Data privacy

Data privacy

The Data Management Guide of the Budapest Institute of Banking Zrt.

The Budapest Institute of Banking Zrt. as the operator of website www.bib-edu.hu (‘website’) herewith publishes its data privacy, data mamangement principles, and expresses its consent to be bound by these principles.

Data of the data controller

The data controller is the Budapest Institute of Banking Zrt. As the operator of the website. (‘Data controller’).

Registered Office: H-1054 Budapest, Szabadság tér 7.; Platinum tower. Building I. 4th floor.

Represented by: Gergely Fábián, CEO

E-mail address: info@bib-edu.hu

Telephone number: (06-1) 429-6780,

Data controller registration number: NAIH-132531/2017

The data controller is responsible for the elaboration of this Data Management Guide (‘Guide’), the compliance and control of its content, and the implementation of the required changes. The up-to-date version of the Guide shall be available on the Website at any time.

1. Data that may be provided through the website

1.1 Registration sub-page
The registration of the person using the website (‘User’) is required to make full use of the Website’s services. When filling out the registration form, the following data is required:

          Contact data:

  • Surname*
  • First name*
  • Place of birth*
  • Date of birth*
  • E-mail address*
  • Confirmation of e-mail address*
  • Password*
  • Confirmation of password *


Data marked with an * are mandatory.

1.2 Group/company registration

In case of a Mass Registration by the Employer, the Employer shall obtain the consent of the Users intended to be registered with regard to the transfer and use of their personal data by the Data Controller. The Data Controller is not obliged the check the existence of such a consent.

While carrying out the mass registration, the person acting on behalf of the employer shall enter the following data:

  • Surname*
  • First name*
  • Position*
  • Employer’s name: *
  • Registered Office *
  • Tax number*
  • Phone no.*
  • E-mail address*

Data marked with an * are mandatory.

In case of the persons to be registered, the following data is required:

  • Surname*
  • First name*
  • Date of birth
  • E-mail address*

Data marked with an * are mandatory.

1.3 Application for courses

In case of applying for a Course on the Website, the following data are also required:

  • Birth name*
  • Mother’s name*
  • Sex*
  • Citizenship*
  • Permanent residence*
  • Temporary residence* (if applicable)
  • Phone no.*

If the registered person is not a Hungarian citizen then

  • Purpose of residence in Hungary*
  • Name of document or record entitling for residence*
  • Number of document or record*

Data marked with an * are mandatory.

1.4  By subscribing to a newsletter

The User has the opportunity to exclusively subscribe to the newsletter of the Budapest Institute of Banking Zrt. on a separate dedicated Website interface.

In order to subscribe to the newsletter, the following personal data shall be entered (data marked with an * are mandatory):

  • Name*
  • E-mail address*

1.5 Contact sub-page

The personal data sent together with the message to e-mail address info@bib-edu.hu which contains the questions concerning the information available on the Website.

1.6 Career sub-page

Personal data provided in the short motivational letter, professional CV and the electronic mail containing these information and sent to e-mail address info@bib-edu.hu for the purposes of applying for a job advertisement available on the Website.

2. The purpose and duration of data processing

The Data Controller shall use the data for the provision of services available on the Website, in particular for the following purposes:

  • registration;
  • newsletter;
  • contact, the primary goal of which is the provision of adequate information to Users, the efficient and rapid management of potentially arising technical problems and forwarding of system message related to the service;
  • the transfer of the information related to courses, performance of tasks related to organisation and communication, provision of information concerning days of lectures and exams, and, in case of accredited courses, the implementation of legal regulations.
  • applying for a job advertisement announced by the Company, and, in case of additional consent, the retaining of data for further contact in case of future job opportunities.
  • With regard to the registration, the Data Controller shall process the personal data until the withdrawal of consent for data processing by the User, or, in the absence of such consent, for a maximum period of 20 years after the registration.

The Data Controller shall manage the data for the period while the purpose of data processing persists, in particular for sending newsletters or in relation to application for the job advertisements on the career sub-page, until the date when the User requests the erasure of his/her data or withdraws his/her consent.

