Data Processing Policy

  •  I. INTRODUCTION

     

    1. In the course of its operation Amerikainapközi Kft. (hereinafter: Data Controller) pays special attention to protect personal data, to comply with the mandatory legal regulation and to ensure fair data management.
    2. The aim of this Policy is
    • to set out the data protection and data processing principles and policy applied by the Data Controller,
    • to determine the scope of personal data processed by the Data Controller and the way of data processing as well as to ensure that the constitutional principles of data protection and the requirements of data security are implemented, and
    • to provide information to the Data Subjects regarding the data processing.
    1. The Data Processing Policy covers the data of the Data Controller’s employees, contractual partners and of the children participating in the English language programs (hereinafter BGC program) offered by the Data Controller, as well as the processing of such data.
    1. Data Controller carries out its activities in compliance with the relevant laws, especially the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR) and Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Privacy Act).

     

    II. NAME AND CONTACT DATA OF THE DATA CONTROLLER, DEFINITIONS

     

    1. Data Controller’s data:
    • Name: Amerikainapközi Kft.
    • Company register number: 0109187636
    • Registered seat: 1139 Budapest, Hajdú utca 11. 1st floor 15.
    • Tax number: 24885650-1-41
    • E-mail address: info@bgcprogram.hu

    Data Controller determines the purpose and means of data processing.

    1. Data processing shall mean the following operations: operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
    1. Data Subject means a natural person identified or identifiable through this data processing. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
    1. Personal Data means any information relating to the Data Subject.
    1. With the exception set forth in clause V.1 and clause V.2, the Data Controller does not employ a data processor.

     

    III. TIME PERIOD OF DATA PROCESSING

     

    Period of processing: The Data Controller processes the data of the Data Subjects during their employment and five years following the termination thereof, except for the case when the law requires a longer period for the data processing. In the latter case, data processing ceases after the expiry of the period set forth in the relevant law. Data Controller processes the data of the Data Subjects determined in clause V.7. during the period of the recruitment procedure, except if the Data Subject consents to storing his data for a longer period in accordance with clause V.7.

     

    IV. SCOPE OF THE POLICY

     

    1. The personal scope of the Policy covers the managers, employees, agents, subcontractors of the Data Controller as well as the natural persons concluding a contract with Data Controller for receiving the services of Data Controller and the children participating in the BGC Program.
    1. This Data Processing Policy enters into force on June 28, 2019 and remains in effect for an indefinite duration.
    1. This Policy shall be applied to:
    • basic records of employees and the processing of personal documents and data of employees;
    • processing of personal data of contractual partners,
    • recording, transmitting and processing of data of the children participating in the BGC and of their parents.

     

    V. DATA RECORDED BY THE DATA CONTROLLER, PURPOSE AND MEANS OF DATA PROCESSING

     

    In case of employees, individual contractors and subcontractors Data Controller processes the following data of the Data Subjects:

    Individual contractors and subcontractors:

    • name
    • registered seat
    • tax number
    • bank account number
    • telephone number
    • email
    • data regarding the education and qualification of persons contributing in person.

    Employees:

    • name
    • address
    • tax identification number
    • Social security (TAJ) number
    • bank account number
    • telephone number
    • e-mail
    • data regarding education and qualifications
    • in case of receiving family tax allowance: marital status, number and date(s) of birth of children

    The purpose of processing the personal data of the Data Subjects determined in this clause is: identification of the persons employed or contracted by the Data Controller, performance of the contracts concluded with them, performance of the obligations determined in the laws regarding such contract (e.g. obligation to report to the tax authority, payment of salary, contractual fees, social contributions).

    The personal data of the Data Subjects under this clause are included in the hard-copy of their employment contract, service contract or contract for work. From the personal data, the following data are recorded electronically: name, e-mail address, bank account number, telephone number.

    During the course of processing the personal data under this clause, the Data Controller resorts to ta data processor. The data processor is a legal entity that processes personal data on behalf of the Data Controller. Data processing is a technical operation related to the activity of data processing.

    The Data Controller processes the personal data of the Data Subjects under this clause with the participation of Melinda G. Müller and Katalin Gál (2730 Albertirsa, Vinnyica utca 8) sole traders, acting as data processor.

    1. In case of children participating in the BGC program Data Controller processes the following personal data:
    • name, address,
    • place and date of birth,
    • mother’s name,
    • registered address, place or residence,
    • place of education (school, class),
    • name of parent,
    • evaluation of the child’s performance,
    • in case of participation in camp, health data of the child collected for the safety of the child and the social security (TAJ) number of the child.

    Data Controller evaluates the children in order to inform the legal guardians of the children and to assess the efficacy of the BGC Program. Data Controller may involve an external expert chosen by the Data Controller at its own discretion, in the evaluation of the children. The external expert qualifies as a data processor. Currently the external expert is dr. Judit Kovács.

