Privacy Policy

1. Name of the Controller

Name of Controller: Logiscool Kft.
Registered and mail address: H-1114 Budapest, Bartók Béla út 43-47 C/8.
Company Registration Number: 01 09 300066
Tax number: 23301890-2-43
E-mail: [email protected]
Website: masterclass.logiscool.com
Further information: [email protected]
Name of hosting service provider: Microsoft Azure
Hosting service provider’s contact details: https://azure.microsoft.com/
Hosting service provider’s email: [email protected]

2. Introduction

Logiscool Kft. (hereinafter: ‘Logiscool’, as the controller), as controller, expresses its consent to be
bound by the legal provisions set out in this notice. It commits itself to comply with the requirements
laid down in the effective laws with regard to any processing of data related to their activities.
Based on the protection of natural persons with regard to the processing of personal data and on the
free movement of such data (Regulation (EU) 2016/679 of the European Parliament and of the Council
of 27 April 2016, and repealing Directive 95/46/EC (hereinafter referred to as: ‘General Data
Protection Regulation’, ‘GDPR’) and the local data protection regulation [*] LOGISCOOL shall keep
record of and process course, camps and events applicants’ personal data in accordance with the
applicable provisions of the law, until the expiry of their retention period as specified in this notice.
LOGISCOOL is committed to the protection of the personal data of course, camps and events
participants and respecting course, camps and events participants’ (hereinafter referred to as: ‘data
subjects’ or ‘course participants’) right to self-determination concerning personal information is one
of its key priorities. Personal data are processed lawfully, fairly and in a transparent manner in relation
to the data subjects or their legal representatives, taking any and all data security, technical and
organisational measures, via its organisational units, required in order to guarantee the appropriate
level of data security. With a view to ensuring the above, the operational and development functions
of security, data protection and IT systems within the enterprises are distinct and independent from
each other.

The data protection guidelines and rules related to the processing of data by LOGISCOOL are
continuously accessible on the registration form. LOGISCOOL reserves the right to update this
information on data processing at any time. Any updates are communicated to the data subjects by
publication on the website. Should you have any queries concerning this information, please write to
us, and our staff members will respond to your message.

Contact us by email at: [email protected]

Below please find LOGISCOOL’s most important data processing principles concerning its activities
related to the processing of personal data and the criteria and requirements set out by LOGISCOOL
for itself as a data controller. Its data processing principles are in accordance with the privacy
legislation of Europe and of the Franchise partner’s location, namely:

✓ REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE
COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing
of personal data and on the free movement of such data, and repealing Directive 95/46/EC
(‘General Data Protection Regulation’ or ‘GDPR’)
✓ according to the local regulation [*]

3. Definitions

3.1. ‘group of data’: The collective designation of data (i.e. the formalised representations of facts, concepts or commands, a fixed series of signals, communication by word of mouth or by technical means in order to be interpreted and processed. For the purposes of these Guidelines, texts, series of numerical data, facts, information, drafts, charts, images and figures drawn up in writing or by
electronic means and stored on any data carrier) and scopes of data, normally on the basis of a filing function;

3.2. ‘data file’: The entirety of data processed in a single file;

3.3. ‘data carrier’: The physical appearance of data and the place where data are stored, including documents.

3.4. ‘controller’: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State or OECD state law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State or OECD state law;

3.5. ‘processing’: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

3.6. ‘restriction of processing’: the marking of stored personal data with the aim of limiting their processing in the future;

3.7. ‘scope of data’: A specific list of data types. Business data that are functionally related in terms of their use, i.e. a set that can and should be processed on the basis of the same principle logically and the units in the set need more or less the same level of protection. (E.g.: invoices or cash transfer data);

3.8. ‘data transmission’: the disclosure of data to a specific third party;

3.9. ‘deletion of data’: making the data unrecognisable in a manner that they can no longer be restored;

3.10. ‘marking of data’: attaching an identification mark to the data in order to distinguish it from other data;

3.11. ‘destruction of data’: The complete physical destruction of the data carrier where the data are stored;

3.12. ‘data processing’: carrying out technical activities in connection with processing operations, regardless of the method and means applied to such operations and of the place of their application, provided that such technical activities are carried out on the data;

3.13. ‘processor’: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

3.14. ‘personal data breach’: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

