Jádekör Tanácsadó és Szolgáltató Korlátolt Felelősségű Társaság (registered seat: 2060 Bicske, Bethlen Gábor u. 17., company registry number: 07-09-024604) (hereinafter referred to as “Service Provider”) is involved in the training and certification of trainers and coaches, as well as in personal, organizational and team development, in the course of which it processes the personal data of those using its services (hereinafter referred to as “Data Subjects”).
The purpose of this Privacy and Data Processing Policy (hereinafter referred to as “Policy”) is to set out the rules applied to the data processing carried out by Service Provider in the course of its activities, and to appropriately inform the Data Subjects thereof. Service Provider, as the data controller, undertakes to enforce the rights granted by the Act CXII of 2011, on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as the “Privacy Act”), as well as the General Data Protection Regulation 2016/679 of the EUROPEAN PARLIAMENT AND COUNCIL (EU) (April 27, 2016) (hereinafter referred to as: “GDPR”), and it shall ensure the compliance with the requirements pertaining to the processing of the personal data of the Data Subjects.
It is possible that the personal data of the Data Subjects are processed by Service Provider on various legal bases, including performance of a contract or compliance with statutory legal requirements. Service Provider shall inform the Data Subjects prior to processing their data, whether the data processing is voluntary or mandatory. In addition and upon request, Service Provider shall inform the Data Subjects about which of their personal data will be processed on what legal basis/bases and title/titles, in accordance with the detailed provisions of Section 2–4 of this Data Processing Policy.
Name: Jádekör Tanácsadó és Szolgáltató Korlátolt Felelősségű Társaság
Registered seat: 2060 Bicske, Bethlen Gábor u. 17.
Company registry number: 07-09-024604
Tax number: 24809425-2-07
E-mail: csigas.zoltan@processcommunication.hu or zoltan.csigas@innovators.hu Person to contact: Zoltán Gergely Csigás, general manager
Service Provider shall under no circumstances collect sensitive personal data, including genetic, biometric, health-related, and criminal data. Service Provider shall under no circumstances collect personal data from children under 16 years of age.
Service Provider shall inform the Data Subjects prior to processing their data, whether the data processing is voluntary or mandatory. In the case of mandatory data processing, the types of data to be processed, the purpose and conditions of the data processing, the recipients of the data, the period for which the personal data are processed, the intervals for reviewing the necessity of the processing, as well as the entity to carry out the processing are determined by the law or municipal decree ordering the data processing.
Within the organization of Service Provider, personal data may only be disclosed to General Manager Zoltán Gergely Csigás.
- name
- contact information: phone number and/or e-mail address - workplace
- personality profile reports (hereinafter referred to as “PPI Reports”) based on the Personality Pattern Inventory (PPI), exclusively in the case of “PCM Training and PCM
Coaching” services PPI Reports:
Where Service Provider provides PCM training and/or coaching to the Data Subjects, either in a group or individual settings, Service Provider shall create personality profile (PPI) reports using the Process Communication Model (PCM®) Personality Pattern Inventory software for and in close cooperation with the Data Subjects, with their express consent, and with the exclusive purpose to serve as a basis for the service to be provided by the Service Provider; these reports may not be used for any other purpose, and Service Provider is not entitled to disclose them to any third party under any circumstances. The creation of PPI Reports is automated, that is, no human intervention is involved in creating the profile after the answers to the questions are entered into the software. The PPI Reports are not considered to be sensitive data as determined in Section 3.3 of the Privacy Act.
The software used for creating the profile (Process Communication Model (PCM®) Profile) is the property of Kahler Communication Europe (Le Moulin Du Béchet, 27120 Croisy-Sur-Eure, France), so Kahler Communications Europe is involved in creating the profiles as a data processor. It shall receive the name of the Data Subject, the name and e-mail address of his or her employer, and the answers provided to the questions of the personality test. The created PPI Report will be available in / downloadable from this data processing system.
- personality profile reports based on the Mental Toughness Questionnaire (hereinafter referred to as “MTQ Reports”) exclusively in the case of the “Mental Toughness Assessment,” “Mental Toughness Coaching,” and “Mental Toughness Training” services (hereinafter together referred to as “MTQ Services”): MTQ Reports:
Where Service Provider provides MTQ Services to the Data Subjects, either in a group or individual setting, Service Provider shall create personality profile (MTQ) reports using MTQ questionnaires for and in close cooperation with the Data Subjects, with their express. consent, and with the exclusive purpose of serving as a basis for the service to be provided by the Service Provider; these reports may not be used for any other purpose, and Service Provider is not entitled to disclose them to any third party under any circumstances. The creation of MTQ Reports is automated, that is, no human intervention is involved in creating the profile after the answers to the questions are entered in the software. The MTQ Reports are not considered to be sensitive data as determined in Section 3.3 of the Privacy Act.
