Jūsu grozs ir tukšsPirkt
This privacy statement discloses how Mozaik Education Ltd. (hereinafter Company) manages, transfers and processes data.
The normative definitions used in this privacy statement are contained in Article 4 of the Regulation.
Accordingly, we list the main definitions:
1. 'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2. 'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated shall mean, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. 'restriction of processing' means the marking of stored personal data with the aim of limiting their processing in the future;
4. 'profiling' means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
5. 'pseudonymisation' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
6. 'filing system' means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
7. 'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
8. 'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
9. 'recipient' means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
10. 'third party' means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
11. 'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
12. 'personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
13. 'user' means a natural person who registers to or visits any of the Company's homepages (www.mozaik.info.hu, www.mozaweb.hu, www.mozaweb.com, www.mozanaplo.hu, www.mozalog.com, verseny.mozaik.info.hu, www.intellisense.education, www.labcamera.com, www.intellisen.se, www.fizikaapp.com, www.matekapp.com, www.cutnlearn.com.).
The purpose of the privacy statement is to inform the persons involved in the data management about all the facts related to the handling of the data, in particular the purpose and legal basis of the data processing, the data controller and the person authorized for data processing, the duration of the data handling, and who may be familiar with the data.
This privacy statement is issued by the Controller:
Company name: MOZAIK EDUCATION LTD.
Headquarters: 6720 Szeged, Somogyi utca 19.
Company registration nr: 06-09-001610
TAX number: 10701180-2-06
Phone number: +36 62 470 101
Fax: +36 62 554 666
Websites: www.mozaik.info.hu, www.mozaweb.hu, www.mozaweb.com, www.mozanaplo.hu, www.mozalog.com, verseny.mozaik.info.hu, www.intellisense.education, www.labcamera.com, www.intellisen.se, www.fizikaapp.com, www.matekapp.com, www.cutnlearn.com,
This privacy statement is available on the websites (www.mozaik.info.hu/privacy, www.mozaweb.hu/privacy, www.mozaweb.com/privacy, www.mozanaplo.hu/privacy, www.mozalog.com/privacy, verseny.mozaik.info.hu/privacy, www.intellisense.education/privacy, www.labcamera.com/privacy, www.intellisen.se/privacy, www.fizikaapp.com/privacy, www.matekapp.com/privacy, www.cutnlearn.com/privacy) of the Company.
The Company reserves the right to unilaterally modify this privacy statement any time. By continuing to use the service, the users acknowledge the modification of the data management rules, and there is no need to request their further consent.
'Processor' shall mean a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; (Article 4 (8) of Regulation)
The use of a processor does not require the prior consent of the users of our services, but users have to be informed about it. Data processors handle the personal data provided by the Company in accordance with the provisions of their respective privacy policies, on which further information can be found on the data processor's website. Accordingly, we provide the following information:
To maintain and manage its website, our company has contracted with a processor, which provides IT services (hosting, application development, application management), and manages the personal data provided on the website, for the duration of the contract; thus this processor manages the personal data on the website and stores these data on its servers. The name and data of this processor are:
Name of company: Zengo Kft.
Headquarters: 6724 Szeged, Kossuth Lajos sgt. 72.
Company registration nr: 06-09-010660
TAX number: 13748742-2-06
Phone number: +36 62 202 039
Email address: firstname.lastname@example.org
To fulfill its tax and accounting obligations, our company uses an accounting outsourcing service provider, which manages the personal data of our contractual partners and paying agents. The name and data of this processor is:
Name of company: IMOSOFT KFT.
Headquarters: 6720 Szeged, Somogyi utca 19.
Company registration nr: 06-09-000295
TAX number: 10326996-2-06
Phone number: +36 62 470 101
Email address: email@example.com
These processors receive the personal data (name, address and phone number) of our customers in order that they deliver the orders our customers have placed.
These service providers are:
Name of company: Magyar Posta Zrt.
Headquarters: 1138 Budapest, Dunavirág u. 2-6.
Company registration nr: 01-10-042463
TAX number: 10901232-2-44
Phone number: +36 30 771 1802
Cégnév: GLS General Logistics Systems Hungary Kft.