    Data Controller records data showing the development of the child and facilitating the high-quality implementation of the BGC program on a special form on paper. Data Controller informs the Data Subjects (legal guardian of the child) of the collection of the data in advance and following the common evaluation of the result, in case of the voluntary consent of the Data Subject, it stores the data until the expiry of the “Service Agreement” concluded with him and, upon the request of the Data Subject, it transmits the data to the institution where the child is educated.

    The purpose of processing the personal data of the Data Subjects determined in this clause is: performance of Data Controller’s contractual obligations towards the natural persons concluding a contract with the Data Controller in order to receive its services (BGC program) and towards the children participating in the BGC program.

    1. In the case of the Data Subjects receiving the service (BGC program) of the Data Controller (legal guardians of children) Data Controller processes the following personal data:
    • name
    • address
    • telephone number
    • mother’s name
    • bank account number

    The purpose of processing the personal data of the Data Subjects determined in this clause is: performance of Data Controller’s contractual obligations towards the natural persons concluding a contract with the Data Controller in order to receive its services (BGC program) and towards the children participating in the BGC program.

    1. Data processed by the access control system

    The access control system used by the Data Controller records and stores only data related to its foreign-language lecturer contractors. These data are the following: name of entering/exiting person; number of chipcard, time of entry/exit. The access control system does not physically hinder the free movement of persons, but only registers the fact and time of the movement.

    The purpose of processing the personal data of the Data Subjects determined in this clause is: identification of the foreign-language lecturers having a contract with the Data Controller; performance of the contract concluded with them.

    1. In case of the children participating in the BGC program, and in case of the employees and contractors participating in the workshops processing of photos and videos

    The Data Controller may prepare photos and videos of the children participating int he the BGC program, of it employees and contractors. The Data Controller may share these photos and videos with the parents of the children, may publish them on its website, Facebook page and information materials.

    The Data Controller makes efforts to ensure that children do not appear in the photos on their own. Those photos that picture a child on its own shall only be disclosed to the parents of the respective group, via a Facebook closed group, or a Google drive only accessible by the parents, or by sending it in a group e-mail. The Data Controller shall not disclose a photo on its website, Facebook page or information materials that pictures a child on its own.

    The purpose of processing the personal data of the Data Subjects determined in this clause is: performing the contractual obligations of the Data Controller towards the natural persons concluding a contract with Data Controller in order to receive the services of Data Controller (BGC program) and towards the children participating in the BGC, furthermore, the presentation of the development of the children; keeping contact with the contracting party natural persons; as well as the preparation of the information and educational support materials regarding Data Controller’s language program.

    1. Sensitive data

    As necessary, the Data Controller also processes such health data of the children participating at the summer day-care camp of BGC, which is necessary for the safe camping and protection of health of the children (for example information regarding chronic illnesses, allergy, food intolerance).

    The purpose of processing the personal data of the Data Subjects determined in this clause is:  performing the contractual obligations of the Data Controller towards the natural persons concluding a contract with Data Controller in order to receive the services of Data Controller (BGC summer day-care camp) and towards the children participating in the BGC program, especially taking the necessary measures for the safety and protection of health of the child, furthermore the protection of the child’s vital interests.

    1. Data of job applicants

    Data Controller processes the personal data included in the resumés, applications, photos, videos voluntarily uploaded by the Data Subjects to its website during job-applications. Within 5 working days from closing the recruitment procedure, the Data Controller erases the data of the applicants, unless the Data Subject expressly, clearly and voluntarily consents to the storing of his personal data.  

    The purpose of processing the personal data of the Data Subjects determined in this clause is:  evaluation of the Data Subjects’ applications; recruiting the right employee.

     

    VI. LEGAL BASIS FOR DATA PROCESSING

     

    The legal basis for data processing in respect of the data indicated in clauses V.1-V.4. of the Policy: performance of contract. The data processing is necessary for the performance of such contract in which the Data Subject is a party.

    The legal basis for data processing in respect of the data indicated in clauses V.5-V.7. of the Policy: the specific and freely given, informed and expressed consent of the Data Subject, based on the conditions set out in this policy, in accordance with the Privacy Act and the GDPR.

     

    Besides the consent of the Data Subject, the legal basis for the data processing in respect of the data indicated in clause V.6 is the protection of the Data Subject’s vital interests.

    VII. TECHNICAL FEATURES OF DATA PROCESSING, DATA SECURITY

     

    1. The following are the possible means of record keeping of the data processed by the Data Controller:
    • printed document: the majority of the personal data can only be found in this form at the Data Controller, since it stores all contracts only on paper;
    • electronic data: from the personal data, only those are computerized that are necessary for keeping contact (name, address, e-mail address, telephone number) and for banking (bank account number);
    • electronically created data archived on paper: all data drawn from the access control system and the data in the monthly statements sent by the bank;
    • electronic data, photo placed on the website or on Facebook: materials prepared by the Data Controller.
    1. Data Controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk both in respect of the data stored on paper documents and in respect of data stored electronically.