3.15. ‘pseudonymisation’: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

3.16. ‘anonymisation’: a technical procedure to ensure that the possibility of restoring the link between the data subjects and their data is finally precluded;

3.17. ‘cookie’: the information file (usually a plain text file) transmitted to users’ hard drives through their browsers, capable of unambiguously identifying users on their next visit to the site;

3.18. ‘direct marketing activity’: the entirety of information activities and supplementary services carried out by directly contacting people in order to offer products or services or to forward advertisements to the persons concerned, or to provide information to consumers, trade partners or to promote business deals (purchases);

3.19. ‘data concerning health’: personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;

3.20. ‘data subject’ / ‘customer’ / ‘consumer’: any natural person, identified or directly or indirectly identifiable on the basis of their personal data;

3.21. ‘third party’: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

3.22. ‘third country’: any country other than EEA Member States;

3.23. ‘consent’: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. With the exception of consenting to the processing of sensitive data, no formal requirements exist as to the manner consent is granted, i.e. consent may be given by an explicit statement or by implicit conduct; however, the consent must be
verifiable in all cases;

3.24. ‘publication’: the disclosure of data to any person;

3.25. ‘IP address’: in any network where communication is based on a TCP / IP protocol, the servers are assigned an IP address, i.e. an identification number, which enables the identification of the server through the network. Each computer connected to the Web has an IP address on the basis of which it can be identified;

3.26. ‘sensitive data’:
(a) personal data concerning a person’s racial or national origin, political opinion or party affiliation, religious or other ideological views, membership in any interest organisation or sex life,
(b) personal data concerning a person’s health condition, pathological addictions and criminal personal data;

3.27. Name of the ‘National Authority for Data Protection (the ‘Authority’); National Authority for Data Protection and Freedom of Information

3.28. ‘profiling’: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

3.29. ‘owner of personal data’: With regard to the personal data processed by a specific organisation or organisational unit, the head of the organisational unit concerned; in the case of franchise partners, the manager of the company, responsible for the processing of all personal data processed by his or her organisation or organisational unit in accordance with these Guidelines (‘data
owner’). Where a decision concerning personal data processed by an IT system must be made in the competence of the data owner, the owner of personal data shall make such decision in agreement with Logiscool Kft’s manager as the senior data owner;

3.30. ‘personal data’: any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or
social identity of that natural person;

3.31. ‘cross-border processing’: (a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of the European Union where the controller or processor is established in more than one Member State; or (b) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the European Union but which substantially affects or is likely to substantially affect data
subjects in more than one Member State.

3.32. ‘personal identification data’: the data subjects’ last and first names, their name given at birth, their mothers’ names and their place and date of birth;

3.33. ‘protest’: a statement by data subjects, in which they object to the processing of their personal data and request the termination of processing and the deletion of processed data;

3.34. ‘prohibition list’: a register of the Logiscool and home address data of data subjects who prohibited or, despite prior request by the direct marketing entity, refused to consent to the use of their personal data for communication or inclusion in a marketing list or prohibited the further processing of such data for such purposes;

3.35. ‘marketing list’: a list drawn up in order to establish and maintain communication with a view to advertising, only including the customer’s name, place of residence, gender, place and date of birth, information concerning the customer’s fields of interest and marital status;

3.36. ‘enterprise’: Logiscool Master Franchise Partner or Logiscool Franchise Partner, a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;

3.37. ‘group of undertakings’: a controlling undertaking and its controlled undertakings.

4. Rules and principles of processing

These Data Processing Guidelines shall be valid from 1 September 2018 until further notice.
4.1. Personal data shall be:
• processed lawfully, fairly and in a manner that is transparent to the data subject (‘lawfulness, fairness and transparency’);
• collected for specified, explicit and legitimate purposes, (‘purpose limitation’);
• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
• accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
• kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’);
• processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
Logiscool, as a controller, shall be responsible for, and able to demonstrate compliance with the foregoing (‘accountability’).

4.2. Each phase of the processing should comply with the intended purpose and, where the purpose of processing no longer exists or processing is against the law for any other reason, the data shall be deleted. Any personal data shall be processed by LOGISCOOL only to the extent of the data subject’s prior consent and to the extent such processing is required by the law, a mandate based on the law and the legal obligation of the controller. Prior to recording the data, LOGISCOOL shall, in all cases, notify the data subject of the purpose of and the grounds for processing, the data concerned and the retention period.