Székhely: 2351 Alsónémedi, GLS Európa u. 2.
Company registration nr: 13-09-111755
TAX number: 12369410-2-44
Telefonszám: +36 29 886 600
Cégnév: DPD Hungária Kft.
Székhely: 1158 Budapest, Késmárk utca 14. B. ép.
Company registration nr: 01-09-888141
TAX number: 13034283-2-42
Telefonszám: +36 1 501 6200
E-mail cím: firstname.lastname@example.org
This processor receives the personal data (name, address and bank account number) of our customers who have outstanding debts and uses these data for handling the non-executed payments.
Name: Hevesi Ügyvédi Iroda
Headquarters: 6720 Szeged, Somogyi u. 6., III./2.
Phone number/ Fax: +36 62 450 018
Email address: email@example.com
This processor receives the personal data (name, address, bank account number) of our customers in case of product return. This processor uses these data for transferring the purchase price electronically to our customers.
Name of company: Raiffeisen Bank
Headquarters: Szeged, Széchenyi tér 15.
Phone number: +36 80 488 588
Email address: www.raiffeisen.hu/kapcsolat/e-mail
The processors listed below receive personal data (order ID, order amount, the list of products that have been ordered) required for payment processing when an electronic payment or payment by card occurs in our Company's webshop.
Name of company: PayPal (Europe) S.à r.l.
Headquarters: 22–24 Boulevard Royal, L-2449 Luxembourg RCS Luxembourg B 118 349
(1) Based on the performance of the contract, the Company manages the name, name at birth, date of birth, address, e-mail address, bank account number, client number (customer number, order number), and online ID of a natural person that is a customer or supplier under contract with the Company for the purpose of entering into, performing, and terminating a contract, as well as offering a contract discount. Data processing shall be considered lawful even if processing is necessary in order to take steps at the request of the data subject prior to entering into a contract. The recipients of the personal data are the customer service representatives, accountants, and processors of the Company.
(2) Duration of the processing of personal data: 5 years after the termination of the contract.
(3) Data processing is based on the performance of the contract.
(4) Personal data of the data subject are transferred to the processor.
(1) Personal data processed: name, address, phone number e-mail address and online identifier of the natural person.
(2) Purpose of data processing: Provision of the contract signed with the legal person partner of the Company; business communication; legal basis: consent of the data subject.
(3) Recipients or categories of recipients of the personal data: employees of the Company performing customer service and trade related tasks.
(4) Period for which the personal data will be stored: 5 years after the end of the business relationship or after the data subject stops acting as representative.
(2) Our Company's website stores and processes the following data of the visitor's online session and the device from which the browser was opened:
(3) Allowing or enabling cookies is not strictly necessary. You can change your browser settings to block cookies or to notify you when a website sends you cookies. By default, most browsers allow cookies, but this setting can be changed to prevent your browser from automatically allowing cookies and to prompt for cookies.
You may find further information on how to manage your cookie settings for the browser that you use from the following list:
Please be aware that if you disable cookies, certain sections or features of our website may not work.
(4) Cookies in themselves do not identify the individual user.
(5) Cookies used on the website of the Company:
1. Session cookies
These cookies are necessary to allow visitors to browse the website, to effectively and fully utilise its features and services that are available through the website. Such services include the storing of information about the actions performed by the visitor while browsing the website. These cookies only last as long as the visitor's online session, and disappear from the computer or device when the browser is closed.
Data processed: PHPSESSID, _ga, _gat, _gid, acceptcookie, fbm_397595856934649, language, mozaweb_desktop, socket_room.
The legal basis for data processing is Article 13/A(3) of Act CVIII of 2001 on certain issues of electronic commerce services and information services.
Purpose of data processing: ensure the proper functioning of the website.
2. Persistent cookies:
Such cookies enable the Company to store the user's site preferences. The visitor may prohibit the data processing at any time before the use of the service and during the use of the service. These data cannot be linked to the identifier of the user and cannot be transferred to a third party without the user's consent.
