Privacy Policy

INFORMATION ON DATA PROCESSING

(Course and camps-related data processed by Logiscool Kft.

 

1.        Names of Controllers

Name of Controller 1: Logiscool Kft.

Registered and mail address: H-1114 Budapest, Bartók Béla út 43-47 C/8.

Company Registration Number: 01 09 300066

Tax number: 23301890-2-43

E-mail: [email protected] 

Name of Controller 2 (also acting as the Processor): 

Schools of franchise network: www.logiscool.com/hu/schools

Website: www.logiscool.com  

Further information: [email protected] 

Name of hosting service provider: Microsoft Azure

Hosting service provider’s contact details:  https://azure.microsoft.com/  

Hosting service provider’s email: [email protected]

 

2.        Introduction

 

Logiscool Kft. (hereinafter: ‘Logiscool’, as the controller), as controller, expresses its consent to be bound by the legal provisions set out in this notice. It commits itself to comply with the requirements laid down in the effective laws with regard to any processing of data related to their activities.

Based on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (Regulation (EU) 2016/679 of the European Parliament and of the

Council of 27 April 2016, and repealing Directive 95/46/EC (hereinafter referred to as: ‘General

Data Protection Regulation’, ‘GDPR’) and Nigeria Data Protection Regulation (NDPR) 2019. LOGISCOOL shall keep record of and process course, camps and events applicants’ personal data in accordance with the applicable provisions of the law, until the expiry of their retention period as specified in this notice. LOGISCOOL is committed to the protection of the personal data of course, camps and events participants and respecting course, camps and events participants’ (hereinafter referred to as: ‘data subjects’ or ‘course participants’) right to self-determination concerning personal information is one of its key priorities. Personal data are processed lawfully, fairly and in a transparent manner in relation to the data subjects or their legal representatives, taking any and all data security, technical and organisational measures, via its organisational units, required in order to guarantee the appropriate level of data security. With a view to ensuring the above, the operational and development functions of security, data protection and IT systems within the enterprises are distinct and independent from each other.

The data protection guidelines and rules related to the processing of data by LOGISCOOL are continuously accessible on the registration form. LOGISCOOL reserves the right to update this information on data processing at any time. Any updates are communicated to the data subjects by publication on the website. Should you have any queries concerning this information, please write to us, and our staff members will respond to your message. Contact us by email at: [email protected] 

Below please find LOGISCOOL’s most important data processing principles concerning its activities related to the processing of personal data and the criteria and requirements set out by LOGISCOOL for itself as a data controller. Its data processing principles are in accordance with the privacy legislation of Europe and of the Franchise partner’s location, namely:

   REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE

COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive

95/46/EC (‘General Data Protection Regulation’ or ‘GDPR’) 

   Nigeria Data Protection Regulation (NDPR) 2019

 

3.              Definitions:

3.1.           ‘group of data’: The collective designation of data (i.e., the formalised representations of facts, concepts or commands, a fixed series of signals, communication by word of mouth or by technical means in order to be interpreted and processed. For the purposes of these Guidelines, texts, series of numerical data, facts, information, drafts, charts, images and figures drawn up in writing or by electronic means and stored on any data carrier) and scopes of data, normally on the basis of a filing function;

3.2.           ‘data file’: The entirety of data processed in a single file;

3.3.           ‘data carrier’: The physical appearance of data and the place where data are stored, including documents.

3.4.           ‘controller’: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State or OECD state law, the controller or the specific criteria for its nomination may be provided for by Union or Member State or OECD state law; 

3.5.           ‘processing’: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

3.6.           ‘restriction of processing’: the marking of stored personal data with the aim of limiting their processing in the future;

3.7.           ‘scope of data’: A specific list of data types. Business data that are functionally related in terms of their use, i.e., a set that can and should be processed on the basis of the same principle logically and the units in the set need more or less the same level of protection. (E.g.: invoices or cash transfer data);

3.8.           ‘data transmission’: the disclosure of data to a specific third party;

3.9.           ‘deletion of data’: making the data unrecognisable in a manner that they can no longer be restored;

3.10.        ‘marking of data’: attaching an identification mark to the data in order to distinguish it from other data;

3.11.        ‘destruction of data’: The complete physical destruction of the data carrier where the data are stored;

3.12.        ‘data processing’: carrying out technical activities in connection with processing operations, regardless of the method and means applied to such operations and of the place of their application, provided that such technical activities are carried out on the data;

3.13.        ‘processor’: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; 