The MTQ questionnaires used for creating the profile are the properties of AQR International (Active Quality Recruitment Ltd. (The Meadows, Church Rd, Dodleston Chester CH4 9NG UNITED KINGDOM Co Reg No: 3392161), so AQR International is involved in creating the profiles as a data processor. It shall receive the name of the Data Subject, the name and e-mail address of his or her employer, as well as the answers provided to the questions of the personality test, and the created MTQ Report will be available in/downloadable from this data processing system.
The data provided by the Data Subjects
Service Provider is entitled to processing the personal data of the Data Subjects, on condition that their informed and express consent is given, for the purpose of fulfilling its obligations under the relevant service agreements, including providing development services, holding workshops, training, and coaching sessions.
The legal basis of the data processing by Service Provider is the freely given, informed, and written consent of the Data Subjects, in accordance with Section 6 (1) a) of the GDPR . Where the Data Subjects directly use and order the services of Service Provider, the Data Subjects consent in writing to the processing of their personal data in the service agreement or when ordering the service. Where Service Provider is not in a contractual relationship with the Data Subjects, but with their employers, and provides the service directly to these employers, the condition of providing the service is to receive the written consent of the employees, or natural persons, whose data are to be processed, to the processing of their personal data. The consent must always be freely given, express, informed and clearly affirmative.
Service Provider shall process the data processed in the course of providing the service until the consent of the Data Subject is withdrawn, or the contractual obligations are fulfilled. The early withdrawal of the consent, that is, withdrawal before the contractual obligations would have been fulfilled, makes the performance of the contract unfeasible.
The data received from the Data Subjects, or the employers of the Data Subjects, as contracting partners of the Service Provider.
To enter into contract with Service Provider and to facilitate communication during the contractual relationship.
The legal basis of the data processing by Service Provider is the fulfillment of the contractual obligations of the Service Provider, in accordance with Section 6 (1) b) of the GD.
A limitation period of 5 years following the termination of the agreements (see Act V of 2013 on the Hungarian Civil Code, Section 6:22).
The name, address, phone number, and e-mail address of the trainers and coaches receiving PCM Certification.
The data provided by the Data Subjects.
To provide PCM Certification and verifying its validity.
The legal basis of the data processing by Service Provider is consent of the Data Subject in accordance with Section 6 (1) a) of the GDPR.
A limitation period of 5 years following the termination of the PCM Certification (see Act V of 2013 on the Hungarian Civil Code, Section 6:22)
Service Provider operates and maintains the www.processcommunication.hu website, which serves as a platform to provide general information about the activities, services, and references of Service Provider to the users visiting the website. Except for the contact information form, no further data processing is carried out within the context of the website in any other form; that is, the owner does not check website traffic information, use cookies, or send out newsletters and marketing e-mails to the visitors of the website. The detailed policy of processing personal data related to the operation of the website is contained in the Privacy Statement available on the website.
Service Provider shall process the accounting documents (receipts and other proofs of payment, general ledger accounts, analytical and detailed records) pertaining to its service agreements, which contain the name, address and other legally required information of the client/payer, based on Section 169 of Act C of 2000 on Accounting (“Accounting Act”), while the receipts used by Service Provider for determining the tax and advance tax shall be processed in accordance with Section 78 of Act CL of 2017 on the Rules of Taxation (“Tax Rules Act”).
The legal basis of the data processing by Service Provider is the fulfillment of the legal obligations of Service Provider, in accordance with Section 6 (1) c) of the GDPR.
Data Subjects, as clients and persons making payments related to the service agreements.
Name and address, the subject-matter of the service, the amount of the fee, the means and time of payment, as well as other mandatory data to be included in the receipts as required by law.
As per the Accounting Act, Service Provider is obliged to process the data for 8 years from the date when the data were generated (Accounting Act, Section 169); based on the Tax Rules Act, Service Provider is obliged to process the data for five years from the last day of the calendar year when the calculated tax is due (Section 78).
Service Provider shall not employ, or use the services of further personnel, subcontractors, or other contributors, other than the data processors listed below; the personal data processed by the Service Provider are only accessible by the Service Provider.