2.1. Functional cookies:
2.2. Performance cookies:
(1) A natural person registering for the accredited training of the Company shall enter his or her data by filling in a paper-based application form.
(2) Personal data processed: name; place of birth; date of birth; mother's name; address; e-mail address; phone number; the title and date of entering into and termination of the training contract; OM (Ministry of Education) number of the educational institution; the core public education task providing a basis for the training contract; data concerning work schedules of training; expected date of termination of studies.
(3) On the basis of the 277/1997 Government Decree on teacher further training, teachers' post-graduate professional examination, and on the allowances and benefits of further training participants, the Company shall process the natural person identification data of registrants for the accredited trainings for the purpose of making, amending and monitoring the contract for the provision of the Company's accredited training and thereof for the purpose of charging fees and validating credit points. Furthermore, the Company shall process the phone number, e-mail address and online identifier of registrants and participants on the basis of the consent of the aforementioned persons.
(4) The legal basis for data processing is the 277/1997 Government Decree on teacher further training, teachers' post-graduate professional examination, and on the allowances and benefits of further training participants.
(5) Recipients or categories of recipients of the personal data: employees of the Company performing customer service and training related tasks; employees of the IT provider (processor) of the Company performing hosting related tasks.
(6) Period for which the personal data will be stored: 7 years after the provision of the service.
(7) A natural person registering for the non-accredited training of the Company shall enter his or her data by filling in an online application form.
(8) Personal data processed: name; place of birth; date of birth; address; e-mail address; phone number; date of training; name, address and OM (Ministry of Education) number of the educational institution he or she is employed by; the core public education task providing a basis for their training contract; qualification; data concerning work schedules of training (place, date, name of the training programme).
(9) On the basis of the 277/1997 Government Decree on teacher further training, teachers' post-graduate professional examination, and on the allowances and benefits of further training participants, the Company shall process the natural person identification data of registrants for the non-accredited trainings for the purpose of making, amending and monitoring the contract for the provision of the Company's non-accredited training and thereof for the purpose of charging fees and validating credit points. Furthermore, the Company shall process the phone number, e-mail address and online identifier of registrants and participants on the basis of the consent of the aforementioned persons.
(10) The legal basis for data processing is the 277/1997 Government Decree on teacher further training, teachers' post-graduate professional examination, and on the allowances and benefits of further training participants.
(11) Recipients or categories of recipients of the personal data: employees of the Company performing customer service and training related tasks; employees of the IT provider (processor) of the Company performing hosting related tasks.
(12) Period for which the personal data will be stored: 7 years after the provision of the service.
(1) A natural person registering on any of the websites or in any of the applications of the Company (mozaBook for Windows, mozaBook app, mozaik3D app) can give his or her consent to the processing of his or her personal data by checking the relevant box or clicking the appropriate button.
(2) Personal data processed: natural person's name (first name, surname), nickname, address (billing address, shipping address), country, date of birth, e-mail address, phone number, online identifier; name of educational institution, ID of the educational institution, address of the educational institution; natural person's position in the educational institution, class, social network identifier.
(3) Purpose of processing personal data:
(4) The legal basis for data processing is the consent of the data subject.
(5) If the user links his or her Facebook/Google/Office365/Vkontakte account to his or her user account registered on the Company's websites at his or her discretion, the Company may therefore process the following personal data of the user in addition to the aforementioned personal data: Facebook/Google/Office365/Vkontakte profile name, Facebook/Google/Office365/Vkontakte profile URL, Facebook/Google/Office365/Vkontakte profile ID.
(6) Recipients or categories of recipients of the personal data: employees of the Company performing customer service and marketing related tasks; employees of the IT provider (processor) of the Company performing customer service related tasks.
(7) Period for which the personal data will be stored: until the data subject is registered at the website or uses a particular service, or until the data subject withdraws his or her consent (application for revocation).
(8) The controller shall not inspect the personal data provided. The data subject is solely responsible for the genuinity of the data provided. By providing their e-mail address, all users take responsibility for not sharing the provided email address with others for the purpose of using services. The user registering the e-mail address shall bear all responsibility regarding login with the provided email address.