     

    VIII. CONFIDENTIALITY OBLIGATION

     

    1. All employees of the Data Controller who are involved in processing personal data are bound by confidentiality obligation toward third parties. This obligation is irrespective of the existence of the employment and will continue to be binding after the termination of employment.
    1. All data related to the child may be disclosed to the parents of the child, unless the disclosing of the data would seriously harm or jeopardize the interest of the child.

     

    IX. RIGHTS OF THE DATA SUBJECT

     

    1. The Data Subject has the following rights in respect of his personal data processed:

      a) He may request from the Data Controller access to his personal data processed: The right to access provides the Data Subject with the possibility to obtain from the Data Controller confirmation as to whether or not personal data concerning him are being processed, and, where that is the case, to access the personal data and to receive information from the Data Controller regarding the data processing.

      b) He may request the rectification, erasure or restriction of processing of the personal data: the right to rectification and the right to erasure (‘right to be forgotten’) provides a possibility that in case of inaccurate or incomplete data, the Data Subject can request the rectification of those from the Data Controller, and to request the erasure of his personal data.
      If the Data Subject request the restriction of processing of the personal data, then the Data Controller may restrict the data processing in accordance with the request of the Data Subject. If the accuracy of the personal data is contested by the Data Subject, the restriction of processing is for a period enabling the Controller to verify the accuracy of the personal data. Az Data Subject may request the restriction of use of the personal data if the processing is unlawful but the Data Subject opposes the erasure of the personal data. The Data Subject may request such restriction also when the Data Controller no longer needs the personal data for the purposes of the processing, but the Data Subject requests the restriction of data processing for the establishment, exercise or defense of legal claims.

      c) It has the right to data portability: as per the right of data portability, the Data Subject shall have the right to receive the personal data concerning him, which he has provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data Controller. If technically feasible, the Data Subject may also request to have the personal data transmitted directly from the Data Controller to another controller.

      d) Regarding the data processed based on his consent, the Data Subject has the right to partially or wholly withdraw his consent given to the processing at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent of the Data Subject before its withdrawal.

     

    1. The Data Subject may exercise the rights set out in the above clause IX.1. in writing based on the effective Hungarian and European Union data protection laws (especially based on the Privacy Act and the GDPR) by sending a letter addressed to the Data Controller by mail to its registered seat indicated in clause I. of this Policy or by e-mail to its e-mail address indicated there.

     

    X. SUBMISSION OF COMPLAINTS, ENFORCEMENT OF CLIAMS AT COURT, DAMAGES IN RELATION TO UNLAWFUL DATA PROCESSING

     

    If the Data Subject detects the violation of his rights in respect of processing his personal data, the following possibilities are available to him:

    • he may turn directly to the Data Controller in a letter sent by mail or via e-mail sent to the addresses indicated in clause I.
    • he may submit a complaint at the supervisory authority, National Authority for Data Protection and Freedom of Information [NAIH]. Contact details of NAIH: Registered seat: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c., Telephone number: 06-1-391-1400, E-mail: ugyfelszolgalat@naih.hu
    • he may turn to court in case of the unlawful processing of his personal data or the breach of data security requirements. He may be entitled to damages or compensation. Information regarding the competence and contact details of the court is available here: www.birosagok.hu.

     

    XI. CLOSING PROVISION

     

    The Policy is available on our website at www.ketnyelvuiskola.hu under ’About us’.

     

    Place and date: Budapest, June 28, 2019

BGC Angol Iskolai Program
2014-ben Európai Nyelvi Díjat nyert programunk, a megszokott kéttannyelvű általános iskoláktól eltérően játékosan biztosítja a nyelvelsajátítás lehetőségét a gyerekek számára a teljesen kezdő szinttől egészen a nyelvvizsgára való felkészítésig.
  • 4+4 éves kidolgozott program
  • angol anyanyelvű lektorok
  • pozitív, támogató környezet
  • központban a jókedv
  • szótárfüzet, tesztek és számonkérés nélkül

Keressen minket!

Forduljon hozzánk bizalommal, amennyiben programunkkal kapcsolatban további információra van szüksége!

+36-70-327-4476
Kövessen minket Faceboookon is!
Legfrissebb híreink
Kéttannyelvű Általános Iskola
Legfrissebb híreink
Elérhetőségeink
Amerikainapközi Kft.

Levelezési cím: 1139 Budapest, Hajdú u. 11. 1.em. 15.

E-mail: info kukac bgcprogram.hu

Telefon: +36-70-418-4519
© BGC Hungary