1. A few data privacy related definitions to better understand the Policy

Personal data

means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing

means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Controller

means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by EU or Member State law;

The controller of the User’s personal data is META-INF i.e. the Service Provider

Processor

means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Third party

means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

Data forwarding

Means the disclosure of personal data to specific third parties;

Data subject

Everybody who shares personal data with the Service Provider through the Website or via other channels or whose personal data is processed by the Service Provider otherwise. For example, the User who reads this Policy;

Consent of the data subject

means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Personal data breach

means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

Most of the above definitions are used by the GDPR. The full text of the GDPR is available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=HU .

The above list is not complete so should you need more information or explanation do not hesitate to contact us.

The Service Provider would like to inform the User that during the processing it does not process or request any sensitive, genetic or biometric data.

‍

2. In which cases do we process personal data?

In accordance with the principles laid down by Article 5 Section (1) of the GDPR the personal data of the User is processed in the following cases:

• Trainings, workshops
• Invoicing
• Customer service
• Newsletter subscription

‍

3. What data, for what purpose and for how long do we process?

In the cases detailed above the legal ground for processing shall be the following:

• In accordance with article 6 Section (1) Point a) of the GDPR the freely given, specific, informed and unambiguous consent of the User (hereinafter as: „Consent”);
• In accordance with article 6 Section (1) Point b) of the GDPR processing is necessary for the performance of a contract to which the User is party (hereinafter as: „Performance of Contract”);
• In accordance with article 6 Section (1) Point c) of the GDPR processing is necessary for compliance with a legal obligation to which the controller is subject (hereinafter as: „Compliance”);
• In accordance with article 6 Section (1) Point f) of the GDPR processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (hereinafter as: „Legitimate Interest”);

With respect to that we are not able to limit the amount of personal data may be sent to us by the User via any communication channel, because we have no influence on the User who voluntarily provide personal data, therefore we kindly request You that please only provide the most necessary information and data that is prescribed by the Service Provider in present Policy when contacting us in any was so do not share any personal data that we do not request or wish to handle under this Policy. If, despite our explicit request under this section, You provide us with information that is not necessary for the purposes of processing personal data and that may subsequently be detrimental to our Company, then by accepting present Policy You undertake to exempt our Company from any harmful consequences, including fines.

IV.1. Training, workshop

The Service Provider provides the User with training related to the use of Atlassian systems, during which it is necessary to process the personal data of the persons participating in the trainings either in order to verify their participation in the training or to provide them with the training material. With respect to that the Service Provider falls under the scope of Act LXXVII of 2013 on adult education (“AE Act”) and Government Decree no. 11/2020 (II.7.) on the implementation of the adult education act (hereinafter as: “AE Implementation”) therefore the processing of the User’s personal data and the scope of data processed and the duration of processing is prescribed by law.

‍

‍

III.2. Invoicing

III.2.1. If the invoice about the Service is issued for a legal entity then the Service Provider process the personal data found below.

‍

‍

The Service Provider processes the above personal data only if the contact person’s e-mail address contains the name of a natural person. If the contact e-mail address is general (e.g. info@example.com or finance@example.com) then the Service Provider process the data but it shall not be considered as personal data. The Service Provider draws the User attention that if the e-mail address contains the name of a natural person the consent of the contact person to provide such data shall be obtained by the User.

III.2.2. If the invoice about the counter value of using the Service shall be issued for a natural person the Service Provider process the following data.

‍

‍

The mandatory content of the invoice and the duration of storing is prescribed by law therefore the Service Provider process these in order to comply with its legal obligation.

III.3. Customer service

In order to provide technical support for the Users we maintain a customer service.

In case of requests sent by e-mail:

If the User contacts our Customer Service by e-mail at the address info@meta-inf.hu then by sending the e-mail the User acknowledges the processing of personal data. In order to be able to fulfill the User’s customer service requests, certain personal data must be processed. Without these, the Service Provider is not be able to complete the customer service request as the Service Provider would not be able to contact the User.

