that the User or the person exercising parental control over it will guarantee that the consent is in accordance with the law. In the absence of any consent, the Personal Data relating to the person who has not reached the age of 16 is excluded, except for the IP address used to use the Service, which is automatically recorded due to the nature of the Internet services.

7.6. The Service Provider shall pass the Personal Data it manages to the Data Processors specified in these Regulations and to any third party other than the recipients referred to in this Regulation. Except as provided in this clause, the use of the data in a statistically aggregated form that can not contain any other data capable of identifying the User concerned shall not constitute Data Management or Data Transmission. The Service Provider may, in certain cases – prejudice the Service Provider’s interests, endanger the provision of the Services, etc., due to official court, police inquiries, legal proceedings against copyright, property or other breaches or their reasonable suspicion. – make available to the third parties the Personal Data available to the User concerned.

7.7. The Service Provider system may collect data from the Activity of Users that can not be combined with other data provided by Users during registration, nor with any other data generated by the use of any other website or service.

7.8. The Service Provider is responsible for correcting, limiting or limiting the personal data it manages. deletes the affected User and informs those who previously transferred Personal Data for Data Management. Notification may be omitted if it does not prejudice the legitimate interest of the data concerned for the purposes of Data Management.

7.9. The Service Provider shall ensure the security of Personal Data, take technical and organizational measures and establish the procedural rules that ensure that the recorded, stored or managed data is protected or preventing accidental loss, unauthorized destruction, unauthorized access, unauthorized use and unauthorized alteration or unauthorized disclosure. To fulfill this obligation, the Service Provider invites all third parties to whom Personal Data is transmitted.

7:10. Unless otherwise specified, the scope of the Code does not extend to the services and data management associated with the promotions, prize games, services, campaigns, and promotions of third party advertisers or other third parties appearing on them.

7.11. Unless otherwise stated, the scope of this Policy does not extend to the services and data management of websites, service providers, which are referred to on the Website.

7.12. Unless otherwise stated, the scope of this Code does not cover the data processing of non-natural persons appearing on the Website.

  1. System Messages sent by the Service Provider

By accepting this Policy, you acknowledge that you receive a system message from time to time for the services provided by the Website. These system messages may include information, advice on how to use the system, new features, general or personalized suggestions, and other information. The user acknowledges that receiving system messages is a condition for registration.

  1. Advertising-related data management, sending newsletters

During the registration, you will be able to use the direct marketing services provided by the Service Provider through the expressly made statement of the User, in which you will receive marketing and advertising messages with the e-mail address or phone number you entered during registration. These are the so-called. economic newsletters. In this newsletter you will be informed about our special offers and personalized options. This newsletter is published in Act XLVIII of 2008. you can subscribe at any time in accordance with the provisions of the Act.

  1. Knowing Data by Other People

10.1. If the User publishes an advertisement on the website operated by the Service Provider, he / she agrees that the person (s) interested in the ad can contact him via the contact details (e-mail, telephone number).

10.2. In the case of an active advertisement, contact information can be accessed via e-mail at any time, but the email address will not be published to the ad. The interested party can only contact the user sending the advertisement via the message box placed by the Service Provider.

10.3. In the case of an active advertisement, you can contact the interested parties via the phone if the user specifies the phone number separately. In this case, the phone number will be available to anyone, but the Service Provider will take all measures to ensure that only natural persons can access the given data.

10.4. The User who uses the Service to contact the Advertiser will acknowledge that the details of the contact (Section 4.6) are sent to the Advertiser together with the interested message.

 

  1. Data Management for using Facebook Messenger chatbot on this page

11.1. The use of chatbot is not a precondition for registration on the web site operated by the Service Provider; any User who has a Facebook account can use the chatbot.

11.2. You can use chatbot for User Support.

11.3. The Service Provider does not store the data it has acquired in this way.

  1. The duration of the Data Management

12.1. In the case of emails sent by the User, if the User otherwise has no registration, the Service Provider shall cancel the e-mail address on the 90th day following the closing of the case referred to in the request, unless the Service Provider’s legitimate interest justifies further handling of the Personal Data , until such legitimate interest of the Service Provider exists.

12.2. As the Service Provider provides a continuous service to the User, the parties do not have a link to the time limit. The processing of Personal Data by the User during and after the registration (on the basis of its voluntary consent) will be maintained until the User deletes his or her profile through the Service with the given User Name or otherwise does not request the deletion of Personal Data. In this case, the Personal Data will be deleted from the Service Provider’s systems. Deletion can only be denied if the Personal Data Management is authorized by law (eg obligation to keep accounts). In any event, the Service Provider provides information on the denial of the cancellation request and the law allowing the data processing.

12.3. Data will be erased within 30 days of the Service Provider’s knowledge, if it is incomplete or incorrect – and this status can not be legally remedied, provided that cancellation is not excluded by law.

12.4. The Service Provider deletes personal data if the purpose of the data processing is terminated or the statutory deadline for data storage has expired.