3.14.        ‘personal data breach’: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

3.15.        ‘pseudonymisation’: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

3.16.        ‘anonymisation’: a technical procedure to ensure that the possibility of restoring the link between the data subjects and their data is finally precluded;  

3.17.        ‘cookie’: the information file (usually a plain text file) transmitted to users’ hard drives through their browsers, capable of unambiguously identifying users on their next visit to the site;

3.18.        ‘direct marketing activity’:  the entirety of information activities and supplementary services carried out by directly contacting people in order to offer products or services or to forward advertisements to the persons concerned, or to provide information to consumers, trade partners or to promote business deals (purchases);

3.19.        ‘data concerning health’: personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;

3.20.        ‘data subject’ / ‘customer’ / ‘consumer’: any natural person, identified or directly or indirectly identifiable on the basis of their personal data;

3.21.        ‘third party’: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data; 

3.22.        ‘third country’: any country other than EEA Member States and Nigeria;

3.23.        ‘consent’: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. With the exception of consenting to the processing of sensitive data, no formal requirements exist as to the manner consent is granted, i.e., consent may be given by an explicit statement or by implicit conduct; however, the consent must be verifiable in all cases;

3.24.        ‘publication’: the disclosure of data to any person;

3.25.        ‘IP address’: in any network where communication is based on a TCP / IP protocol, the servers are assigned an IP address, i.e., an identification number, which enables the identification of the server through the network. Each computer connected to the Web has an IP address on the basis of which it can be identified;

3.26.        ‘sensitive data’:

(a)            personal data concerning a person’s racial or national origin, political opinion or party affiliation, religious or other ideological views, membership in any interest organisation or sex life,

(b)           personal data concerning a person’s health condition, pathological addictions and criminal personal data;

3.27.      National Information Technology Development Agency (the ‘Authority’);

3.28.      ‘profiling’: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;  

3.29.      ‘owner of personal data’: With regard to the personal data processed by a specific organisation or organisational unit, the head of the organisational unit concerned; in the case of franchise partners, the manager of the company, responsible for the processing of all personal data processed by his or her organisation or organisational unit in accordance with these Guidelines (‘data owner’). Where a decision concerning personal data processed by an IT system must be made in the competence of the data owner, the owner of personal data shall make such decision in agreement with Logiscool Kft’s manager as the senior data owner;

3.30.      ‘personal data’: any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

3.31.      ‘cross-border processing’: (a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of the European Union where the controller or processor is established in more than one Member State; or (b) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the European Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

3.32.      ‘personal identification data’:  the data subjects’ last and first names, their name given at birth, their mothers’ names and their place and date of birth;

3.33.      ‘protest’: a statement by data subjects, in which they object to the processing of their personal data and request the termination of processing and the deletion of processed data;

3.34.      ‘prohibition list’:  a register of the Logiscool and home address data of data subjects who prohibited or, despite prior request by the direct marketing entity, refused to consent to the use of their personal data for communication or inclusion in a marketing list or prohibited the further processing of such data for such purposes;

3.35.      ‘marketing list’:  a list drawn up in order to establish and maintain communication with a view to advertising, only including the customer’s name, place of residence, gender, place and date of birth, information concerning the customer’s fields of interest and marital status;

3.36.      ‘enterprise’: Logiscool Master Franchise Partner or Logiscool Franchise Partner, a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;

3.37.      ‘group of undertakings’: a controlling undertaking and its controlled undertakings.

 

4.        Rules and principles of processing

 

4.1.     Personal data shall be:

processed lawfully, fairly and in a manner that is transparent to the data subject

(‘lawfulness, fairness and transparency’);

       collected for specified, explicit and legitimate purposes, (‘purpose limitation’);

       adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

       accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

       kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’);

       processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

Logiscool, as a controller, shall be responsible for, and able to demonstrate compliance with the foregoing (‘accountability’).

 

4.2.         Each phase of the processing should comply with the intended purpose and, where the purpose of processing no longer exists or processing is against the law for any other reason, the data shall be deleted. Any personal data shall be processed by LOGISCOOL only to the extent of the data subject’s prior consent and to the extent such processing is required by the law, a mandate based on the law and the legal obligation of the controller. Prior to recording the data, LOGISCOOL shall, in all cases, notify the data subject of the purpose of and the grounds for processing, the data concerned and the retention period.