‍

‍

III.3. Newsletter subscription

‍

‍

The User has the option to subscribe to our newsletter when applying for training. The subscription lasts until the User's consent is withdrawn, i.e. until the User unsubscribes, and the Service Provider will process the User's e-mail address and name only with the User's express consent until the User withdraws his/her consent. Further information on the withdrawal of consent is provided in Chapter VI of this Policy.

‍

4. Where and how my personal data is stored?

All personal data is stored electronically on trusted secure servers. The data which is stored by the Service Provider is either on a server located within the European Union or on a server of a processor who is properly certified in relation to the processing of personal data.

The Service Provider ensures the protection of data on several levels (physically, technically and organizationally), which in each case comply with industry standards.

Notwithstanding the above, the Service Provider shall not be liable for any damage, destruction or unauthorized access to the data in the event of technical error, natural disaster, terrorist or criminal act.

‍

5. What rights he User has in connection with processing personal data?

Request for information (right to access): the User may request information about the processing of the collected personal data at any time, either in person, at the Service Provider’s registered seat address, in writing by sending a registered letter or by email to privacy@meta-inf.hu.

Pursuant to Article 15 Section (1) of the GDPR, a request may include information on the data processed, their source, purpose, legal ground, duration, name and address of any processor, processing activities and the User’s rights in relation to processing. In the case of data transfer, to whom and for what purpose the data have been or will be transferred.

A request for information is considered authentic if the User is clearly identified by the Service Provider. If the request is sent by e-mail or post, only the e-mail sent from the User’s registered e-mail address will be considered as authentic, and the Service Provider will only be able to send information to the postal address registered by it. Unless the User voluntarily verify the identity otherwise thereof, the Service Provider will not be able to send information to an e-mail address or postal address that is not registered in its records in order to protect the User’s privacy.

Rectification: The User may at any time request the rectification, modification or amendment of the collected data in the same manner described above. The Service Provider can also do this only on the basis of a request from a credible source presented when submitting the request.

Restriction: The User may request that the Service Provider restricts the processing of the personal information in particular if:

a) The User argues the accuracy of the personal data we process. In this case, the limitation refers to the period during which the accuracy of the data is checked.

b) Although the legal ground for processing does not stand for us, but the User is requesting the Service Provider in writing to keep them for the purpose of filing, asserting, or defending any legal claim the User may have

Objection: If the Service Provider process the User’s personal data on the ground of legitimate interest, the User may at any time object to the processing of the Users personal data. In such cases, the Service Provider will review the legality of the objection and, if it is well established, the Service Provider terminate the processing of data and notify anyone to whom the personal data subject to the objection may have been previously transmitted.

Deletion (“Right to be forgotten”): You may request the deletion of Your personal data at any time for any of the reasons set out in Article 17 Section (1) of the GDPR.

We may refuse deletion if the processing of Your personal data is required by law or if it is necessary to enforce the legal claims. We will always inform You about the refusal of the request for deletion. Once it is deleted, the data cannot be recovered.

Transfer of Personal Data (Portability): You may at any time request us to transfer the data processed in connection with You in a structured, widely used, machine-readable format to You or to another controller.

We kindly ask You to not exercise the above rights improperly, but only if it has a real ground or if any of the conditions set out in the GDPR actually exist.

‍

6. How can You withdraw Your consent if the ground for processing is based on consent?

If under present Policy the legal ground of processing is the data subject's i.e., the User's consent, then the User has the right to withdraw this consent. Depending on the purpose of processing there are many ways to do it. You may withdraw Your consent given at browsing at any time, free of charge and without limitation by revisiting the Website and clicking on the pop-up window. In addition, if You do not have the possibility to withdraw Your consent this way, you may withdraw it by sending a message to privacy@meta-inf.hu or in case of newsletter subscription by clicking on the "Unsubscribe" button at the bottom of the email or by sending a letter to the Service Provider's headquarters address.

Please note that the withdrawal of consent does not affect the legality of the processing prior to the withdrawal.

‍

7. Joint data processing

The Service Provider informs the User that for the purpose of promoting, sales and organizing trainings provided within the framework of the Service it cooperates with the following entities:

Name: Training 360 Kft.