4.3. LOGISCOOL personnel carrying out processing at LOGISCOOL’s organisational units and the employees of entities involved in processing, i.e. carrying out any processing operation on LOGISCOOL’s behalf shall keep the personal data disclosed to them as confidential business information. The persons involved in the processing of, and having access to, personal data shall make a statement of confidentiality. If any person subject to these Guidelines become aware that any personal data processed by LOGISCOOL are defective, deficient or not up-to-date, they shall rectify
such data or request their rectification with the staff member in charge of recording the data.

4.4. The privacy obligations binding on natural persons and incorporated and unincorporated entities carrying out data processing on LOGISCOOL’s behalf shall be enforced in the contract for services entered into with the processor. No personal data shall be transferred to controllers or data processors carrying out such processing activity in a third country unless the data subject has explicitly consented to the transferring of personal data or if the conditions for processing, stipulated above, meet, and the appropriate level of protection of personal data is guaranteed during the processing of data in such third country. The transferring of data to EEA States shall be treated as if the data were transferred within the territory of European Union.

4.5. Processing related to LOGISCOOL’s operation is based primarily on voluntary consent. In certain cases, however, the processing, storage and transferring of certain data are required by the applicable provisions of the law.

4.6. Taking LOGISCOOL’s characteristics into account, LOGISCOOL’s managing director shall determine the internal organisation of data protection and the functions and competences regarding data protection and the related activities and appoint the person in charge of the supervision of processing. During their work, LOGISCOOL personnel shall make sure that no unauthorised persons have access to personal data, and that the personal data are stored and placed in a manner to prevent unauthorised persons from accessing, getting to know, altering or destroying such personal data. LOGISCOOL’s internal data protection system shall be supervised by the managing director through the data security officer appointed or instructed by him.

4.7. The development and implementation of this privacy policy is in accordance with the recommendations of National Authority for Data Protection and Freedom of Information and with the Article 5 of GDPR, in particular regarding the principle of accountability in Article 5 (2).

5.Processing of data on masterclass.logiscool.com

Place of processing: Logiscool Kft’s lead management system: escaler.co.uk.

5.1. Scope of personal data and the purpose, ground and duration of processing

5.1.1. Data of visitors to the website (masterclass.logiscool.com)

LOGISCOOL’s website is accessible to anyone, without revealing his or her identity or personal data; anyone may freely obtain information on the website and the pages linked to the website without any restriction. However, the website automatically collects information not linked to specific persons, without restrictions.

Purpose: During visitors’ visits to the website, visitors’ data are recorded by the service provider in order to monitor the functioning of services, to facilitate and enhance website functions and the provision of custom-tailored services and to prevent any abuse.

Ground:  The data subject’s consent. The data subject’s consent is granted, with respect to specific processing activities, through the use of the website, registration and the voluntary provision of the data concerned.

Data subjects: Users of the website, guest customers and registered customers.

Description of data: Identification number, date, time of day, the address of the visited page, the address of the page previously visited on masterclass.logiscool.com website, data related to the user’s operating system and browser, the operating system used and the IP address of the user’s computer, without the final section.

Source of data: Website.

Duration of processing: The extract of the IP address of the user’s computer is deleted on the end of the visit.

The type and recipient of transferred data and the ground for transferring data: no data are transferred.

The controller’s name and address: Logiscool

The processor’s name and address: Hosting service provider.

Physical place of processing: masterclass.logiscool.com
Physical place of processing: Microsoft Azure cloud provider, Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland

Processing-related activities by the processor: Hosting service and cloud provider

Type of the processing technology employed: Using an IT system

The personal data of visitors to the website are not stored and they are not added by LOGISCOOL to any other data source. When your visit has ended, your IP address is immediately deleted from the website.

5.1.2. Management of cookies on the website
Anonymous ‘cookies’ are files or pieces of information stored on your computer (or other Internetcompatible devices, including your smartphone or tablet) when you visit the LOGISCOOL website.
Cookies normally specify the name of the website, their own ‘lifetime’, i.e. the length of time they are stored on the device and their value, which is usually a unique, randomly generated number.