12.5. Newsletters sent by the Service Provider can be canceled via the unsubscribe link. In case of unsubscribe, the Service Provider will delete the User’s Personal Data in the newsletter database.

12.6. In the event of the use of Personal Data or in the event of an offense or system attack committed by the User, the Service Provider shall have the right to delete Personal Data at the same time as the User’s registration is terminated. However, in the event of suspicion of a criminal offense or civil liability, for a period of time.

12.7. Data that is automatically recorded during the operation of the system will be stored in the system for a reasonable period of time from the time they are generated to ensure the system’s operation. The Service Provider ensures that these automatically recorded data can not be linked to other Personal Data, except in cases that are legally binding. If you have terminated your consent to manage your Personal Information or you have opted out of the Service, you will not be able to identify the technical details without your personal investigators or experts.

12.8. In the event that a court or authority has ordered the deletion of Personal Data definitively, the Service Provider will perform the deletion. Instead of deleting, the Service Provider limits the use of Personal Data, if the User so requests, or if, based on the information available to him, the Service Provider may reasonably believe that deletion would undermine the User’s legitimate interest. The Personal Data shall not be canceled by the Service Provider as long as the data management purpose is excluded that excludes the deletion of Personal Data.

12.9. Cancellation is denied:

(a) to exercise the right to freedom of expression and information;

(b) where the law governing the processing of Personal Data is authorized; c) to submit, enforce, or protect legal claims.

In any case, the Service Provider informs the User of the denial of the cancellation request, indicating the reasons for the cancellation. After the request for deletion of personal data, previous (deleted) data can no longer be recovered.

  1. User Rights and Remedies for Data Management

13.1. Right to information

The Service Provider informs the User of the Personal Data Management at the same time as contacting the User. Furthermore, the User is entitled to request information on data management at any time.

13.2. The User’s Right to Access

At the request of the User, the Service Provider shall provide information on the data processed by the User, processed by him / her or by a data processor entrusted by him or by the data processor, about their source, the purpose, legal basis, duration of the data processing, the data processor’s name, address and data management activity, data privacy incident , its effects and the measures taken to remedy it, and, in the case of the transmission of Personal Data of the User, the legal basis and the addressee of the transfer.

The Service Provider shall provide the information in writing in the shortest possible time, at most within 25 days of the submission of the request, in an understandable form, at the User’s request. Information is free of charge if the applicant for information has not yet submitted an information request for the same data field in the current year. In other cases, reimbursement can be made. The reimbursement of the reimbursement already paid should be refunded if the data was unlawfully handled or the request for information resulted in a correction.

13.3. Correction right

The User may request that the incorrectly entered personal data be corrected by the Service Provider. In the event that regular data is provided on the basis of the data to be corrected, the Service Provider informs the recipient of the data supply, if necessary, of the correction, or calls the User’s attention to the need to initiate correction with another data controller.

13.4. Right to cancel

The User may request the deletion of his / her personal data, except for legally ordered data handling. The Service Provider informs the User of the cancellation. Additional provisions related to the deletion of data can be found in section 13 of these Rules.

13.5. The right to protest

The User is entitled to object at any time to any personal data of the Service Provider or a third party’s legitimate interests for reasons related to his / her own situation, including profiling based on those provisions. In the event of protest, the Service Provider may not process the personal data unless it is justified by compelling reasons of lawfulness that prevail over the interests, rights and freedoms of the person concerned, or which relate to the submission, enforcement or protection of legal claims.

13.6. Right to Restrict Data Management

The User may request that his Personal Data be handled by the Service Provider if the User disputes the accuracy of the Personal Data being processed. In this case, the restriction applies to the period that the Service Provider can verify the accuracy of Personal Data. The Service Provider indicates the Personal Data it manages if the User disputes its accuracy or accuracy, but the incorrect or imprecise nature of the disputed Personal Data can not be ascertained clearly. The User may request that his Personal Data Handling be handled by the Service Provider even if Data Management is unlawful but the User opposes the deletion of the treated Personal Data and instead asks for their use limitation. The User may also request that the processing of his / her Personal Data may be restricted if the purpose of the Data Management is achieved, but the User requests their Service Provider to submit, enforce, or protect legal claims.

13.7. Right to data storage

The User may request that the Service Provider submits to and / or transfers it to another Data Controller by the Service Provider, provided by the User and processed by the Service Provider in an automated, widely used, machine-readable format.

13.8. Automated decision-making in individual cases, including profiling

The data subject shall be entitled to exclude the scope of a decision based solely on automated data management, including profiling, which would have a bearing on him or would have a significant effect on him.

13.9. Right of withdrawal

The person concerned has the right to withdraw his consent at any time.

13.10. Right to Court

In case of breach of his or her rights, the data subject may turn to the court. The court proceeds out of court.

13.11. If the Service Provider fails to comply with the User’s request for rectification, blocking or deletion, he / she will provide written reasons for rejecting the request for rectification, blocking or cancellation within 25 days of receipt of the request. In case of refusal of the request for correction, cancellation or blocking, the Service Provider informs the User about the possibility of appeal to the court and to the National Privacy and Data Protection Authority.