(9) Data recorded during the operation of the system: data of the user's computer that are generated during the course of using a particular service and which are recorded as an automatic result of the technical processes by the controller. The system shall automatically record data that is to be recorded automatically upon login and log out without the user's prior consent or action. Other users of these data – excluding mandatory cases – cannot be connected to personal data. The data are only accessible by the controller.
(10) The Company deletes the personal data of users after 24 months of inactivity.
(1) Any natural person registering for the newsletter on Company's website(s) may consent to the management of personal data by marking the relevant square or clicking the appropriate button. The individual concerned can unsubscribe from aforementioned newsletter anytime either by clicking the “Unsubscribe” button, or by providing a written statement in letter form or via e-mail, which indicates retraction of consent. If so, Company deletes all data of unsubscribing individual. Company does not pass on said data to any Third Part, those are to be used exclusively for the regular delivery of the newsletter or the written information regarding the newsletter.
(2) Personal data processed: natural person's name (surname, first name), e-mail address
(3) The purpose of managing personal data:
1. Sending newsletters regarding Company's products and services
2. Sending promotional material
(4) Legal basis for data management: consent of individual concerned.
(5) Recipients of personal data, recipient categories: Company's customer service employees, members of Company's marketing team, and Company's IT provider tasked with hosting services as data processor,
(6) Duration of personal data storage: until the continuation of the newsletter service, or the retraction of consent (application for revocation).
(1) Company upholds social media sites for the introduction and promotion of its products and services.
(2) Questions posed and inquiries made on Company's social media sites does not constitute an official complaint.
(3) The personal data shared by visitors on Company's social media sites is not managed by Company.
(5) Upon publication of illicit or offensive content, Company is entitled to withdraw subject's membership or delete comment made by subject without prior notice.
(6) Company is not accountable for any content or comment infringing legislation shared by users of social media site. Company is not liable for any error, malfunction, or issue due to changes in system operation on social media site.
(1) Keeping in line with the regulations on electronic commercial services and section 13/A of Act 108 of 2001 on information society services, as well as Decree 45/2014 detailing the provisions on contracts between consumer and undertaking, purchase of items from Company's webshop constitute a contract. In the event of purchase from Company's webshop, the legal basis for data management is the contract.
(2) Based on subsection (1) of section 13/A of Act 108 of 2001, Company is entitled to manage the personal identification data and address of natural persons who register and/or make a purchase in the webshop in accordance with the regulations on the formation, content specification, alteration, and execution of contracts regarding information society services, for the purpose of billing and exercise any legal claims, as well as the subject's telephone number, e-mail address, bank account number, and online ID, consent being the legal basis.
(3) In the event of information society services rendered, Company is entitled to manage the personal identification data and address of natural persons as well as the date, duration, and location of the usage of services for billing purposes based on subsection (2) of section 13/A of Act 108 of 2001.
(4) Recipients of personal data, recipient categories: Company's customer service employees, members of Company's marketing team, Company's employees responsible for tax and accounting as data processors in connection with the fulfillment of taxation and accounting obligations, Company's IT provider tasked with hosting services as data processor, and employees of the courier with regards to the delivery information (name, address, telephone number).
(5) Duration of the management of personal data: until the continuation of registration / service or the the retraction of consent (application for revocation); in the event of purchase, for 5 years following purchase.
(1) If the Company runs a prize draw (Section 23 of the Act XXXIV of 1991), it may process the name, address, phone number, e-mail address and online identifier of the data subject with his or her consent. Participation in the prize draw is voluntary.
(2) Purpose of personal data processing: deciding and contacting the winner, sending the prize. The legal basis for the data processing is the consent of the data subject.
(3) Recipients or categories of recipients of the personal data: employees of the Company performing customer service and training related tasks; employees of the IT provider (processor) of the Company performing hosting related tasks, employees of the courier company.
(4) Period for which the personal data will be stored: 6 months after the end of the prize draw.
(1) Unless otherwise provided by specific other legislation, advertisements may be conveyed to natural persons by way of direct contact (hereinafter referred to as “direct marketing”), such as through electronic mail or equivalent individual communications - subject to the exception set out in Act XLVIII of 2008 -, only upon the express prior consent of the person to whom the advertisement is addressed.