The website uses cookies in order to ensure a personalised user experience. Each time you enter the page, the website will send cookies to your computer and will access such cookies. On the website, cookies are used at various locations in order to provide a more user-friendly, more efficient and more secure service.
The cookies are suitable for producing anonymous aggregated statistics which help us understand the way people use the LOGISCOOL pages, enabling us to improve the structure and content of such pages. The information shared, however, is insufficient for personally identifying visitors. In accordance with LOGISCOOL’s security policy, the cookies are protected against unauthorised access by third parties.

Purpose: To identify users, distinguish users, identify the actual session by users, store the data entered during such session, prevent data losses, tracking users, involving user identification and to display customised offers using the data recorded during each visit.

Ground: Voluntary consent by the data subject.

Data subjects: Customers and visitors.

Description of data: Identifier, time, date.

Source of data: Use of website.

Duration of processing: Until the end of visiting the website.

The controller’s name and address: Logiscool

The processor’s name and address: Hosting service provider.

Physical place of processing: masterclass.logiscool.com
Physical place of processing: Microsoft Azure cloud provider, Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland

Processing-related activities by the processor: Hosting service and cloud provider
Type of the processing technology employed: Using an IT system.

By default, most Internet browsers are set up to accept cookies. You can change these settings by blocking cookies and you can request a warning any time cookies are set up on the device used. There are various ways to manage cookies.
Please check your browser information or the Help page if you want to find out more about browser settings and how to change them. The ‘Help’ function in the menu bar of most browsers will explain to you how to set your browser to prevent it from authorizing cookies or how to accept new cookies and how to instruct your browser to set a new cookie or to disable other cookies. LOGISCOOL’s detailed cookie table:

Category: necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Category: preferences

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Category: Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Category: marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

5.1.3. Newsletter

LOGISCOOL distributes a regular newsletter on its activities to persons subscribing to such newsletter.
The option to subscribe to the newsletter is available on the website.

Purpose: Forwarding electronic messages (emails, text messages and push messages) with advertising
content to data subjects, providing information on the latest news, products, promotions, new functions
etc.
Ground: Voluntary consent by the data subject (Article 6. section 1(a) of GDPR), where local regulation
determines, the ground for processing is Article 6. section 1 (c.) and section 2 of GDPR, and local regulation.
Data subjects: Subscribers to the newsletter.
Description of data: Email address, Logiscool (last and first names) and consent to direct marketing communications.
Source of data: Subscribers to the newsletter.
Duration of processing: Until the withdrawal of consent by the user but, if the user has been included in the customer database, by no means longer than until the dissolution of LOGISCOOL; for the deletion of data from the prohibition list: until the dissolution of LOGISCOOL.
The controller’s name and address Logiscool
The processor’s name and address:  Hosting service provider
Physical place of processing: masterclass.logiscool.com
Physical place of processing: Microsoft Azure cloud provider Microsoft Ireland Operations Ltd, One Microsoft
Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
Processing-related activities by the processor: Hosting service provider, cloud provider
Type of the processing technology employed: Using an IT system.

Data subjects may unsubscribe from the newsletter at any time, free of charge.

The withdrawal of consent to the forwarding of direct marketing communications and the deletion or
modification of personal data may be requested at the following addresses:
– in an email addressed to [email protected], and
– by a letter addressed to H-1114 Budapest, Bartók Béla út 43-47 C/8.

5.2. Contacting LOGISCOOL
5.2.1. LOGISCOOL Customer Service
Should you have any queries during your application, you can contact the controller at the addresses
specified in this notice and on the website or at the addresses.

5.2.2. Managing quality complaints
Purpose: Managing any complaints, queries and problems raised in connection with the LOGISCOOL services
ordered.
Ground: Voluntary consent by the data subject (GDPR Article 6. section 1(a)) and legitimate interest (GDPR Article
6. section 1(f)), where local regulation determines, the ground for processing is Article 6. section 1 (c.) and section 2 of GDPR, and local regulation.
Data subjects: event applicants
Description of data: Name, address, phone number, e-mail address, account number, description of complaint, name of supplier, date of order, name of the service concerned, invoice number and the description of the
request.
Source of data: Data subject
Duration of processing: Copies of the recorded complaint, the transcript, email and the reply email: in accordance with local regulation.
The controller’s name and address: Logiscool
The processor’s name and address: Hosting service provider, cloud provider
The processor’s name and address: Microsoft Azure cloud provider
Physical place of processing: masterclass.logiscool.com
Physical place of processing: Microsoft Azure cloud provider, Microsoft Ireland Operations Ltd, One Microsoft
Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland
Processing-related activities by the processor: Hosting service provider, franchise partner.
Type of the processing technology employed: Using an IT system and manually, on paper.

