Introduction

British Language Centre Ltd. is committed to protecting the personal data of its users, students, clients and partners, and considers it of utmost importance to respect the users' right to informational self-determination. British Language Centre Ltd. treats personal data confidentially and takes all security, technical and organizational measures to guarantee the security of the data.

Below we present our data management principles, presenting the expectations that it has formulated towards itself as a data controller and complies with in all cases. Its data management principles are in line with the applicable data protection legislation, in particular the following:

- Act LXIII of 1992 on the protection of personal data and the disclosure of data of public interest

- Act LXXVII of 2013 on adult education

- Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society

- Act XLVIII of 2008 on the protection of personal data and the disclosure of data of public interest

- Act XLVIII of 2008 on the protection of personal data and the disclosure of data of public interest

- Act LXXVII of 2008 on the protection of personal data and the disclosure of data of public interest

- Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society

- Act XLVIII of 2008 on the protection of personal data and the disclosure of data of public interest

- Act LXXVII of 2008 on the protection of personal data and the disclosure of data of public interest

- Act LXXIII Act on the Basic Conditions and Certain Limitations of Economic Advertising Activity

- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information

Basic data processing concepts

personal data: data relating to the data subject - in particular the name, an identifier and one or more physical, physiological, mental, economic, cultural or social identity of the data subject - and the conclusion that can be drawn from the data concerning the data subject;

consent: a voluntary and definite declaration of the data subject's will, based on appropriate information, by which he or she gives his or her unequivocal consent to the processing of personal data relating to him or her - in full or in specific operations;

objection: a statement by the data subject by which he or she objects to the processing of his or her personal data and requests the termination of the processing or the erasure of the processed data;

data controller: a natural or legal person or an organisation without legal personality who, alone or jointly with others, determines the purposes of the processing of data, takes and implements the decisions relating to the processing (including the means used), or has them implemented by a data processor entrusted by him or her;

data processing: any operation or set of operations performed on data, regardless of the method used, such as collection, recording, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, erasure and destruction, as well as preventing further use of data, taking photographs, sound or image recordings and recording physical characteristics suitable for identifying a person (e.g. fingerprints or palm prints, DNA samples, iris images);

data transfer: making data available to a specific third party;

disclosure: making data available to anyone;

data erasure: making data unrecognizable in such a way that their recovery is no longer possible;

data blocking: providing data with an identification mark in order to limit further processing permanently or for a specified period;

data destruction: complete physical destruction of the data medium containing the data;

data processing: the performance of technical tasks related to data processing operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on data;

data processor: the natural or legal person or organization without legal personality who processes data on the basis of a contract concluded with the data controller - including a contract concluded on the basis of a provision of law;

third party: a natural or legal person or organization without legal personality who is not the same as the data subject, the data controller or the data processor;

Data processing principles

Personal data may only be processed for specific purposes, in order to exercise a right and fulfill an obligation. Data processing must comply with the purpose of data processing at all stages, and the collection and processing of data must be fair and lawful.

Only personal data that is essential for the purpose of data processing and suitable for achieving the purpose may be processed. Personal data may only be processed to the extent and for the period necessary to achieve the purpose.

During data processing, the accuracy, completeness and - if necessary with regard to the purpose of data processing - up-to-dateness of the data must be ensured, and the data subject must only be identified for the period necessary for the purpose of data processing.

Personal data may be processed if

a) the data subject consents to it, or

b) it is ordered by law or - on the basis of the authorization of law, within the scope specified therein - by a local government decree for a purpose based on public interest

Personal data may only be processed with consent based on adequate information.

The data subject must be informed in a clear, understandable and detailed manner of all facts related to the processing of his or her data, in particular the purpose and legal basis of the data processing, the person authorised to process and process the data, the duration of the data processing and who may access the data. The information must also include the data subject's rights and legal remedies in relation to the data processing.

The personal data processed must meet the following requirements:

a) their collection and processing are fair and lawful;

b) they are accurate, complete and, if necessary, up-to-date;

c) they are stored in a manner that allows the data subject to be identified only for the period necessary for the purpose of storage.

Personal data may be transferred and different data processing operations may be linked if the data subject has consented to it or if the law permits it and if the conditions for data processing are met for each personal data item.