4.3.         LOGISCOOL personnel carrying out processing at LOGISCOOL’s organisational units and the employees of entities involved in processing, i.e., carrying out any processing operation on LOGISCOOL’s behalf shall keep the personal data disclosed to them as confidential business information. The persons involved in the processing of, and having access to, personal data shall make a statement of confidentiality.  If any person subject to these Guidelines become aware that any personal data processed by LOGISCOOL are defective, deficient or not up-to-date, they shall rectify such data or request their rectification with the staff member in charge of recording the data.

4.4.         The privacy obligations binding on natural persons and incorporated and unincorporated entities carrying out data processing on LOGISCOOL’s behalf shall be enforced in the contract for services entered into with the processor. No personal data shall be transferred to controllers or data processors carrying out such processing activity in a third country unless the data subject has explicitly consented to the transferring of personal data or if the conditions for processing, stipulated above, meet, and the appropriate level of protection of personal data is guaranteed during the processing of data in such third country. 

The transferring of data to EEA States shall be treated as if the data were transferred within the territory of European Union. 

4.5.         Processing related to LOGISCOOL’s operation is based primarily on voluntary consent. In certain cases, however, the processing, storage and transferring of certain data are required by the applicable provisions of the law.

4.6.         Taking LOGISCOOL’s characteristics into account, LOGISCOOL’s managing director shall determine the internal organisation of data protection and the functions and competences regarding data protection and the related activities and appoint the person in charge of the supervision of processing. During their work, LOGISCOOL personnel shall make sure that no unauthorised persons have access to personal data, and that the personal data are stored and placed in a manner to prevent unauthorised persons from accessing, getting to know, altering or destroying such personal data. 

LOGISCOOL’s internal data protection system shall be supervised by the managing director through the data security officer appointed or instructed by him.

4.7.         The development and implementation of this privacy policy is in accordance with the recommendations of National Information Technology Development Agency (NITDA), NDPR and with the Article 5 of GDPR, in particular regarding the principle of accountability in Article 5 (2).

 

5.    Processing of data during LOGISCOOL’s courses, camps and events

 

Place of processing: Logiscool Kft’s proprietary CRM customer database.

 

5.1. Scope of personal data and the purpose, ground and duration of processing

5.1.1. Data of visitors to the website (www.LOGISCOOL.com) 

LOGISCOOL’s website is accessible to anyone, without revealing his or her identity or personal data; anyone may freely obtain information on the website and the pages linked to the website without any restriction. 

However, the website automatically collects information not linked to specific persons, without restrictions. 

Designation of processing

Data of visitors to the website

Purpose

During visitors’ visits to the website, visitors’ data are recorded by the service provider in order to monitor the functioning of services, to facilitate and enhance website functions and the provision of custom-tailored services and to prevent any abuse.

Ground

The data subject’s consent.

The data subject’s consent is granted, with respect to specific processing activities, through the use of the website, registration and the voluntary provision of the data concerned.

Data subjects

Users of the website, guest customers and registered customers.

Description of data

Identification number, date, time of day, the address of the visited page, the address of the page previously visited on the www.logiscool.com website, data related to the user’s operating system and browser, the operating system used and the IP address of the user’s computer, without the final section.

Source of data

Website.

Duration of processing

The extract of the IP address of the user’s computer is deleted on the end of the visit.

The type and recipient of transferred data and the ground for transferring data

no data are transferred

The controller’s name and address

Logiscool

The processor’s name and address

Hosting service provider.

Physical place of processing

www.logiscool.com  

Physical place of processing

Microsoft Azure cloud provider

Microsoft Ireland Operations Ltd, One

Microsoft Place, South County Business Park,

Leopardstown, Dublin 18, D18 P521, Ireland 

Processing-related    activities         by             the processor

Hosting service and cloud provider

Type of the processing technology employed

Using an IT system.

The personal data of visitors to the website are not stored and they are not added by LOGISCOOL to any other data source.  When your visit has ended, your IP address is immediately deleted from the www.logiscool.com website.

5.1.2. Management of cookies on the website 

Anonymous ‘cookies’ are files or pieces of information stored on your computer (or other Internetcompatible devices, including your smartphone or tablet) when you visit the LOGISCOOL website. 

Cookies normally specify the name of the website, their own ‘lifetime’, i.e., the length of time they are stored on the device and their value, which is usually a unique, randomly generated number.  The LOGISCOOL.com website uses cookies in order to ensure a personalised user experience. Each time you enter the page, the website will send cookies to your computer and will access such cookies. 

On the LOGISCOOL.com website, cookies are used at various locations in order to provide a more user-friendly, more efficient and more secure service.