Based on our position it is within the legitimate interest of the applicant, to be able to contact LOGISCOOL’s customer service regarding quality complaints, hereby assisting LOGISCOOL in managing administrative duties and helping the investigation of possible complaints. In order to provide attentive service to customers it is within LOGISCOOL’s legitimate interest to familiarize
with the personal data (contact information) previously provided to customer service. In consideration with the beforementioned both the data controller and the subjects have legitimate interest in the data processing, therefore if perhaps the data recording occurred in the absence of voluntary consent, LOGISCOOL’s data controlling can be regarded as necessary and proportionate taking all
circumstances into consideration.

5.2.3. Other types of processing
Information on the types of processing not listed in this notice are provided on the recording of the
data concerned.
Please note that the courts, the public prosecutor’s office, the criminal investigation authority, the
authority for petty offences, the administrative authority, National Authority for Data Protection and
Freedom of Information and, under a legislative mandate, other bodies may request the controller to
provide information, disclose or transmit data and to make available documents.
To the authorities not specifically listed above, where the authority has specified the exact purpose of
its data request and the type of data required, any personal data will only be disclosed by LOGISCOOL
to the extent that is absolutely necessary in order to achieve the objective of the request.

6. Storing personal data and security of processing

LOGISCOOL’s information technology systems and other personal data storage locations are to be
found at Logiscool’s headquarters and other hosting providers, such as:
• Our virtual servers are running through the cloud services of Microsoft Azure. You can read
Microsoft’s privacy policy here (in English)
• Our database services are provided by MongoDB Atlas. You can find the MongoDB, Inc.’s privacy policy here (in English)
• For sending out our newsletters we are using Escaler, for which we use Your name and email address (if you have subscribed to our newsletter). You can find the privacy policy of Escaler if you click here (in English)
• The instant chat support service that is available on our site is provided by tawk.to. You can read the privacy policy of tawk.to here.
• If our webpage is not functioning properly in Your browser, we are notified with the help of trackjs.com. You can access the privacy policy of trackjs.com if you click here.
• We are collecting the statistics regarding our webpage usage with the help of Google
Analytics. The operations of Google Analytics are regulated by Google’s own privacy policy,
you can read more here.

The controller shall plan and carry out all processing operations in a manner to ensure the protection
of the privacy of data subjects. At LOGISCOOL, the data are protected by means of suitable measures
against unauthorised access, alteration, transmission, publication, deletion or destruction, damage and
accidental loss, and to ensure that stored data cannot be rendered inaccessible due to any modification
to the technology employed. Within their sphere of competence, data processors must implement
adequate safeguards and appropriate technical and organisational measures to protect personal data, as
well as adequate rules of procedure to enforce the provisions of the Information Act and other rules
governing the protection of data and confidential information.

With a view to protecting the data files electronically processed in various records, LOGISCOOL
provides an adequate technical solution in order to ensure that the data stored in such records should
not be linked with each other or to the data subject unless such links are permitted by the law. During the automated processing of personal data, data controllers and processors shall implement
additional measures designed to:

✓ prevent the unauthorised entry of data;
✓ prevent the use of automated data-processing systems by unauthorised persons using data
communication equipment;
✓ ensure that it is possible to verify and establish to which bodies personal data have been or may
be transmitted or made available using data communication equipment;
✓ ensure that it is possible to verify and establish which personal data have been entered into
automated data-processing systems and when and by whom the data were entered;
✓ ensure that the systems installed can be recovered in the event of a service disruption and that any errors during automated processing are reported.

When taking the measures in order to protect data, controllers and processors must take into
consideration the actual state of technology. Where alternative solutions are available for the
processing of data, the selected solution must ensure the most efficient protection of personal data
unless it would entail disproportionate difficulties for the controller.

The infocommunication system and network of LOGISCOOL and its partners are protected against
computer hacking, fraud, espionage, intrusion, sabotage, vandalism, fire and flood, computer viruses
and attacks resulting in the refusal to perform services. The operator will ensure security by providing
adequate protective measures.