Service Provider shall not transfer any personal data outside the area of the European Union under any circumstances. Service Provider shall involve the following data processors in the course of the data processing defined in Section 2 of this Policy:
Registered seat: Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Activity: could service provision
Transferred, processed data: The information contained in the cloud service used by Service Provider for data storage
Pertaining to all data processing of Service Provider
Address: Le Moulin Du Béchet, 27120 Croisy-sur-Eure, France
Activity: The operation of the framework software Process Communication Model
(PCM®) used for generating the PPI Reports, providing PCM Certification
Transferred, processed data: PPI Reports, names and e-mail addresses of PCM Certified
Trainers and Coaches
Address: 1089 Budapest, Rozgonyi utca 2
Activity: accounting services
Transferred, processed data: data necessary for accounting documents and tax returns, as well as for fulfilling record-retaining obligations.
Address: The Meadows, Church Rd, Dodleston Chester CH4 9NG UNITED KINGDOM
Activity: Operating the framework software of the Mental Toughness Questionnaire used for generating MTQ Reports
Transferred data: MTQ Reports.
Service Provider shall store the notes and the personal data generated in the course of providing the service in accordance with the way the data are generated: either in hard copy or a digital copy of the original document, or in digital format.
Service Provider undertakes to ensure the security of the personal data it processes, and to implement the technical and organizational measures required by legislation, as well as other privacy and confidentiality regulations. The data must be protected by appropriate measures, especially against unauthorized access, transformation, transfer, disclosure, deletion or destruction, accidental destruction or damage, as well as against becoming inaccessible due to changing the used technical solution.
Storage by electronic means: takes place in the online database operated by Google, as well as the personal computer and tablet used by Service Provider for providing the relevant service. To ensure the prevention of unauthorized access, Service Provider uses an information security system, so the data stored on the personal computer, the tablet and in the cloud may only be accessed by General.
Manager Zoltán Gergely Csigás, the designated contact person of Service Provider, in person, based on dedicated access rights for the purpose of carrying out his relevant tasks, and via unique entry codes (passwords).
Storage of paper copies: The data contained in paper documents are stored by Service Provider at its registered seat, under 2060 Bicske, Bethlen Gábor u. 17 in such a way that they are only accessible to General Manager Zoltán Gergely Csigás, the designated contact person of Service Provider.
With regard to their personal data processed by Service Provider and the data processors commissioned or ordered by Services Provider, the Data Subjects are entitled to the following:
a) to receive information about the facts pertaining to the data processing before the start of the data processing (“right to prior information”);
b) upon request, to obtain their personal data and all information related to their processing from the data controller (“right to access the data”);
c) upon request, as well as in the cases determined by the Privacy Act, to have their personal data rectified, or amended by Service Provider (“right to rectification”);
d) upon request, as well as in the cases determined by the Privacy Act, to have the processing of their personal data limited by Service Provider (“right to restriction”);
e) upon request, as well as in the cases determined by the Privacy Act, to have their personal data deleted by Service Provider (“right to deletion”).
Service Provider shall inform the Data Subjects about the data processing carried out by Service Provider or its data processors prior to or promptly after starting the data processing procedure, specifically about the purpose, legal basis, and duration of the data processing, the source of the processed personal data, the name and contact information of the data controller, the data processor, their contact persons and (where applicable) their privacy officers, its activities related to the data processing, about the circumstances, impact and the countermeasures taken related to any personal data breach, the rights of the Data Subjects and the methods for enforcing these, and where data transfer takes place, about the legal basis for and the recipient of the transfer of the Data Subject’s personal data, together with any other relevant circumstances. Service Provider may delay, limit, or disregard the Data Subjects’ right to prior information in the cases determined by the Privacy Act.
Upon request of the Data Subject, Service Provider shall provide information about whether the Data Subject’s personal data are processed by Service Provider, as the data controller, or by a data processor commissioned or ordered by Service Provider. If the personal data of the Data Subject are processed by Service Provider as data controller, or by a designated data processor, Service Provider shall provide the Data Subjects their personal data subject to data processing by Service Provider or a designated data processor, together with the following information: the source of the processed personal data; the purpose and legal basis of the data processing; the scope of the processed personal data; in case of transferring the processed data, the scope of recipients of the data transfer, including international organizations and recipients in third countries; the retention period applicable to the processed personal data; the considerations for determining this retention period; the rights of the Data Subject based on the Privacy Act and the means of enforcing these; where profile creation takes place, the fact of creating the profile; and the circumstances and impact of any personal data breach related to the processing of the Data Subject’s personal data, together with the applied countermeasures. Service Provider may limit, or disregard the Data Subjects’ right to access their personal data in the cases determined by the Privacy Act.