Registered seat: 1117 Budapest, Budafoki út 56. A. ép. III. em., Hungary

Company registration number: 01-09-970992

E-mail: info@training360.hu

Represented by: József Nyisztor as managing director

(hereinafter as: “Training 360”)

Name: Trinspire Kft.

Registered seat: 1138 Budapest, Madarász Viktor utca 47-49., Hungary

Company registration number: 01-09-723584

E-mail: info@trinspire.hu

Represented by: Attila Gyúri as managing director

(hereinafter as: “Masterfield Training Center”)

With regard to the trainings organized by Training 360 and the Masterfield Training Center, the Service Provider qualifies as a joint data controller with the latter in accordance with Article 26 Section (1) of the GDPR in relation of personal data detailed in Section III.1. of this Policy. The Service Provider has entered into a joint data controller agreement with Training 360 and the Masterfield Training Center in accordance with the provisions of Article 26 Section (1) of the GDPR, which regulates the manner of exercising rights and obligations under the GDPR and the division of responsibilities between the parties.

Pursuant to Article 26 Section (2) of the GDPR, the Service Provider informs the User about the essential content of the joint data controller agreement in its informative available at https://www.meta-inf.hu/en/atlassian-training/information-on-joint-data-controllers/ .

The Service Provider informs the User that pursuant to Article 26 Section (3) of the GDPR, regardless of the content of the above agreement, the User may choose to exercise his / her rights under GDPR that is detailed in Section V of present Policy against the Service Provider or Training 360 or Masterfield Training Center.

‍

8. To whom we transfer personal data and who has right to access them?

Your personal data is kept confidential and will not be disclosed to any third party except as provided below.

VII.1. With respect to the organization of the trainings:

The Service Provider uses the so called JIRA and Confluence softwares developed and distributed by the following service provider in connection with the rganization of the trainins, and the following service provider is therefore considered as the Service Provider’s data processor

Name: Atlassian B.V. c/o Atlassian, Inc.
Address: 350 Bush Street San Francisco, CA 94104 USA

e-mail address:  eudatarep@atlassian.com

(hereinafter referred to as: “Atlassian”)

Atlassian may not use the above-described data for any purpose outside the performance of its duties and it makes no independent decision regarding the personal data.

Atlassian’s privacy policy is available at the following link: https://www.atlassian.com/legal/privacy-policy

Atlassian takes all reasonable measures to ensure that personal data is protected by the GDPR, so Atlassian has also submitted itself to the use of provisions of the SCC. The Atlassian SCC-compliant Data Privacy Notice can be downloaded at the following link: https://www.atlassian.com/legal/data-processing-addendum

VIII.2. Hetzner

In connection with the management of applications, Service Provider use the server providing services of Hetzner which servers are located within the European Union. Hetzner may be reached at:

Name: Hetzner Online GmbH
Registered seat: Industriestr. 25, 91710 Gunzenhausen, Germany
Company Ansbach, HRB 6089
E-mail: info@hetzner.com
Phone number +49 9831 505-0
Represented by: Martin Hetzner, managing director

(hereinafter as: “Hetzner”)

Hetzner’s privacy policy shall be reached through this link: https://www.hetzner.com/legal/privacy-policy

VIII.3. Correspondence (e-mail)

The Service Provider use Gmail a product of Google Inc. to manage correspondence by e-mail.

Name: Google Ireland Ltd
Registered seat: Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Location of Servers: Dublin, Ireland

(hereinafter as: “Google”)

Google processes EU related data within the territory of the European Union through its servers located in Dublin, Ireland. Google may not access, modify, delete, use, or otherwise manipulate user related data stored on the server provided by Google. If, for any reason, Google processes personal data outside the European Union, it will provide adequate protection in accordance with the provisions of the GDPR. Learn more at https://policies.google.com/privacy/frameworks

Google provides the protection of data on multiple levels, such as physically protecting data storage servers, which are secured and supervised by security guards and technicians, it restricts access to server rooms by its employees and by providing uninterruptible power supply and other state-of-the-art infrastructure, restricting access to data, continuously monitoring its system, encryption and firewall protection. The Google Privacy Policy is available at https://policies.google.com/privacy/frameworks .