(2) The personal data that can be processed by the Company for advertising purposes include the name, address, email address and online identifier of natural persons.
(3) The purpose of personal data processing is to perform direct marketing activities related to the Company's activity, i.e. sending advertising brochures, newsletters, current offers in printed (via post) or electronic form (via email) regularly or periodically to the addresses specified at registration.
(4) The legal basis for data processing is the consent of data subjects.
(5) The recipients or the categories of recipients of personal data are: The Company's employees involved in customer service, employees of the IT provider (processor) of the Company performing hosting related tasks, and employees of the Post Office in case of postal delivery.
(6) Personal data will be retained until the withdrawal of consent.
(1) In order to fulfill its statutory tax and accounting obligations (accounting, taxation), the Company processes the statutory data of natural persons acting as its customers and suppliers. According to sections 169 and 202 of Act CXXVII of 2007 on the value added tax the data to be processed are: tax number, name, address, tax status. According to Section 167 of Act C of 2000 on Accounting the data to be processed are: name, address, name of the person or body ordering the economic transaction, signatures of persons effecting payment and verifying execution, as well as, depending on the organization, the signature of the inspector; in documents of movements of inventories and liquid assets receipts, the signature of the recipient, and the signature of payer in counter-receipts. According to Act CXVII of 1995 on Personal Income Tax the data to be processed are the following: entrepreneur's licence number, tax identification code.
(2) The personal data will be retained for 8 years after the end of the legal relationship.
(3) The recipients of personal data are the Company's employees performing tasks related to taxation, accounting, payroll accounting, social security and the Company's processors.
(1) In compliance with the legal obligations of the Company, in order to prevent and combat money laundering and terrorist financing, the company processes the personal data of its customers, their representatives and of beneficial owners defined in Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (AML/CTF Act): a) surname and forename b) surname and forename by birth, c) nationality, d) date and place of birth e) mother's birth name f) home address, or habitual address in the absence thereof, g) number and type of identification document; official document suitable for identification purposes and official address card, copy of these documents. (Section 7).
(2) The recipients of personal data: the Company's employees involved in customer service, the Company's chief executive, the person designated by the company according to the AML/CTF Act.
(3) or a period of eight years after the end of the business relationship or after the date of carrying out the transaction order. (AML/CTF Act § 56 (2))
Data processing, web-hosting services
Internet portal services
(1) The Company as Processor guarantees – with regards to competency, trustworthyness and resources in particular – that it will carry out the technical and organisational measures ensuring the fulfilment of the Regulation's requirements, including the safety of processing.
(2) Processor ensures that during its activities the people who are entitled to have access to the personal data concerned – if they are otherwise not under any corresponding secrecy obligation prescribed by law – undertake secrecy obligations with regards to the personal data they have learned.
(3) The Company possesses appropriate hardware and software infrastructure. It undertakes the obligation to carry out the technical and organisational measures that are suitable to ensure the legality of processing and the rights protection of the concerned individuals.
(4) The Company possesses the legal and technical conditions to communicate with state organisations.
(5) Our Company undertakes to share all information with controller clients that is needed to verify being compliant with legal provisions applicable to the use of a processor,.
(1) Controller is entitled to verify with Processor the fulfilment of the contractual activities.
(2) Controller bears the responsibility for the legality of the instructions in connection with obligations prescribed by the contract, at the same time, Processor is obligated to immediately inform Controller if the instructions or the fulfilment thereof is against regulations.
(3) Controller is obliged to inform the data subjects about the processing of their date in accordance with this contract, if obtaining their consent is required by law.
1. Right of direction: Processor' handles all data in accordance with the written instructions of the Controller.
2. Confidentiality: In the Processor's activities, it ensures that persons authorised to access the personal data concerned, if they are not otherwise subject to a legally enforceable confidentiality rule, have a confidentiality obligation with respect to the personal data they have access to.
3. Data Security: The Controller shall endeavor to take all reasonable measures to ensure the security of the computer systems it uses, in particular to prevent unauthorised access to the data stored on the site.