Scope of personal data processed by the service provider, purpose, legal title and duration of data processing

British Language Centre Kft. The data processing of its services is based on voluntary consent. However, in certain cases, the processing, storage and transmission of a range of data provided is mandatory by law, of which we separately notify our customers. We draw the attention of those who provide data to British Language Centre Kft. that if they do not provide their own personal data, the data provider is obliged to obtain the consent of the data subject.

Data of visitors to websites operated by British Language Centre Ltd.

British Language Centre Ltd. operates the following website:

www.blc.co.hu and its subdomains

Purpose of data processing: when visiting the website, British Language Centre Ltd. records visitor data in order to provide the service, monitor its operation, and prevent abuse.

Legal basis for data processing: the consent of the data subject, or Section 13/A. (3) of Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society.

Scope of data processed: date and time of visit, address of the visited and previously viewed page, operating system and browser type, IP address.

Duration of data processing: 1 year from the date of viewing the website.

The html codes of the portals available at http://www.blc.co.hu are owned by British Language Centre Ltd. contain links coming from and pointing to external servers independent of . The providers of these links are able to collect user data due to the direct connection to their servers.

British Language Centre uses Google Analytics, Google Remarketing, AdWords Conversion Tracking, and Facebook Remarketing programs to measure the traffic to the www.blc.co.hu website and monitor the behavior of its visitors, to create statistics, and to measure the effectiveness of its advertisements.

The referenced programs place so-called cookies on the user's computer, which collect user data. Visitors to the British Language Centre website (Users) allow BLC to use the Google Analytics, Google Remarketing, AdWords Conversion Tracking, and Facebook Remarketing programs. They also consent to BLC monitoring and tracking their user behavior and to using all services provided by the programs for BLC. In addition, the user has the option to disable the recording and storage of cookies for the future at any time as described below. We inform our users that the settings and use of Google Analytics, Google Remarketing, AdWords Conversion Tracking, and Facebook Remarketing programs fully comply with the requirements of the data protection authority.

According to Google, Google Analytics mainly uses first-party cookies to report visitor interactions on its website. These cookies only record non-personally identifiable information. Browsers do not share their own cookies between domains. More information about cookies can be found in the Google Advertising and Privacy FAQ.

The British Language Centre uses Google Analytics to measure the effectiveness of its campaigns. Using the program, the Department mainly obtains information about how many visitors have visited its website and how much time visitors have spent on the website. The program recognizes the visitor's IP address, which is why it can track whether the visitor is a returning or new visitor, and it can also track the path the visitor has taken on the website and where they have entered.

The British Language Centre uses the Google Remarketing program to collect data from the DoubleClick cookie in addition to the usual Google Analytics data. The DoubleClick cookie enables the use of the remarketing service, which primarily ensures that visitors to the British Language Centre website will later encounter British Language Centre advertisements on free Google advertising platforms. The British Language Centre uses the Google Remarketing program for its online advertisements. British Language Centre advertisements are also displayed on Internet websites by external service providers, such as Google. The British Language Centre and external service providers, such as Google, use their own cookies (such as Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) together to learn about users' previous visits to the website and to optimize and display advertisements.

The purpose of Google Analytics conversion tracking is to enable the British Language Centre to measure the effectiveness of AdWords advertisements. It does this by using cookies placed on the User's computer, which exist for 30 days and do not collect personal data.

The British Language Centre uses Facebook's remarketing pixel to increase the effectiveness of Facebook ads, for the purpose of building a so-called remarketing list. This means that after visiting the Website, third-party service providers - such as Facebook - can display ads on Internet websites. Remarketing lists are not suitable for personal identification. They do not contain the personal data of the visitor, they only identify the browser software.If you wish to manage your cookie settings or opt out of this feature, you can do so from your own browser. Depending on your browser's toolbar, this option may be located in the Cookies/Tracking Features Settings menu, but you can usually set which tracking features you enable/disable on your computer under Tools > Settings > Privacy Settings.

Users who do not want Google Analytics to report on their visits can install the Google Analytics Opt-Out Browser Add-on. This add-on instructs the Google Analytics JavaScript scripts (ga.js, analytics.js, and dc.js) not to send visit information to Google. In addition, visitors who have installed the opt-out browser add-on will not participate in content experiments.

If you wish to opt out of Analytics web activity, please visit the Google Analytics Opt-Out page and install the add-on for your browser. For more information about installing and removing the extension, see the help for your specific browser.