The cookies are suitable for producing anonymous aggregated statistics which help us understand the way people use the LOGISCOOL pages, enabling us to improve the structure and content of such pages. The information shared, however, is insufficient for personally identifying visitors.

In accordance with LOGISCOOL’s security policy, the cookies are protected against unauthorised access by third parties.

Designation of processing

Managing website cookies

Purpose

To identify users, distinguish users, identify the actual session by users, store the data entered during such session, prevent data losses, tracking users, involving user identification and to display customised offers using the data recorded during each visit.

Ground

Voluntary consent by the data subject.

Data subjects

Customers and visitors.

Description of data

Identifier, time, date.

Source of data

Use of website.

Duration of processing

Until the end of visiting the website.

The type and recipient of transferred data and the ground for transferring data

For detailed information, see the Legal Notice of the website.

The controller’s name and address

Logiscool

The processor’s name and address

Hosting service provider.

Physical place of processing

www.logiscool.com  

Physical place of processing

Microsoft Azure cloud provider

Microsoft Ireland Operations Ltd, One

Microsoft Place, South County Business Park,

Leopardstown, Dublin 18, D18 P521, Ireland 

Processing-related    activities         by             the processor

Hosting service and cloud provider

Type of employed

the

processing

technology

Using an IT system.

 

By default, most Internet browsers are set up to accept cookies. You can change these settings by blocking cookies and you can request a warning any time cookies are set up on the device used. There are various ways to manage cookies.

Please check your browser information or the Help page if you want to find out more about browser settings and how to change them. 

The ‘Help’ function in the menu bar of most browsers will explain to you how to set your browser to prevent it from authorizing cookies or how to accept new cookies and how to instruct your browser to set a new cookie or to disable other cookies. LOGISCOOL’s detailed cookie table:

Type of cookie

Grounds for processing

Purpose of processing

Duration of processing

Type of processed data

Session cookies

Compliance with

NDPR

obligations (*)

Ensuring the proper functioning of the website

Until the end of the respective visitor session

connect.sid

User setting cookies

Your consent

The individual setting of the website user

regarding the language of

the website

         14 days

lang

Cloud Flare Security

Your consent

Ensuring the proper functioning of the

website (for details,

click)

1 year

__cfduid

Google Analytics

Your consent

Information is collected regarding the manner our visitors use the website

2 year

2 year

10 minutes

6 months

__utma

_ga

_gat

__utmz

For the details of each cookie, click

Facebook integration cookies

Your consent

Cookies required for the

Facebook integration of the site; controller:

Facebook.

Varies (3 months – 2 years)

act, c_user, csm,

datr, fr, lu, sb, xs, presence

Zendesk Chat

Your consent

Operating the Live Chat service (for trainers only) For details, click: 

1 year

1 year

__zlcprivacy __zlcmid

 

5.1.3. Processing the personal data of course, camp and events applicants (setting up the student database)

The courses, camps and events of LOGISCOOL can only be applied through the LOGISCOOL website. 

On application, the data subjects or their legal representatives enter the applicant’s personal data and, by providing such data, they consent to the Enterprise using and processing such data for the courses, camps and events and subsequently, if the child remains a student. 

LOGISCOOL does not verify any personal data disclosed to it. The data subject disclosing the data shall be exclusively liable for the compliance of the data concerned. On entering the email address of any customer, the customer shall be responsible for ensuring that no other users will use the service from the email address specified. That responsibility considered; the customer having registered a specific email address shall be solely liable for log-ins with such email address. Where customers enter data other than their personal data, they shall obtain the consent of the data subject. 

LOGISCOOL processes personal data in order to achieve goals related to guarantee rights concerning the service sold, the clearing of accounts, managing service-related complaints and marketing goals. 

Therefore, the processing of personal data includes in particular the consent of data subjects and ensures that all data provided by the data subjects are suitable for processing, including in particular data for their notification (by phone and/or email) of new services of potential interest to the data subjects.

Designation of processing

Processing the personal data of course, camp or event applicants

Purpose

Application on the LOGISCOOL website, issuing invoices, registration of and distinguishing between customers, delivering orders, documenting purchases and payments, compliance with accounting liabilities, communication with customers, analysis of customer patterns, more targeted services, following up on data subjects, providing direct marketing information, information on the latest news and offers.