Please note that, regardless of protocol (email, web, ftp etc.), online electronic messages are vulnerable against network threats potentially resulting in fraudulent practices, disputing the provisions of the contract or the disclosure of, or tampering with, information. The controller shall take all reasonable precautionary actions in order to prevent such threats. It shall monitor the systems in order to record
any security breaches and to provide evidence regarding any security incidents. Moreover, the monitoring of systems also enables the verification of the efficiency of precautions.

7. Legal remedies

7.1. Requests for information
According to GDPR, data subjects may request information concerning the processing of their personal data, and within legally specified cases may request the correction, deletion, locking or of their personal data and may protest against the processing of those personal data. The information request and the requests defined previously in this section may be addressed to the contact information of the
Data controller mentioned in Section 2. of this document.
At the request of the data subject, LOGISCOOL, as the controller, shall provide information on the relevant data processed by it or by its processors, on the source of such data, the purpose, legal basis and duration of processing, the name and address of the processor and its activities related to processing and, where the data are transferred, on the legal basis of such transfer and the recipient of data.
The controller shall, as soon as possible from submission of the request but within no more than 30 days, provide written information, in easily accessible language, relevant to the request submitted by the data subject. This deadline can be prolonged by two months if the nature of the request, as well as the number of requests justifies the need. The subject needs to be notified with specification of the
reasons regarding the prolongation of the deadline by LOGISCOOL within one month from the receiving. Information shall be provided free of charge, if the subject’s request is obviously unsubstantiated or – especially due to its recurring nature – excessive, LOGISCOOL charges a reasonable fee – based on
the requested information or provision of information or the administrative costs of the requested action – or refuses the action based on the request.
In exceptional cases, if LOGISCOOL has reasonable doubts regarding the identity of the natural person submitting the request, additional personal data may be requested to confirm the identity. This measure is defined within the GDPR Article 5 (1)(f) section, due to the facilitation of data processing confidentiality, that is the prevention of unauthorized access to personal data.

7.2. Legal remedies regarding the processing of personal data
LOGISCOOL shall rectify or correct any incorrect personal data if the correct personal data are available. LOGISCOOL – based on the request of the subject – restricts the data processing, if the accuracy of the data is arguable, or if the data processing is illicit, or if the Subject is objecting to the data processing, as well as if the Data controller is henceforth not in need of the information.

LOGISCOOL shall delete the personal data, if LOGISCOOL does not need the data processing, or if the Subject withdraws his/her consent, or objects to the data processing, or if the data processing is illicit. A period of 30 days is available to the controller for the deletion or correction of personal data.

If the controller refuses to comply with the data subject’s request for the correction, locking or deletion of personal data, it shall notify the data subject of the reasons for such dismissal in writing within 30 days. LOGISCOOL is aiming to notify all data controllers, who have or could have been in contact with the possibly publicized data. The subjects can receive their own personal data previously provided by them in an articulated, widely used, computer-legible format, and they can transmit such data it to another data processor.

LOGISCOOL is notifying the subject, as well as all recipients with which and whom the information could have been shared, about all correction, deletion and data processing restriction, except if it seems impossible or if it requires disproportionately large effort. LOGISCOOL is providing information
about the recipients if the subject requests it. No notification shall be sent if, considering the purpose of processing, it does not prejudice the legitimate interests of the data subject. Where the data subject disagrees with the decision made by LOGISCOOL, it may seek redress from the court within 30 days of the communication of such decision. The court will act with urgency in the matter.

7.3. Lodging a protest
Data subjects are entitled to protest against the processing of their personal data based on GDPR Article 6 section (1) e) or f) relating to reasons due to their personal situation, including the profiling based on the abovementioned section. In this case LOGISCOOL is not allowed to process the personal data onwards, except if it is demonstrated that the data processing is verified by compelling legitimate
reasons, that takes priority up against the interests, rights and independence of the subjects, or if they are connected to the proposing, validation or protection of legal demands. The protest shall be reviewed by LOGISCOOL as soon as possible but no later than within 15 days; where the protest is found to be valid, it shall adopt a decision, informing the applicant thereof in writing.
Where the controller has established that the protest lodged by the data subject is valid, it shall terminate processing, including any further recording or transmission of data and notify any parties to whom the personal data concerned by the protest were previously transmitted and to the parties obliged to take action in order to enforce the right to lodge protests.