3. The legal basis for processing personal data

The Users consent to their personal data being processed by the Data Controller by registering on the Website for full access, or by finalising the Registration, or by accepting this Guide. The processing of personal data is based on the voluntary consent of the User given in light of this Guide.

By subscribing to the newsletter, the Users give their express and unambiguous prior consent for the Data Controller to send marketing mails and process their personal data in this regard.

By applying for a job advertisement, as well sending enquiries through the contact details indicated on the contact sub-page, the Users give their consent for the Data Controller to process their data. The processing of personal data is based on the voluntary consent of the User given in light of this Guide.
In certain cases the management, storage and transfer of certain data is required under legislation; the persons concerned will be separately notified of this fact each time.
The Users may only submit their own personal data on the Website. In case they do not submit their own personal data, it is the obligation of the reporting person to obtain the consent of the person concerned.

4. Persons entitled to be informed of personal data

Only the Data Controller is entitled to have direct information on the personal data.

The Budapest Institute of Banking Zrt. undertakes to take all appropriate technical measures for the secure storage of Users’ data. The Data Controller shall process the information resulting from the provision of data defined under point 1 with the utmost care, in a strictly confidential manner. The administrators of Data Controller hold different permissions concerning data processing: certain administrators have full permission, while others only have limited access and permission.

5. Data transfer

By accepting this Data Privacy Guide, Users take note of the Company’s data privacy principles and give their express consent for the Data Controller and the service providers under direct contract with the Data Controller to transfer their data made available on the Website. The transferred data may exclusively be used by all concerned parties for the purposes of performing their contractual tasks; the concerned parties are not entitled to store data for further use or transfer data to third persons in any forms. The purpose of data transfer: tailor-made service provision to Users, the optimisation of services provided by Data Controller’s partners, the performance of contractual tasks of Data Controller. The stored data are not disclosed to other third parties, except in the cases provided for by law (e.g. in the context of criminal proceedings) or for the purposes of performing the contractual tasks of the Budapest Institute of Banking Zrt.

The Data Controller transfers data to the following partners:
Name: OTP Mobil Kft.
Registered address: H-1093 Budapest, Közraktár u. 30-32.
Court of registration administering the company register: Court of Registry of the Metropolitan Court of Budapest
Company reg. No.: 01-09-174466
Tax number: 24386106-2-43
The scope of transferred data: surname, first name, country, phone no., e-mail address.
The purpose of data transfer: customer service support to users, confirmation of transactions and fraud monitoring performed in the interest of Users.
Name: Adiuto Fortis Kft.
Registered address: H-1013 Budapest, Attila út 49.
Court of registration administering the company register: Court of Registry of the Metropolitan Court of Budapest
Company reg. No.: 01-09-896248
Tax number: 14266014-2-41

The scope of transferred data: surname, first name, address.

The purpose of data transfer: accounting services provided for by law, performed for the Users in relation to the invoicing process.

Name: KBOSS.hu Kft.
Registered address: H-1031 Budapest, Záhony utca 7.
Court of registration administering the company register: Court of Registry of the Metropolitan Court of Budapest
Company reg. No.: 01-09-303201
Tax number: 13421739-2-41
The scope of transferred data: surname, first name, address.
The purpose of data transfer: invoicing activity for Users after the application for specific courses.

Data transfer abroad

The Data Controller may transfer data to data controllers performing data management in third countries or data processors performing data processing in third countries in case the persons concerned gave their express consent, or the conditions set out in Section 5 and 6 of the Information Act are met (the legal basis for data management), and – with the exception of the case under Sub-section (2) of Section 6 – the adequate level of protection of personal data is guaranteed during the management and processing of transferred data in the third country.