Ground

Voluntary consent by the data subject (Article 6. section 1(a) of GDPR), where local regulation determines, the ground for processing is Article 6. section 1 (c.) and section 2 of GDPR, and NDPR 

Data subjects

Applicants through the website

Description of data

Parent’s or guardian’s data: name, email address, phone number

Data of data subject/student: name, nickname, age, date and place of birth, School address, District, name of School, programming experience, any additional information, providing special

information, e.g. allergy, other habits, medication,  the data of brothers and sisters for discounts, method of payment, billing address, swimming level, name and contact details of accompanying person 

 

Source of data

Data subjects and their legal representatives.

Duration of processing

For direct marketing-related consents, until the withdrawal of consent by the user.

For inclusion in the customer database: until the dissolution of LOGISCOOL,

For the deletion of data from the prohibition list: until the dissolution of LOGISCOOL,

The type and recipient of transferred data and the ground for transferring data

 

The controller’s name and address

Logiscool

The processor’s name and address

Hosting service provider and Franchise partner https://www.logiscool.com/hu/schools

 

Physical place of processing

www.logiscool.com  

Physical place of processing

Microsoft Azure cloud provider

Microsoft Ireland Operations Ltd, One Microsoft

Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland  and name and address of the franchise partner: https://www.logiscool.com/hu/schools

Processing-related activities by the processor

Hosting service provider, cloud provider and franchise partner

Type of the processing technology employed

Using an IT system.

 

Transfer of data:  https://www.logiscool.com/hu/schools ( Franchise partners’ contact details) Grounds for the transfer of data: voluntary consent by the data subject.

 

5.1.4. Newsletter

LOGISCOOL distributes a regular newsletter on its activities to persons subscribing to such newsletter. 

The option to subscribe to the newsletter is available on the LOGISCOOL website.  

 

Designation of processing

Newsletter

Purpose

Forwarding electronic messages (emails, text messages and push messages) with advertising content to data subjects, providing information on the latest news, products, promotions, new functions etc.

Ground

Voluntary consent by the data subject (Article 6. section 1(a) of GDPR), where local regulation determines, the ground for processing is Article 6. section 1 (c.) and section 2 of GDPR, and NDPR

Data subjects

Subscribers to the newsletter.

Description of data

Email address, Logiscool (last and first names)  and consent to direct marketing communications.

Source of data

Subscribers to the newsletter.

Duration of processing

Until the withdrawal of consent by the user but, if the user has been included in the customer database, by no means longer than until the dissolution of LOGISCOOL; for the deletion of data from the prohibition list: until the dissolution of LOGISCOOL.

The type and recipient of transferred data and the ground for transferring data

 

 

The controller’s name and address

Logiscool

The processor’s name and address

Hosting service provider and franchise partner https://www.logiscool.com/hu/schools

Physical place of processing

www.logiscool.com  

Physical place of processing

Microsoft Azure cloud provider

Microsoft Ireland Operations Ltd, One Microsoft

Place, South County Business Park, Leopardstown,

Dublin 18, D18 P521, Ireland 

Processing-related activities by the processor

Hosting service provider, cloud provider and franchise partner

https://www.logiscool.com/hu/schools

Type of the processing technology employed

Using an IT system.

 

Data subjects may unsubscribe from the newsletter at any time, free of charge.

The withdrawal of consent to the forwarding of direct marketing communications and the deletion or modification of personal data may be requested at the following addresses:

-      in an email addressed to [email protected], and

-      by a letter addressed to H-1114 Budapest, Bartók Béla út 43-47 C/8.

 

5.2.     Contacting LOGISCOOL 

5.2.1. LOGISCOOL Customer Service

Should you have any queries during your application, you can contact the controller at the addresses specified in this notice and on the website or at the addresses and by completing the form under the ‘Contact us’ menu item on the LOGISCOOL website.

 

 

5.2.2. Managing quality complaints

Designation of processing

Managing quality complaints

Purpose

Managing any complaints, queries and problems raised in connection with the LOGISCOOL services ordered.

Ground

Voluntary consent by the data subject (GDPR Article 6. section 1(a)) and legitimate interest (GDPR Article 6. section 1(f)), where local regulation determines, the ground for processing is

Article 6. section 1 (c.) and section 2 of GDPRNDPR.

Data subjects

course, camp and other event applicants

Description of data

Name, address, phone number, e-mail address, account number, description of complaint, name of supplier, date of order, name of the service concerned, invoice number and the description of the request.

Source of data

Data subject

Duration of processing

Copies of the recorded complaint, the transcript, email and the reply email: in accordance with NDPR.