VIII.4. Office365

In connection with its „Solution Partner” related activities the Service Provider also use Office 365 by Microsoft Corportion to share documents and educational materials etc. with the User. In connection with Office 365 the processor is:

Name: Microsoft Ireland Operations Limited
Registered seat: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18., Ireland
Online contacting form: https://privacy.microsoft.com/en-us/privacy-questions
Phone number: +353-1-706-3117
Represented by: Satya Nadella director

(hereinafter as: “Microsoft”)

Microsoft process the data of people living within the territory of the European Union within the EU in Ireland. It may occur that Microsoft transmits data to its parent company Microsoft Corporation however Microsoft Corporation is a Privacy Shield certified company (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active )

Privacy related materials of Microsoft may be reached at:

https://privacy.microsoft.com/hu-hu

https://privacy.microsoft.com/en-us/privacystatement

https://support.office.com/hu-hu/article/az-adatv%C3%A9delmi-be%C3%A1ll%C3%ADt%C3%A1sok-megtekint%C3%A9se-a-microsoft-office-adatv%C3%A9delmi-k%C3%B6zpontj%C3%A1ban-d672876e-20d3-4ad3-a178-343d044e05c8?omkt=hu-HU&ui=hu-HU&rs=hu-HU&ad=HU

VIII.5. In connection with education:

VIII.5.1. In order to fulfill its obligation under Article 15 Section (1) Point b) the Service Provider forwards the User’s personal data to the state administration body for adult education operating the adult education reporting system (hereinafter as: “AERS”), which may be contacted at:

Name: Pest Vármegyei Kormányhivatal (Government Office of Pest County)
Registered seat: 1052 Budapest, Városház utca 7.
Identification number: 789356
Represented by: dr. Richárd Tarnai government commissioner
E-mail: pest@pest.gov.hu
DPO: dr. Éva Pércsi (address: 1052 Budapest, Városház utca 7., phone: +36 22 379493, e-mail: adatvedelem@pest.gov.hu)

(hereinafter as: „GOPC”)

The privacy policy of GOPC is available at: https://tudasbazis.ekreta.hu/pages/viewpage.action?pageId=46760379

VIII.5.2. Data forwarding related to acquiring or issuing Education ID number

Name: Oktatási Hivatal (Education Authority)
Registered seat: 1055 Budapest, Szalay utca 10-14.

Postal address: 1363 Budapest, PO Box. 19.
ID of the founding document: 48049-4/2019/PKF
Represented by: Sándor Brassói chairman

E-mail: info@oh.gov.hu

The Service Provider informs the User that in accordance with Article 25/A Section (1) of the AE Implementation the Service Provider as institution for adult education shall keep records of the User as participant in adult education based on his / her education ID number. If the User does not have and education ID number or it is not known to him / her and therefore the Service Provider could not provide it for the state administration body for adult education in the AERS, then AERS takes care of retrieving or obtaining the User's educational ID in a way that the Service Provider provides the personal identification data for the state administration body for adult education in AERS and then which forwards it to the Education Authority in order to obtain the education ID number.

VIII.6. In connection with invoicing

The Service Provider issues its invoices with one of Hungary's largest online billing system, http://szamlazz.hu . If the User provides his/her own data as billing data, then as described above, since it is considered as personal data it is subject to processing by the Service Provider. Operator of http://szamlazz.hu  website as our processing partner is:

Name: http://KBOSS.hu  Kereskedelmi és Szolgáltató Kft.
Registered seat: 1031 Budapest, Záhony utca 7., Hungary
Company registration number: 01-09-303201
E-mail address: info@szamlazz.hu
Represented by: Balázs Ángyán managing director

(hereinafter as: „KBOSS”)

KBOSS has a privacy policy complying with the GDPR which is available at: https://www.szamlazz.hu/adatvedelem/

VIII.7. In connection with newsletter subscription

Name: HubSpot Ireland Limited

Address: Hubspot House, 1 Sir John Rogerson's Quay, Dublin Docklands, Dublin, D02 CR67, Ireland

Registration number: IE515723

Email: privacy@hubspot.com

Phone: +353 1 5187500

Represented by: Christian Kinnear director

Contact details of the DPO: https://preferences.hubspot.com/privacy

(hereinafter referred to as “Hubspot”)

If Hubspot transfers any data outside of the European Union, for example to its parent company HubSpot Inc., (seat: 25 First Street, 2nd Floor, Cambridge, MA 02141, USA, registration number number: 000955519, represented by: Brian Halligan director), the User’s email address and other data is protected in the same level as in Europe, in light of the European Commission's adequacy decision for EU-US data flows.

