Privacy Policy

Privacy statement

for website visitors

Béla Grósz IE conducts teacher-student mediation activities on the present website which was created for this purpose. Consequently, he handles data for the performance of the service.

Béla Grósz IE (hereinafter: Service Provider) manages the personal data of newsletter subscribers, interested parties, registrants and customers (hereinafter collectively, Concerned Party) during the operation of the website called vostrotutor.com (hereinafter: Website).  

  1. Contact information of the Data Controller
    1.  Webpage owners:
      Name: Grósz Béla E.V., Lőrinczi  Krisztina E.V.
      Headquarters: H-4026 Debrecen, Bethlen Street 35, ⅕
      Mailing address: H-4034, Debrecen, Hold Street 43
      Representative’s name and phone number:  Lőrinczi Krisztina +36 70 3681346
      Email address: vostrotutors@gmail.com
    2.  Web Page designer:
      Name: Digital Care Studio Kft.
      Headquarter: 8957 Csömödér Fő Road 65
      Mailing address: hello@digitalcarestudio.com
  1. Scope of the handled personal data

In order to they can have an access to various services, we ask our users for different personal data, meanwhile, we are taking into account the principle of data minimisation. This Privacy Statement covers the handling of the data provided only by natural persons visiting the website, based on the fact that personal data can be interpreted only in relation to natural persons. 

Anonymous information collected by the Data Controller without personal identification and data that cannot be linked to a natural person is not considered personal data, nor is demographic data that collected without linking it to the personal data of identifiable persons, thereby the establishment of connection with a natural person is not possible.

The items of the processed data are listed in the following section:

  1. Subscribers to the newsletter
  • Name
  • E-mail address
  1. Interested persons
  • Name
  • E-mail address
  • Phone number
  1. Students registering on the website
  • Name
  • Address (country and city)
  • E-mail address
  1. Teachers registering on the website
  • Name
  • E-mail address
  1. Children’s data

Our products and services are not intended for persons under the age of 16, and we ask that persons under the age of 16 do not provide Personal Data to the Data Controller. If we become aware that we have collected personal data from a person under the age of 16, we will take the necessary steps to delete the data as soon as possible.

  1. Information about the usage of Cookies (anonymous user identifiers)

The Data Controller places an anonymous user identifier (cookie) on the computer of the Concerned Party, which in itself cannot identify the Concerned Party in any way. They are only suitable for recognizing the computer of the Concerned Party, but do not store IP addresses, and they do not transmit IP addresses as personal data to the Service Provider. The cookies used are simple, short, small text files. It is not necessary to provide personal data or information, as the user does not provide personal data to the Service Provider with the appliance of cookies. The data exchange takes place only and exclusively between the computers.

Cookies that are necessary for the operation of the website

Some cookies are necessary to be placed on the Concerned Party’s computer for the operation of the website. With the help of these cookies the loading of the website will be faster, the Concerned Party’s own browser will be able to store certain information on the website, and apart from these, the cookies ensure the modules of the website to work as intended. 

Analytical cookies

In order to extract visitor data and other web analytics data regarding our website, the Service Provider uses the services of independent analytics servers, namely Hotjar and Google Analytics software. These service providers can provide the Concerned Party with detailed information on the handling of measurement data.

In the case of Google Analytics, the Service Provider has made the settings in the website code according to which Google Analytics anonymizes the Concerned Party’s IP address, so that it can no longer be identified, and is not yet transferred to the Service Provider. You can read more about this method here:
https://support.google.com/analytics/answer/2763052?hl=hu

The goal is to use the anonymized information provided by the above mentioned software to analyse the visitation and functional use of our website in order to improve the user experience (e.g.: providing optimized navigation, the determination of the order in which information is placed on each subpage).

These measurements do not store any data about users that could be used to identify them, neither their IP addresses nor their personal data.

The privacy policy of Google Inc. is available on the following website: http://www.google.com/intl/hu_ALL/privacypolicy.html
Hotjar’s privacy policy can be find on the following website: https://www.hotjar.com/legal/policies/privacy 

The relevant service providers can provide more information about the cookies:

You can read more about Hotjar cookies here: https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookie-Information
You can find answers to the identification and characteristics of Google Analytics cookies here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Advertising cookies 

The Service Provider can use 21st century online marketing solutions, specifically Google AdWords and Facebook advertisements. These advertising solutions use cookies during their operation. The cookies help the system to function so that irrelevant advertisements are not displayed for the Concerned Party, only those that are relevant based on their current interests. On the Website, the Service Provider uses remarketing codes provided by Google Adwords and Facebook. The remarketing code also uses cookies.

The installed cookie does not transmit personal data to the Service Provider, it only helps to ensure that advertisements related to the Service Provider’s products and services are displayed on other websites belonging to the Google Display network, or on Facebook, which are subsequently visited by the visitor of the website.

Manual override, intervention and adjustment of automatic preferences related to advertisements

The user can disable cookies at any time and customize the ads on the Google and Facebook ad settings interface.