The adequate level of protection of personal data is guaranteed if the binding legal act of the European Union states that there is an international treaty in force between the third country and Hungary with regard to enforcing the rights under Section 14 of the Information Act, ensuring the right of appeal, as well as there is an international treaty in force dealing with the guarantee arrangements concerning the independent control of data management and data processing. The Data Controller shall transfer data to third countries for the purposes of implementing the international treaty on international legal assistance, tax-information exchange and the avoidance of double taxation, as well as for the purposes and under the conditions and within the scope determined in international treaties. The data transfer to EEA countries should be regarded as if it were a data transfer within the territory of Hungary.

6. Data and contacts of the Data Processor

The Data Controller make use of the services of the Createam Reklámügynökség Kft. as data processor and hosting service provider (registered address: H-1026 Budapest, Harangvirág utca 5. II/3., company registration no.: 01-09-368725, tax number: 12026104-2-41) while managing the data.

7. Users’ rights

Upon request of the User, the Data Controller shall provide information on the personal data managed, the source thereof, the purpose of data management, the legal basis and duration thereof, as well as – in case of data transfer of data from persons concerned – the legal basis and recipients of data transfer. Information may be requested by e-mail at e-mail address info@bib-edu.hu and by regular mail at the following postal address: Budapest Institute of Banking Zrt. H-1054 Budapest, Szabadság tér 7.; in both cases the personal identity and mailing address should be indicated. The Data Controller shall reply in writing not later than fifteen (15) days after receiving the request.

The Users shall be entitled to request the rectification of their data (indicating the correct data) also at the e-mail address info@bib-edu.hu, or at the postal address H-1054 Budapest, Szabadság tér 7.; in both cases the personal identity and mailing address should be indicated. The Data Controller shall immediately rectify the data in its register and inform in writing the persons concerned that the rectification has taken place.

In addition to the above, the Users may any time request the erasure or blocking of their data – either in whole or in part at e-mail address info@bib-edu.hu, or at postal address Budapest Institute of Banking Zrt. H-1054 Budapest, Szabadság tér 7.; free of charge, without giving detailed reasons; in both cases the personal identity and mailing address should be indicated. Following receipt of the request for erasure, the Data Controller immediately shall arrange for the termination of data management and delete the User from its register.

Instead of deleting the personal data, the Data Controller shall block the personal data if, on the basis of the available information, it can be assumed that the erasure would harm the User’s legitimate interests. The data blocked in this way may only be managed until the purpose of data management persist which excludes the erasure of personal data.
If the Data Controller does no fulfil the User’s request for rectification, blocking or erasure, it shall notify in writing the User of the factual and legal grounds for the rejection of the request within 30 days of the receipt of the request. In case of rejecting the request for rectification, erasure or blocking, the Data Controller shall inform the User on the possibility of legal remedies or recourse to the National Authority for Data Protection and Freedom of Information.

The management of their personal data may be challenged by Users:

  • if the management or transfer of personal data is exclusively required for compliance with legal obligation of the Data Controller, or for ensuring the legitimate interests of the Data Controller, data importer or third person;
  • if the use or transfer of personal data is for the purposes related to direct marketing, opinion research or scientific research; as well as
  • in other cases provided for by law.

The Data Controller shall, as soon as possible, and at most within 15 days following the receipt of the request, assess the objection and make a decision regarding its soundness, and inform the applicant in writing on its decision. In case the User does not agree with the Data Controller’s decision or the Data Controller does not meet the deadline above, the User may refer the matter to the court within 30 days of the last day of notification of this decision or the deadline.

8. Data collected during the use of the Website

If the Users do not expressly provide any data or information relating to themselves on the Website, the Data Controller shall not collect or process any personal data relating to the User in a way through which the User person may be identified.

By visiting the Website, all Users give their consent for the Data Controller to record the information and written data contained in this part of the Guide, as well as to place cookies required for recording.

Such data are data on the computer of the User logging in which are generated during the use of the Website and are recorded as an automatic result of the technical processes of the Data Controller’s system. The system automatically – without the separate statement or action of the User – logs the automatically recorded data when visiting or leaving the Website.

These data are not linked to any other personal user data, i.e. the User cannot be identified on the basis of these data. Only the Data Controller shall have access to such data. These data may be collected by using different technologies, such as cookies, web beacons or log files.