The type and recipient of transferred data and the ground for transferring data

 

The controller’s name and address

Logiscool

The processor’s name and address

Hosting service provider, cloud provider and franchise partner

https://www.logiscool.com/hu/schools

The processor’s name and address

Microsoft Azure cloud provider

Physical place of processing

www.logiscool.com  

Physical place of processing

Microsoft Azure cloud provider

Microsoft Ireland Operations Ltd, One Microsoft

Place, South County Business Park, Leopardstown,

Dublin 18, D18 P521, Ireland 

Processing-related activities by the processor

Hosting service provider, franchise partner.

 

Type of the processing technology employed

Using an IT system and manually, on paper.

 

 Based on our position it is within the legitimate interest of the applicant, to be able to contact LOGISCOOL’s customer service regarding quality complaints, hereby assisting LOGISCOOL in managing administrative duties and helping the investigation of possible complaints. In order to provide attentive service to customers it is within LOGISCOOL’s legitimate interest to familiarize with the personal data (contact information) previously provided to customer service. In consideration with the beforementioned both the data controller and the subjects have legitimate interest in the data processing, therefore if perhaps the data recording occurred in the absence of voluntary consent, LOGISCOOL’s data controlling can be regarded as necessary and proportionate taking all circumstances into consideration.

 

5.2.3. Other types of processing

Information on the types of processing not listed in this notice are provided on the recording of the data concerned.

Please note that the courts, criminal investigation authorities, administrative authorities empowered by law, the National Information Technology Development Agency and, under a legislative mandate, other bodies may request the controller to provide information, disclose or transmit data and to make available documents.

To the authorities not specifically listed above, where the authority has specified the exact purpose of its data request and the type of data required, any personal data will only be disclosed by LOGISCOOL to the extent that is absolutely necessary in order to achieve the objective of the request.

 

6.        Storing personal data and the security of processing

 

LOGISCOOL’s information technology systems and other personal data storage locations are to be found at Logiscool’s headquarters and other hosting providers, such as:

       Our virtual servers are running through the cloud services of Microsoft Azure. You can read Microsoft’s privacy policy here (in English)

       Our database services are provided by MongoDB Atlas. You can find the MongoDB, Inc.’s privacy policy here (in English)

       For sending out our newsletters we are using Mailchimp, for which we use Your name and e-mail address (if you have subscribed to our newsletter). You can find the privacy policy of Mailchimp, Inc. if you click here (in English)

       The instant chat support service that is available on our site is provided by tawk.to. You can read the privacy policy of tawk.to here.

       If our webpage is not functioning properly in Your browser, we are notified with the help of trackjs.com. You can access the privacy policy of trackjs.com if you click here.

       We are collecting the statistics regarding our webpage usage with the help of Google Analytics. The operations of Google Analytics are regulated by Google’s own privacy policy, you can read more here.

 

The controller shall plan and carry out all processing operations in a manner to ensure the protection of the privacy of data subjects. At LOGISCOOL, the data are protected by means of suitable measures against unauthorised access, alteration, transmission, publication, deletion or destruction, damage and accidental loss, and to ensure that stored data cannot be rendered inaccessible due to any modification to the technology employed. Within their sphere of competence, data processors must implement adequate safeguards and appropriate technical and organisational measures to protect personal data, as well as adequate rules of procedure to enforce the provisions of the Information Act and other rules governing the protection of data and confidential information.

With a view to protecting the data files electronically processed in various records, LOGISCOOL provides an adequate technical solution in order to ensure that the data stored in such records should not be linked with each other or to the data subject unless such links are permitted by the law.

During the automated processing of personal data, data controllers and processors shall implement additional measures designed to:

  prevent the unauthorised entry of data;

  prevent the use of automated data-processing systems by unauthorised persons using data communication equipment;

  ensure that it is possible to verify and establish to which bodies personal data have been or may be transmitted or made available using data communication equipment;

  ensure that it is possible to verify and establish which personal data have been entered into automated data-processing systems and when and by whom the data were entered;

  ensure that the systems installed can be recovered in the event of a service disruption and  that any errors during automated processing are reported.

When taking the measures in order to protect data, controllers and processors must take into consideration the actual state of technology. Where alternative solutions are available for the processing of data, the selected solution must ensure the most efficient protection of personal data unless it would entail disproportionate difficulties for the controller.

The info communication system and network of LOGISCOOL and its partners are protected against computer hacking, fraud, espionage, intrusion, sabotage, vandalism, fire and flood, computer viruses and attacks resulting in the refusal to perform services. The operator will ensure security by providing adequate protective measures.