User database

To use the online services of British Language Centre Ltd. (online application and level assessment, newsletter, vocabulary development), users must provide personal data.

Online application and level assessment

The purpose of data management: to provide applicants with a specific course offer. The data provided by the user is essential for identification and contact. British Language Centre Ltd. undertakes to contact the applicant within 1 working day at the contact details provided.

The legal basis for data management: the consent of the data subject, or Section 13/A. (3) of Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society.

The scope of data managed: surname, first name, e-mail address, telephone number

Duration of data management: 1 year from the date of application.

Data management registration number: NAIH-70422/2013.

Newsletter and other notifications

British Language Centre Ltd. regularly (typically weekly) sends out newsletters to students who have requested to receive the newsletter.

In addition, the British Language Centre Ltd. newsletter system may occasionally send other messages inherent in the service.

Other data processing

We will provide information on data processing not listed in this information when the data is collected. We inform our customers that the court, the prosecutor, the investigating authority, the misdemeanor authority, the administrative authority, the data protection commissioner or other bodies authorized by law may contact the data controller to provide information, communicate, transfer data or make documents available. British Language Centre Kft. will only provide personal data to the authorities, if the authority has specified the exact purpose and scope of the data, to the extent and insofar as this is absolutely necessary to achieve the purpose of the request.

Method of storing personal data, security of data processing

The server serving the websites of British Language Centre Kft. was placed in the server room of SunCorp Graphic.

British Language Centre Kft. The IT tools used to process personal data during the provision of the service are selected and operated in such a way that the processed data:

is accessible to those authorized to do so (availability);

its authenticity and authentication are ensured (authenticity of data processing);

its unchangeability can be verified (data integrity);

is protected against unauthorized access (data confidentiality).

British Language Centre Ltd. ensures the security of data processing with technical, organizational and organisational measures that provide a level of protection appropriate to the risks associated with data processing.

British Language Centre Ltd. maintains

confidentiality during data processing: it protects the information so that only those authorized to do so can access it;

integrity: it protects the accuracy and completeness of the information and the processing method;

availability: ensuring that the information requested is actually available to the authorized user when they need it and that the relevant tools are available.

British Language Centre Ltd. is protected against fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusions and denial-of-service attacks. The operator ensures security with server-level and application-level protection procedures.

We inform users that electronic messages transmitted over the Internet, regardless of the protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that lead to unfair activity, contract disputes, or the disclosure or modification of information. The service provider takes all reasonable precautions to protect against such threats. It monitors the systems in order to record all security deviations and provide evidence in the event of any security incident. System monitoring also allows for the verification of the effectiveness of the applied precautions.

Data of the data controller, contact details

Company name of the service provider: British Language Centre Kft.

Registered office of the service provider: 1087 – Budapest, Százados út 39-41.

Contact details of the service provider:

mailing address: 1095 – Budapest, Soroksári út 32-34, 6th floor of building E

telephone number: +36 30 864 1896, +36 1 783 2663

location, place of service: 1095 – Budapest, Soroksári út 32-34, 6th floor of building E

internet: www.blc.co.hu

Registration details of the service provider: Budapest Metropolitan Court as a Court of Commerce, Cg. 01-09-288452.

Legal remedies

The data subject may request information about the processing of his or her personal data, as well as request the correction of his or her personal data, or the deletion of his or her personal data, except for data processing prescribed by law, in the manner indicated when collecting the data, or at the contact details provided by the data controller. The data controller shall block the personal data if the data subject so requests or if it can be assumed that deletion would harm the legitimate interests of the data subject. Blocked personal data may only be processed as long as the purpose of the data processing that precluded the deletion of the personal data exists. The data controller shall delete the personal data if the data subject requests it, or the purpose of the data processing has ceased to exist, or if the statutory storage period for the data has expired, or a court or the National Authority for Data Protection and Freedom of Information has ordered deletion. The data controller has 30 days to delete, block or correct the personal data.

You can file a complaint with the National Data Protection and Freedom of Information Authority:

National Data Protection and Freedom of Information Authority

Headquarters: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.

Postal address: 1534 Budapest, P.O. Box: 834

Telephone: +36 (1) 391-1400

Telefax: +36 (1) 391-1410

E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.