Such data contain the following information:
Cookie-k: cookies are short text files which are sent to the hard drive of the User’s computer by the Website and contain information relating to the User. Log files: the internet browser automatically forwards certain other data to the Website, such as the IP address (e.g. 192.168.2.1) of the User’s computer, or the operating system used by the User, or the web browser’s type, or the domain name from which the User visited the Website, as well as the sub-pages visited by the User within the Website and the content visited on the Website.

Similar to other internet providers, the Data Controller analyses these data in order to be able to establish which are the areas of the Website that are more popular than the others. Furthermore, similar to other larger providers, the Data Controller uses these data to shape the Website experience according to the User’s needs.

9. The use of data collected during the use of the Website

The data collected through the above technologies cannot be used to identify the User, and the Data Controller shall not link these data to any other data which may be potentially suitable for the identification of the User.

The primary goal of using these data is to ensure that the Website can be appropriately operated by the Data Controller, for the purposes of which the monitoring of data concerning visits on the Website and the screening of potential abuses concerning the Website’s use are particularly necessary. The data defined in this Guide may be used among others for the purposes of the Data Controller’s personal preferences (such as the most frequently visited contents on the Website).

In addition to the above, the Data Controller may use these information to analyse usage trends, as well as to improve and further develop the Website’s functions and obtain overall traffic data about the full use of the Website.

10. Turning off cookies:

If you do not wish that the Data Controller collects the above detailed information relating to yourself connected to the use of the Website, you may – either in whole or in part – turn off the use of cookies within the settings of your internet browser or otherwise modify the settings of cookie messages.

Nevertheless, in such a case you accept that the content displayed on the Website will be shown based on your preferences, in an unselected manner, and certain services will not be available or will not be available in a manner which would be otherwise possible in case the cookies had been authorized; furthermore, the Data Controller cannot thus ensure the same level of Website user experience.

11. Links

The Budapest Institute of Banking Zrt. does not take responsibility for the content and data- and information security practices of external website appearing as pop-ups from the Website. In case the Budapest Institute of Banking Zrt. Becomes aware of the fact that a site linked or the linking itself violates the rights of third persons or the legislation in force, it immediately removes the link from its Website. 

12. Data security

The Data Controller commits itself to ensure the security of data, as well as to make the technical and organisational measures and develop the procedural rules guaranteeing the protection of recorded, stored and managed data, and prevent these data from being destroyed, used or modified in an unauthorized way. The Data Controller commits itself to call on any third parties to whom the data were forwarded or transferred on the basis of their consent to comply with the requirements regarding data security.

The Data Controller shall ensure that unauthorized persons cannot get access to, disclose, transfer, modify or delete the data managed. The data managed may only be known by the employees of the Data Controller. The Data Controller shall not transfer the data to third parties not permitted to know the data.

The Data Controller shall use its best efforts to ensure that the data are not accidentally damaged or destroyed. The aforementioned commitment is required by the Data Controller from all employees participating in data management activities.

The Data Controller may in no circumstances collect sensitive data, i.e. data referring to racial origin, belonging to a national or ethnic minority, political opinion or party affiliation, religious or other philosophical belief, membership in a representative organisation, health status, pathological passion, sexual life or criminal record.

13. Law enforcement possibilities

The Data Controller shall make every effort to ensure that the data is managed in accordance with the legislation; if you consider that we did not comply with this requirement, please write to us at e-mail address info@bib-edu.hu, or at postal address Budapest Institute of Banking Zrt. H-1054 Budapest, Szabadság tér 7.

If you consider that your right to the protection of personal data was breached, you may pursue remedies under the relevant legislation by the competent authorities, by the

  • National Authority for Data Protection and Freedom of Information (address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C.)
  • court.

13. Miscellaneous provisions

This Guide shall be governed by the Hungarian law, and in particular the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information.

The Data Controller reserves the right to unilaterally modify this Data Privacy Guide any time, without prior notification of the persons concerned.

Budapest, 9 November 2017


          
Budapest Institute of Banking Zrt.
Data controller