Please note that, regardless of protocol (email, web, ftp etc.), online electronic messages are vulnerable against network threats potentially resulting in fraudulent practices, disputing the provisions of the contract or the disclosure of, or tampering with, information. The controller shall take all reasonable precautionary actions in order to prevent such threats. It shall monitor the systems in order to record any security breaches and to provide evidence regarding any security incidents. 

Moreover, the monitoring of systems also enables the verification of the efficiency of precautions.

 

7.        Legal remedies

7.1.     Requests for information 

According to GDPR, data subjects may request information concerning the processing of their personal data, and within legally specified cases may request the correction, deletion, locking or of their personal data and may protest against the processing of those personal data. The information request and the requests defined previously in this section may be addressed to the contact information of the Data controller mentioned in Section 2. of this document.  

At the request of the data subject, LOGISCOOL, as the controller, shall provide information on the relevant data processed by it or by its processors, on the source of such data, the purpose, legal basis and duration of processing, the name and address of the processor and its activities related to processing and, where the data are transferred, on the legal basis of such transfer and the recipient of data.

The controller shall, as soon as possible from submission of the request but within no more than 30 days, provide written information, in easily accessible language, relevant to the request submitted by the data subject. This deadline can be prolonged by two months if the nature of the request, as well as the number of requests justifies the need. The subject needs to be notified with specification of the reasons regarding the prolongation of the deadline by LOGISCOOL within one month from the receiving.

Information shall be provided free of charge, if the subject’s request is obviously unsubstantiated or – especially due to its recurring nature – excessive, LOGISCOOL charges a reasonable fee – based on the requested information or provision of information or the administrative costs of the requested action – or refuses the action based on the request.  

In exceptional cases, if LOGISCOOL has reasonable doubts regarding the identity of the natural person submitting the request, additional personal data may be requested to confirm the identity. This measure is defined within the GDPR Article 5 (1)(f) section, due to the facilitation of data processing confidentiality, that is the prevention of unauthorized access to personal data.

 

7.2.      Legal remedies regarding the processing of personal data

LOGISCOOL shall rectify or correct any incorrect personal data if the correct personal data are available. LOGISCOOL – based on the request of the subject – restricts the data processing, if the accuracy of the data is arguable, or if the data processing is illicit, or if the Subject is objecting to the data processing, as well as if the Data controller is henceforth not in need of the information.  LOGISCOOL shall delete the personal data, if LOGISCOOL does not need the data processing, or if the Subject withdraws his/her consent, or objects to the data processing, or if the data processing is illicit. A period of 30 days is available to the controller for the deletion or correction of personal data.  If the controller refuses to comply with the data subject’s request for the correction, locking or deletion of personal data, it shall notify the data subject of the reasons for such dismissal in writing within 30 days.

LOGISCOOL is aiming to notify all data controllers, who have or could have been in contact with the possibly publicized data. 

The subjects can receive their own personal data previously provided by them in an articulated, widely used, computer-legible format, and they can transmit such data it to another data processor. LOGISCOOL is notifying the subject, as well as all recipients with which and whom the information could have been shared, about all correction, deletion and data processing restriction, except if it seems impossible or if it requires disproportionately large effort. LOGISCOOL is providing information about the recipients if the subject requests it.  

No notification shall be sent if, considering the purpose of processing, it does not prejudice the legitimate interests of the data subject.

Where the data subject disagrees with the decision made by LOGISCOOL, it may seek redress from the court within 30 days of the communication of such decision. The court will act with urgency in the matter.

 

7.3.       Lodging a protest

Data subjects are entitled to protest against the processing of their personal data based on GDPR Article 6 section (1) e) or f) relating to reasons due to their personal situation, including the profiling based on the abovementioned section. In this case LOGISCOOL is not allowed to process the personal data onwards, except if it is demonstrated that the data processing is verified by compelling legitimate reasons, that takes priority up against the interests, rights and independence of the subjects, or if they are connected to the proposing, validation or protection of legal demands. The protest shall be reviewed by LOGISCOOL as soon as possible but no later than within 15 days; where the protest is found to be valid, it shall adopt a decision, informing the applicant thereof in writing. 

Where the controller has established that the protest lodged by the data subject is valid, it shall terminate processing, including any further recording or transmission of data and notify any parties to whom the personal data concerned by the protest were previously transmitted and to the parties obliged to take action in order to enforce the right to lodge protests.