13.12. The User may make representations or applications regarding the exercise of the above rights in writing, in a letter addressed to the Service Provider’s headquarters, premises or by e-mail to info@legjobbvagyok.hu.

13.13. You can contact the National Data Protection and Information Authority directly (1125 Budapest, Szilágyi Erzsébet fasor 22 / c, phone: + 36-1-391-1400, e-mail: ugyfelszolgalat@naih.hu; naih.hu) as well. In the event of violation of the User’s rights, the Infotv. 22 (1) of the Constitution. The trial is governed by the jurisdiction of the court. The per-user can be started before the court of residence or residence of the User. On request, the Service Provider shall be informed in detail of the possibility and means of remedies.

  1. Data processing

14.1. The Service Provider is entitled to use data processors entitled to carry out its activities. Data processors will not make a stand-alone decision, only the contract with the Service Provider and are entitled to act according to the instructions received. The Service Provider checks the work of data processors. Data processors are only entitled to use a data processor with the consent of the Service Provider.

14.2 The Service Provider shall indicate the used processors in this Regulation.

14.3. Categories of data processors used by the Service Provider

14.3.1. The Service Provider uses the following Data Processors to service the service to provide the infrastructure.

Microsoft Ireland Operations Ltd. One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

MongoDB Ltd. Third Floor, 3 Shelbourne Buildings, Ballsbridge, Dublin 4, Ireland

14.3.2. The Service Provider uses the following Data Processors to process user payment processes.

Barion Payment Zrt. 1117 Budapest, Infopark Promenade 1.

14.3.3. The Service Provider uses the following Data Processors to maintain contact with Users and perform marketing activities.

Google Ireland Ltd. (Gmail, Google Ads) Gordon House, Barrow Street 4, Dublin Irelang The Rocket Science Group LLC. (Mailchimp and Mandrill) 675 Ponce de Leon Avenue NE, Suite 5000 Atlanta, GA 30308 USA

Salesforce.com Ltd. Village 9, floor 26 Salesforce Tower, 110 Bishopsgate, London, UK, EC2N 4AY

Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbor Dublin 2, Ireland

14.3.4. The Service Provider uses the following Data Processors to improve the User Experience to eliminate errors during the provision of the service.

Google Ireland Ltd. (Google Analytics) Gordon House, Barrow Street 4, Dublin Ireland

MixPanel Inc. 405 Howard St., 2nd Floor, San Francisco, CA 94105 USA

Hotjar Ltd. 3, Elia Zammit Street, St Julian’s STJ 1000, Malta

Raygun Inc. 801 Second Ave, Suite 1150 Seattle, WA 98104 USA

Slack Technologies Ltd. One Park Place, Hatch Street Dublin 2 Irelandimgix

Zapier Inc. 243 Buena Vista Avenue Suite 508 Sunnyvale, CA 94086

14.3.5. The Service Provider uses the following Data Processors to generate statistics.

Google Inc. (Datastudio) Ireland, Dublin, Barrow Street 4, Gordon House

14.4. External Service Providers for Registration or Access

In connection with the provision of the Services, the Service Provider cooperates with Outsourcing Providers providing registration and access applications to Users. Within this cooperation, some Personal Data (such as IP Address, Email, Registration Name) may be transferred to the Service Provider and / or the Data Processor by External Service Providers. External Service Providers collect, manage and transmit Personal Data according to their own privacy policy.

External Service Providers who are cooperating with the Service Provider: Facebook Inc., Google Inc.

  1. Modification of the Privacy Policy

The Service Provider reserves the right to change this Regulation at any time by its unilateral decision. The Service Provider is entitled to (but not be required) to inform the Users of the change by modifying this Policy by sending a system message. Based on the information contained in the notice, the User is entitled to exercise his rights to data management in accordance with these Rules and the laws in force at all times.

  1. Other provisions

16.1. The Service Provider provides information on the data handling not listed in these Regulations.

16.2. The courts, the public prosecutor, the investigating authority, the offender authority, the administrative authority, the National Data Protection and Information Authority, the National Bank of Hungary and the statute of the law, may request other bodies to provide information, transmit data or provide documents the data controller.

16.3. The Service Provider shall issue to the public authorities, if the authority indicates the exact purpose and scope of the data, only to the extent and to the extent that it is indispensable for the purpose of the request.

16.4. In developing the provisions of the Code, the Company have taken particular account of the provisions of the European Parliament and Council Regulation 2016/679 (“General Data Protection Regulation” or “GDPR”), Act CXII of 2011 on Information Freedom of Information and Freedom of Information. (“Infotv.”), Act V of 2013 on the Civil Code (“Act”), and Act XLVIII of 2008 on the Fundamental Terms and Limitations of Commercial Advertising Activity. (“Grtv.”).

 

Budapest, 18/05/2018