To ensure the privacy of your personal information, we have taken the following measures:
4. Use of further Processor: the Processor undertakes to use additional processors only in compliance with the conditions set out in the Regulation and in Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information. In this contract, the Controller entrusts the Processor with a general authorisation to use a further Processor (as subcontractor).
5. Co-operation with Controller:
a) Our Company, as Processor, assists the Controller with all appropriate means in supporting the implementation of the rights of the concerned individuals and in fulfilling its obligations related to this activity.
b) Our Company, as Processor, assists the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 taking into account the nature of processing and the information available to the processor.
c) Our Company, as Processor, makes available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 (Processor) of Regulation and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller. With regard to this point, the processor shall immediately inform the controller if, in its opinion, an instruction infringes the Regulation or other Union or Member State data protection provisions.
(1) The Company enters into contract with the payer for the data processing activity of mozaLog.
(2) In connection with the mozaLog service, the Company performs data processing activities. The processing of data in the school administration system of the Company is considered data processing.
(3) The personal data provided by the data subject may be accessed by authorised personnel of the Controller, typically an educational or educational institution. Data processing and data transfer in educational establishments must comply with the Regulation, Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, and Act CXC of 2011. on National Public Education.
(4) The head teacher of the institution shall be liable for the controlling activities of the institution. The institution may authorise any employee under contract to exercise the powers of the Controller.
(5) The Controller entrusts to the Company the operation of the mozaLog system and the associated data processing tasks on the basis of legal regulations or by contract. In the case of state educational institutions, the Klebelsberg Centre is designated to perform the aforementioned tasks in accordance with Section 5(2)(20) of the Government Decree 134/2016 (VI. 10.) on bodies functioning as operators in respect of the provision of public education duties. In the case of non-state educational institutions (e.g. church, foundation or private educational institutions), data processing is performed under the service contract concluded with the Company.
(6) The Controller may ask a processor other than the Processor to perform tasks related to development, maintenance, system monitoring, system operation, customer service.
(7) The Processor shall not make any substantive decision on data processing and shall process the data of a natural person solely in accordance with the provisions of the Controller and not for its own use. Furthermore, the Processor shall store and retain personal data in accordance with the provisions of the Controller or the Act.
(8) The scope of the data of a natural person handled during data processing:
The child or student's following data:
Data regarding the child's or student's:
Data regarding the student's training contract, with special attention to
The Company shall only transfer data concerning teachers, students, guardians or users that is prescribed by law. The data can be transferred to the Court, the Police, the Public Prosecutor's Office, the Municipality, State Administration and the National Security Service.
The data processed by the Publisher can be stored in the following formats:
The records can be processed in printed form or in a computerised way.
The Company's homepage may be visited by all, free of charge, without providing any personal detail. Certain parts of the homepage may be visited without registration and the services provided are free of charge. Other parts of the homepage need registration.
During the registration process – voluntarily, without a legal obligation – the user must provide information that is considered personal data.
The Company as controller processes and stores the data subjects' data in accordance with the Regulation and Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information. The Company shall only process and store data for which it has a legitimate legal basis.
The Company shall store and safeguard personal data disclosed to them during the registration process or during the use of the Company websites or any of the Company's products and shall not under any circumstances transfer it to a third party – without previous and explicit consent of the data subject – unless prescribed mandatory by law.
If the data subject shall not wish to provide personal information, they shall not attempt to register.
The data subject may request information on processing of their personal data and may request correction or deletion of their data.
The homepage stores the IP address of the data subject's computer, the time and content of their browsing activity and what link they navigated to the homepage from.
With the prior consent of the user, the company creates a personal profile for him or her in order to enhance user experience as well as to provide the user with more personalised service and offers. By analyzing these data the Company shall find out what service or content is used, how often it is used and the extent they are used for.
The IP addresses only serve statistical purpose, the Company shall not link these to personal data.
The Company collects the following information regarding the usage of the Company's websites, the services running on those, or other digital products (e.g. mozaBook, mozaik3D app, mozaBook app)
The Company operates several smartphone applications (eg. mozaBook app, mozaik 3D viewer, etc.) that enable users to browse and consume digital content and read e-books supplied by the Company on their smartphones and tablets.