Data protection settings of the Google user account can be set by the Concerned Party here:
https://myaccount.google.com/privacy

The data protection settings of the Facebook user account are available under the settings menu under the settings tab related to data protection and advertisements.
https://www.facebook.com/ads/preferences

Stopping and prohibiting the use of cookies 

Changes regarding the browser settings:

The “Help” function in the menu bar of most browsers provides information about 

• how to disable cookies,

• how to accept new cookies, or

• how to instruct your browser to set a new cookie, or

• how to disable other cookies.

Blocking browser add-ons:

If the Concerned Party does not want Google Analytics to measure the above data in the manner and for the purpose described, s/he can install the blocking add-on in his/her browser.

Using an external solution for cookie management:

With the help of external websites, the Concerned Party can manage which Service Providers are allowed to conduct their advertising cookie activities on his/her computer. One solution is AdChoices, which is available in Hungarian too.

  1. Social media additions

Extensions are disabled on the Portal by default. These plugins are also cookies. The plugins are only enabled if the Concerned Party clicks on the corresponding button (e.g. likes an article, pins a picture, or starts following the Service Provider’s Facebook page with the “like” button on the webpage). By enabling the extension, that is, by pressing the “like button”, the Data Subject establishes a connection with the social site, i.e. clearly expresses that s/he gives consent to the transfer of her/his data to Facebook/Twitter/Linked-in/Pinterest/Instagram.

If the Concerned Party is logged in to Facebook/Twitter/Linked-in/Pinterest/Instagram, the given social network may associate his/her visit with the Concerned Party’s social account.

If the Concerned Party clicks on one of the social media buttons mentioned above, her/his browser transmits the relevant information directly to the given social network and stores it there.

Information on the scope and purpose of data collection, the further processing and use of data by Facebook/Twitter/Linked-in/Pinterest/Instagram, rights and settings regarding the protection of personal data can be found in the privacy statement of the given social media.

The user of the website’s services acknowledges that s/he has given consent to the processing of her/his data by Google by using the website.

  1. Technical data – log files

In order to use the services, the system logs data automatically.

This data is, on the one hand, for technical purposes – such as the analysis and subsequent control of the secure operation of the servers. This is an automatic IT security process, which is recorded in the system’s server logs without the Concerned Party’s declaration.

The above data are not suitable for identifying the user and the Data Controller does not connect them with other personal data. The logging data is stored by the system for 6 months from the date of the visit.

  1. Legal basis and purpose of data handling

6.1 In the case of newsletter subscribers
data processing is carried out with the consent of the Concerned Party, for the purpose of continuous information about new trends related to the Service Provider’s products and services, information about new services, new products, and possible promotions.

6.2 In the case of Interested Parties
data management is necessary for the steps prior to the conclusion of the contract, the purpose of data management is to provide personalized service to the Concerned Parties and to answer their questions about the service.

6.3 For those who register on the website
data management is necessary for the performance of the contract or for steps prior to the conclusion of the contract. The purpose of data management is to identify registered users, fulfil the contract using an online interface, and provide personalized service to the Concerned Party.

  1. Duration of data handling

7.1 Newsletter subscribers
your data will be processed until you withdraw your consent. This can be done automatically by clicking on the “unsubscribe” link in the footer of the newsletters, or by requesting it by e-mail with “Unsubscribe” in the subject, and sending it to the e-mail address mentioned in section 1.

7.2 Interested Parties
if the contract has been concluded, your data will be stored during the term of the contract, or for 8 years after the year of performance according to the accounting law. If the contract was not concluded, i.e. the goal was not achieved, the data will be processed by the Service Provider until 1st of March of the year following the end of the offer.

7.3 Those who register on the website
their data will be processed until the consent is revoked, which can be achieved either by manually deleting the registered account, or by e-mail in a letter with the subject DELETE ACCOUNT, which should be sent to the e-mail address indicated in section 1.

Scope of the data, data transfer, data processing

The internal employees of the Service Provider are entitled to know the personal data collected from the Concerned Partiy. The collected Data will not be published. For the purpose of data management for third parties, the data is only forwarded at the request of the Concerned Party, to the addressee specified by the Concerned Party.

The Service Provider may use a data processor to perform tasks arising during the connected activities (accounting, issuing electronic invoices, sending newsletters).

Categories of data processors and recipients of data transmission:

Name: Hostinger International Ltd.
Headquarters: 61 Lordou Vironos str., 6023 Larnaca, Cyprus
Category: Hosting service provider

Name: Billingo Technologies Private Limited Company
Headquarters: H-1133 Budapest, Árbóc Street 1/6
Category: Electronic invoice

9. Rights of the Concerned Parties, legal remedies

9.1 The Concerned Party can request the followings from the Data Controller:

a) information about the handling of personal data,
b) correction of personal data,
c) deletion or blocking of the Concerned Party’s personal data – with the exception of mandatory data management,
d) to forward the Concerned Party’s personal data to another Data Controller.