Where the data subject has requested the deletion of his/her data stored for the purposes of customer management, LOGISCOOL shall terminate the data. The termination of processing means the destruction or anonymisation of data or, in the event of direct marketing, the data subject does not want to cooperate with LOGISCOOL, it shall also involve inclusion in the prohibition list. On the basis of
the above, LOGISCOOL keeps a prohibition list on the Logiscool and home address data of the data subjects who have requested the termination of processing their data for the purpose in question or have not consented to such processing despite the prior request by the direct marketing entity or, following the receipt of data, they exercised their right to bar data with the register of personal data
and home addresses. 

The purpose of the prohibition list is to ensure that the data of data subjects included in the list should not be repeatedly received, disclosed to third parties or added to any other communication or direct marketing lists. The data subjects on the prohibition list may not be requested to consent to the sending of direct marketing messages and no advertising messages may be sent to such data subjects unless the
prohibition is restricted to a specific purpose.

The data in the prohibition list will be used by LOGISCOOL to the extent necessary for ensuring compliance with the statutory requirements, it will not be linked to other data files, disclosed or used for any other purpose; LOGISCOOL shall enable data subjects to exercise their rights provided for in these Guidelines.
Where the data subject disagrees with the controller’s decision, it may seek redress from the court within 30 days of the communication of such decision.

LOGISCOOL may not delete the data of the data subject where processing has been provided for by the law. However, the data may not be transferred to the recipient if the controller has approved of the protest or if the court has ascertained that the protest is valid. If the rights of the data subject have been breached, it may seek redress from the court against the controller. The court will act with urgency in the matter. The protection of personal data is highly important to LOGISCOOL, in addition respects the subject’s right to self-determination, therefore aims to react to all requests correctly and within the deadline.

With regard to this in the case of possible conflicts LOGISCOOL is asking the subjects of making a contact – for making a complaint – prior to magisterial or judicial claim enforcement in order to settle a dispute with LOGISCOOL by peaceful means.

The controller shall be exempted from its responsibility if the damage occurred for reasons beyond its control. The controller will not reimburse the damage and no damages may be claimed if the damage or the invasion of the data subject’s privacy were due to wilful or grossly negligent conduct by the data subject. Should you have any comments regarding the processing of data by LOGISCOOL, please contact our
data protection officer: emails should be addressed to [email protected].

7.4. Requests for legal remedy or complaints should be submitted to:
National Authority for Data Protection and Freedom of Information
Registered address: 1055 Budapest, Falk Miksa utca 9-11, Hungary
Postal address: 1363 Budapest, Pf.: 9. , Hungary
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Email: [email protected]
Website: www.naih.hu

7.4.1. Judicial proceedings
For legal enforcement in accordance with local law, contact your local court.

7.4.2. Compensation and damages
Where the controller causes damage to other persons through the unlawful processing of the data of the data subject or by breaching the requirements of data security, it shall compensate such other persons for the damage.
The damage need not be reimbursed, and no damages shall be claimed if the damage or the invasion of the data subject’s privacy were due to wilful or grossly negligent conduct by the data subject.

8. Miscellaneous

If LOGISCOOL wishes to use the provided data for different than the originally specified reasons, LOGISCOOL informs the subjects and acquires previously specific consent, or provides the possibility of prohibition of usage.
LOGISCOOL requires itself to take care of the security of the data, as well as taking required technical steps to ensure the protection of all recorded, saved, and processed data, and the best effort in order to prevent the elimination, illicit usage and illicit alteration. On Logiscool webpage https protocol is used with higher data security level than http protocol.
LOGISCOOL keeps record of all the data privacy activities that are within its responsibility (Data processing activities record) based on GDPR Article 30.
Data privacy incidents are the damages to security, where the processed privacy data is accidentally or illicitly destroyed, lost, altered, illicitly communicated or lead to unauthorized access. In case of data privacy incidents LOGISCOOL is proceeding based on GDPR Article 33 and 34. LOGISCOOL keeps record of all data privacy incidents, indicating all relevant facts, their effects and the measures taken
to remedy the incident. 
LOGISCOOL is entitled to modify this agreement unilaterally at any time. LOGISCOOL informs the subjects about the changes on its website surface. Following the changes, the updated Terms of Use must be specifically accepted on the webpage and on the given manner to be able to use the website.

Effective: May 25, 2018

LOGISCOOL Kft