The Company collects the following data of the users' habits of using the applications:
Data recorded during the operation of the system: data of the user's computer that are generated during the course of using a particular service and which are recorded as an automatic result of the technical processes by the controller. The system shall automatically record data that is to be recorded automatically upon login and log out without the user's prior consent or action. Other users of these data – excluding mandatory cases – cannot be connected to personal data. The data are only accessible by the controller.
The data relating to ways of use shall under any circumstances be connected to the personal data of users running the application.
The data subject shall have the right to be informed of the requirements and conditions of the processing of personal data prior to the collecting and processing of is or her personal data. Further details are available in Articles 13 and 14 of the Regulation.
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information described in the Regulation. Further details are available in Article 15 of the Regulation.
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. Further details are available in Article 16 of the Regulation.
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where any of the grounds described in the Regulation applies. Further details are available in Article 17 of the Regulation.
The data subject shall have the right to obtain from the controller restriction of processing where any of the grounds described in the Regulation applies. Further details are available in Article 18 of the Regulation.
The controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it. Further details are available in Article 19 of the Regulation.
According to the terms of the Regulation, the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. Further details are available in Article 20 of the Regulation.
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller) or (f) (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.) of Article 6 (1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Further details are available in Article 21 of the Regulation.
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. Further details are available in Article 22 of the Regulation.
The data subject (user) may expressly consent to the use of his or her personal data in the registration interface or in the profile data site for statistical purposes in order to establish his or her individual student profile or teacher profile. The profile allows the user to receive personalized content, assignments, etc. from the Company based on the user’s interest, study or qualification.
The data subject shall have the right to obtain from the Company restriction of processing when accuracy of the personal data is contested by the data subject. In this case, the restriction is valid for a period enabling the controller to verify the accuracy of the personal data. The Company marks the data contested by the data subject, but whose correctness or accuracy has not been been clearly demonstrated. The data subject shall also obtain from the Company restriction of processing when the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead. The data subject shall also obtain from the Company restriction of processing when the Company no longer needs the personal data for the purposes of the processing, but the data are required by the data subject for the establishment, exercise or defence of legal claims. The detailed rules are set out in Article 23 of the Regulation.
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay. Further details are available in Article 34 of the Regulation.
Every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation. Further details are available in Article 77 of the Regulation.
Each natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them or when the supervisory authority does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged. Further details are available in Article 77 of the Regulation
each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation. Further details are available in Article 79 of the Regulation.
(1) The controller shall inform the data subject about the measures taken in response to his/her request for the exercise of his rights without undue delay, but no later than one month after the receipt of the request.
(2) If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended for two more months. The Controller shall inform the data subject about the extension of the deadline and indicate the reason for the delay within a month of the receipt of the request.
(3) If the data subject has submitted the request electronically, the answer shall, as far as possible, be provided electronically, unless otherwise requested by the data subject.
(4) If the Controller fails to take action upon the request of the data subject, it shall inform the data subject without delay and no later than one month after the receipt of the request about the reasons of non-action and that he or she may submit the request to a supervisory authority [Hungarian National Authority for Data Protection and Freedom of Information, 1125 Budapest, Szilágyi Erzsébet fasor 22/C.; phone number: +36-1+391-1400; fax: +36-1-391-1410; email: firstname.lastname@example.org] and request legal redress.
(5) The Controller shall provide information pursuant to Articles 13 and 14 of the Regulation and information on the rights of the data subjects (Articles 15 to 22 and 34 of the Regulation), as well as take action free of charge. If the request is clearly unfounded or excessive, especially due to repeated submission, the Controller, depending on the nature of the requested information or action may
a) charge a fee, or
b) refuse to take action.
The burden of proof of the clearly unfounded or excessive nature of the claim shall be borne by the Controller.
(6) If the Controller has well-founded doubts about the identity of the natural person submitting the request, he may request further information necessary to confirm the identity of the data subject.
11 March 2020