Specifically upon the request of the Data Subjects, Service Provider shall promptly correct or rectify the data processed by Service Provider or the designated data processors where they are inaccurate, incorrect or incomplete; also, where it is consistent with the purpose of the data processing, Service Provider shall supplement them with the additional personal data, or the statement pertaining to the processed personal data, provided by the Data Subject. Service Provider shall be released from this obligation, if the accurate, correct, or complete personal data are not at its disposal, and the Data Subject does not provide them either, or if the validity of the personal data provided by the Data Subject may not be established conclusively.
Service Provider shall restrict the data processing:
During the restriction of the data processing, the personal data affected by the restriction may only be subject to storage; other operations may be carried out on them solely for enforcing the legitimate interests of the Data Subject, or in accordance with the requirements of the relevant legislation, international contracts or the binding legal measures of the European Union. When the data processing restriction is terminated, Service Provider shall inform the Data Subject about the removal of the data processing restriction in advance.
Service Provider shall delete the personal data, if:
Request of deletion by Data Subject may only be applied to the data processed on the basis of Data Subject’s consent, and it does not concern the data subject to mandatory data processing ordered by legislation. Service Provider is entitled to process the personal data of Data Subjects following their request for deletion on the basis of Section 6 of the Privacy Act, where the processing of Data Subject’s data is necessary for fulfilling legal obligations of Service Provider, as data controller, or for enforcing its legitimate interests.
Data Subjects may send their requests related to the data processing, including the withdrawal of their consent to the data processing via e-mail to csigas.zoltan@processcommunication.hu or by mail to 2060 Bicske, Bethlen Gábor u. 17.
Based on the Privacy Act, Service Provider shall respond to all requests as soon as possible but within 25 days after receiving the request, in easily accessible and legible form, with concise, clear and plain content in writing, or if the request was submitted electronically, in an electronic format.
If the Data Subject submits a repeated request within the current year, related to the same scope of data, to enforce his or her rights specified in sections b) to e), and Service Provider or its data processor disregards the rectification and deletion of the personal data or the restriction of the data processing in a lawful manner, Service Provider may request the reimbursement of costs directly related to the repeated and unsubstantiated requests from the Data Subject. If it can be reasonably assumed that the person submitting the requests is not the same person as the Data Subject, Service Provider shall respond to the request only after the identity of the person submitting the requests was verified beyond reasonable doubt.
Where Service Provider deems the request of the Data Subject unsubstantiated and refuses to fulfill the request, it shall notify the Data Subject of this within 25 days from receiving the request in writing, or if the Data Subject consents, electronically, including the factual and legal reasons of the refusal, and the possible legal remedies.
In case the request of the Data Subject is refused by Service Provider, or the Data Subject believes that the data controller, or the data processor violates the legal requirements of the processing of personal data, based on the Privacy Act, the Data Subject is entitled to request an investigation procedure from the Hungarian National Authority for Data Protection and Freedom of Information, and he or she can also turn to the competent jurisdiction pertaining to his or her place of abode.
Name: Nemzeti Adatvédelmi és Információszabadság Hatóság (Hungarian National Authority for Data Protection and Freedom of Information)
Registered seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Website: http://www.naih.hu
Phone: +36.1.391.1400
Fax: +36.1.391.1410
E-mail: ugyfelszolgalat@naih.hu
Service Provider shall keep the following records electronically for the controllability of legal compliance and the notification of the Data Subjects, as required by the Privacy Act:
Includes the scope of the data affected by the data breach incident, the scope and number of the concerned Data Subjects, the date and time, the circumstances, and impacts of the incident, as well as the applied countermeasures.
Includes the date and time of the personal data processed by Service Provider, the legal basis for and the recipient of the data transfer, as well as the scope of the personal data transferred.
The fact of restricting or denying the Data Subject’s right to access by the data controller, together with the legal and factual grounds.
The data documented in the records and the electronic logbook must be retained for 10 years after the deletion of the processed data.
The conditions of the data processing may change over time, and Service Provider may decide at its discretion to include a new data processing purpose for the existing data processing, so Service Provider reserves the right to modify this Policy at any time. Service Provider is entitled to apply the revised Policy following its acceptance and taking effect to the existing legal relationships.
The issues not regulated in this Policy shall be governed by the provisions of the relevant legislation in force in Hungary, specifically the provisions of Act CXII of 2011, on the Right of Informational Self-Determination and on Freedom of Information (“Privacy Act”) and the General Data Protection Regulation 216/679 of the EUROPEAN PARLIAMENT AND COUNCIL (EU) (April 27, 2016) (“GDPR”).
In the event of any conflict or inconsistency between the original Hungarian version and the English translation, the Hungarian version of the Policy shall prevail.