Hubspot’s privacy related documents may be found at the following links:

https://legal.hubspot.com/privacy-policy

https://www.hubspot.com/data-privacy/gdpr/product-readiness

‍

9. To whom and in what cases are we required to disclose personal data?

The Service Provider may be requested to disclose personal data it processes to authorities in response to legal requests, like search warrants, court orders, production orders or subpoenas. These requests come from third parties such as civil litigants, law enforcement and other government authorities. The Service Provider discloses data in accordance with applicable law, the Service Provider cannot be held liable for any such transfer or any resulting consequences. The Service Provider will always inform the User about the transfer if it is not prohibited by law or by the requester authority.

‍

10. What are the responsibilities with regard to the personal data You provide?

When the User provides to the Service Provider personal data, the User is responsible for ensuring that the information and contributions are true and correct.

The Service Provider asks the User to provide third-party data only if specifically authorized to do so by the third party. The Service Provider assumes no liability for any resulting claims.

If a third-party objects the processing of personal data by credibly verifying its identity, the Service Provider will immediately delete third-party data without notifying the User. The User is requested to only provide third-party personal data only if the User has informed the third party of the availability of this Policy.

‍

11. Management of Personal data breach

Personal data breach – except that is unlikely to result in a risk to the effected person – may occur will be reported to the supervisory authority within 72 hours from becoming known to us in accordance with the law, and we will also maintain records of any breach that may occur. In the cases specified by law, we also inform users concerned.

‍

12. Data Protection Officer (DPO)

Pursuant to Article 37 of the GDPR appointment of a DPO is mandatory if:

a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity;

b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or

c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.

With respect to that the Service Provider is not subject to any of the clauses above and because there is no other compelling reason to appoint a DPO we are not appointing anyone for this position.

‍

13. Amendment of the Privacy Policy

If the scope of the processed data, the legal ground of the processing or other circumstances change, this Policy will be amended and published in accordance with the provisions of the GDPR and the User will be notified of such change given that the changes will become effective from the following day of publication, through our Website. Please be sure to read the Policy changes carefully as they contain important information about the processing of the personal data.

‍

14. To whom the User can turn to for information regarding thepersonal data or to exercise of the rights?

If You have any questions, please contact us by email privacy@meta-inf.hu, phone +36 30 515 4464 or at 1192 Budapest Taksony utca 6. fszt 1., Hungary

The User is entitled to exercise the rights related to the processing of personal data against the Service Provider as controller. If the User wish to exercise such rights, the User must first notify the Service Provider.

If the User feel that the rights have been violated, the User can complain to the National Authority for Privacy and Freedom of Information:

Name: National Authority for Privacy and Freedom of Information
Address: 1055 Budapest, Falk Miksa utca 9-11., Hungary
Mailing address: 1363 Budapest, PO box: 9., Hungary
Phone: 0613911400
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu

In the event of a dispute arising out of or in connection with this the present Privacy Policy, its breach, validity or interpretation, the User may bring the dispute to the competent court under Act CXXX of 2016 on the Code of Civil Procedure (Code of Civil Procedure):

Name: Budapest District Court for the XVIII. and XIX.Districts
Address: 1191 Budapest, Kossuth tér 7/9., Hungary
Mailing address: 1703 Budapest, PO Box. 4., Hungary
Phone: +36 1 357 4333
E-mail: kispest.elnokseg@birosag.hu
Website: https://fovarositorvenyszek.birosag.hu/jarasbirosagok/budapesti-xviii-es-xix-keruleti-birosag