Where the data subject has requested the deletion of his/her data stored for the purposes of customer management, LOGISCOOL shall terminate the data. The termination of processing means the destruction or anonymisation of data or, in the event of direct marketing, the data subject does not want to cooperate with LOGISCOOL, it shall also involve inclusion in the prohibition list. On the basis of the above, LOGISCOOL keeps a prohibition list on the Logiscool and home address data of the data subjects who have requested the termination of processing their data for the purpose in question or have not consented to such processing despite the prior request by the direct marketing entity or, following the receipt of data, they exercised their right to bar data with the register of personal data and home addresses.

The purpose of the prohibition list is to ensure that the data of data subjects included in the list should not be repeatedly received, disclosed to third parties or added to any other communication or direct marketing lists. The data subjects on the prohibition list may not be requested to consent to the sending of direct marketing messages and no advertising messages may be sent to such data subjects unless the prohibition is restricted to a specific purpose. 

The data in the prohibition list will be used by LOGISCOOL to the extent necessary for ensuring compliance with the statutory requirements, it will not be linked to other data files, disclosed or used for any other purpose; LOGISCOOL shall enable data subjects to exercise their rights provided for in these Guidelines.

Where the data subject disagrees with the controller’s decision, it may seek redress from the court within 30 days of the communication of such decision. 

LOGISCOOL may not delete the data of the data subject where processing has been provided for by the law. However, the data may not be transferred to the recipient if the controller has approved of the protest or if the court has ascertained that the protest is valid.

If the rights of the data subject have been breached, it may seek redress from the court against the controller. The court will act with urgency in the matter.

The protection of personal data is highly important to LOGISCOOL, in addition respects the subject’s right to self-determination, therefore aims to react to all requests correctly and within the deadline. With regard to this in the case of possible conflicts LOGISCOOL is asking the subjects of making a contact – for making a complaint – prior to magisterial or judicial claim enforcement in order to settle a dispute with LOGISCOOL by peaceful means.

The controller shall be exempted from its responsibility if the damage occurred for reasons beyond its control. The controller will not reimburse the damage and no damages may be claimed if the damage or the invasion of the data subject’s privacy were due to wilful or grossly negligent conduct by the data subject.

Should you have any comments regarding the processing of data by LOGISCOOL, please contact our data protection officer: emails should be addressed to Gabriella Tánczos-Székely at [email protected].

 

7.4.   Requests for legal remedy or complaints should be submitted to NITDA:

 

NITDA Registered address: No. 28, Port Harcourt Crescent, Off Gimbiya Street, P.M.B 564, Area 11, Garki, Abuja, Nigeria.

South-South Zonal  address: ICT Centre Opposite Pleasure Park, Aba Road, Port Harcourt, Rivers State.

Phone: +2348168401851, +2340752420189 Fax: 

Email: [email protected]

Website: www.nitda.gov.ng  

7.4.1. Judicial proceedings

For legal enforcement in accordance with local law, contact your local court.

 

7.4.2. Compensation and damages

Where the controller causes damage to other persons through the unlawful processing of the data of the data subject or by breaching the requirements of data security, it shall compensate such other persons for the damage.

The damage need not be reimbursed, and no damages shall be claimed if the damage or the invasion of the data subject’s privacy were due to wilful or grossly negligent conduct by the data subject.

 

8. Miscellaneous

If LOGISCOOL wishes to use the provided data for different than the originally specified reasons, LOGISCOOL informs the subjects and acquires previously specific consent, or provides the possibility of prohibition of usage.

LOGISCOOL requires itself to take care of the security of the data, as well as taking required technical steps to ensure the protection of all recorded, saved, and processed data, and the best effort in order to prevent the elimination, illicit usage and illicit alteration. On Logiscool webpage https protocol is used with higher data security level than http protocol. 

LOGISCOOL keeps record of all the data privacy activities that are within its responsibility (Data processing activities record) based on GDPR Article 30. 

Data privacy incidents are the damages to security, where the processed privacy data is accidentally or illicitly destroyed, lost, altered, illicitly communicated or lead to unauthorized access. In case of data privacy incidents LOGISCOOL is proceeding based on GDPR Article 33 and 34. LOGISCOOL keeps record of all data privacy incidents, indicating all relevant facts, their effects and the measures taken to remedy the incident.

LOGISCOOL is entitled to modify this agreement unilaterally at any time. LOGISCOOL informs the subjects about the changes on its website surface. Following the changes, the updated Terms of Use must be specifically accepted on the webpage and on the given manner to be able to use the website.

 

LOGISCOOL Kft.