9.2  At the request of the Concerned Party, within 30 days at the latest from the submission of the request, the Data Controller shall provide written information about the data of the Concerned Party managed by the Data Controller or processed by a Data Processor who is commissioned by the Data Controller or about the source, the purpose or legal basis of the data collection, duration of data processing, the name and address of the Data Processor and his/her activities related to data processing, and – in the case of forwarding the Concerned Party’s personal data – about the legal basis and recipient of the forwarded data.

Information is provided free of charge if the information requester has not yet submitted any information request regarding the given topic to the Data Controller in the same year. In other cases, the Data Controller will determine reimbursement, with the provision that the already paid amount of money must be refunded if the data was handled unlawfully or the request for information led to a correction.

In order to check the legality of the data transmission and to inform the Concerned Party, the Data Controller keeps a data transmission register, which consists of the date of transmission of the personal data handled by her/himself, the legal basis and recipient of the data transmission, the definition of the scope of the transmitted personal data, as well as other data specified in the law that determine the way of data management.

The Service Provider maintains a data protection incident register for the purpose of monitoring the arrangements related to the data protection incident and for informing the Concerned Party. The register includes the scope of the Concerned Party’s personal data, the scope and number of persons affected by the data protection incident, the date, circumstances and effects of the data protection incident and the arrangements taken to prevent it, and other data specified by the law that determines data management.

9.3 The Concerned Party has the right to request the correction or deletion of his/her incorrectly recorded data at any time. In this case, the user can submit a request in written form by post or e-mail. The Service Provider will delete the data within 3 workdays after receiving the request. Following this process the data will not be recoverable. The deletion does not apply to data processing required by law (e.g. accounting regulations), which are retained by the Service Provider for the necessary period of time.

9.4 The Concerned Party may also request the blocking of his/her data or the transmission of his/her data to another data controller. The Service Provider locks the personal data if the Concerned Party requests that, or if it can be assumed based on the information available that deletion would harm the Concerned Party’s legitimate interests. The personal data which is locked in this way can only be processed as long as the data management purpose exists, which precluded the deletion of the personal data.

The Concerned Party, as well as all those to whom the data was previously forwarded for the purpose of data management, must be notified about the correction, blocking and deletion. The notification may be omitted if this does not violate the Concerned Party’s legitimate interests in view of the purpose of the data management.
If the Service Provider does not comply with the Concerned Party’s request for correction, blocking or deletion, within 30 days of receiving the request, the Service Provider shall inform the Concerned Party in writing about the factual and legal reasons for rejection of the request for correction, blocking or deletion.

The Concerned Party can contact the Data Controller via the address indicated under section 9.5 in the following cases:

• The Concerned Party can request the transfer of his/her data to another Data Controller, if the data management is based on a contract or consent and is handled by the Service Provider in the framework of an automated procedure.

• The Concerned Party can require the withdrawal of his/her previously given consent to data management

The Concerned Party may object to the processing of his/her personal data. The Service Provider examines the objection as soon as possible, but no later than 15 days after the submission of the application, the Service Provider makes a decision on its validity, and informs the Concerned Party about his/her decision in writing. In case of rejection of the request for correction, deletion or blocking, the Data Controller informs the Concerned Party about the possibility of legal remedies in court, as well as the possibility of turning to the Authorities.

Information regarding data security arrangements:

Data Controller takes care of default and built-in data protection. For this end the Data Controller applies appropriate technical and organizational arrangements in order to:

• regulate access to data accurately;

• allow access only to persons who need the data in order to perform their tasks, and even in this case only that data can be accessed which is minimally necessary to perform the given task;

• carefully select the data processors and ensure the security of the data with an appropriate data processing contract;

• ensure the unchangingness (data integrity), authenticity and protection of the handled data.

The Data Controller applies reasonable physical, technical and organizational security arrangements to protect the Concerned Party, especially against their accidental, unauthorized or illegal destruction, loss, alteration, transmission, use, access or processing. The Data Controller shall immediately notify the Concerned Party in the event of unauthorized access to or use of personal data that is known to pose a high risk to the Concerned Party.  

if it is necessary to transmit the Concerned Party’s data, the Data Controller ensures the appropriate protection of the transmitted data, for example by encrypting the data file. The Data Controller is fully responsible for the data management implemented by third parties.

The Data Controller also ensures that the Concerned Party’s data is protected against destruction or loss with appropriate and regular backups.

9.5 The Concerned Party can exercise his/her rights through the following contact details:
Mailing address: H-4034 Debrecen, Hold Street 43
E-mail address: vostrotutors@gmail.com
The Concerned Party may contact the Service Provider’s co-workers with any questions or comments related to data management via the contact details under section 9.5. 

9.6  The Concerned Party based on the GDPR, the Info.tv., and the Civil Code (Act V of 2013).

  • can refer to the Hungarian National Authority for Data and freedom of Information

 (H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.; www.naih.hu) or

  • can enforce his/her rights in court.

9.7 If the Concerned Party provided third-party data in order to use the service, during registration, when subscribing to the newsletter, or caused damage in any way during the use of the Website, the Service Provider is entitled to claim compensation from the Concerned Party. In such a case, the Service Provider will provide all possible assistance to the acting authorities in order to establish the identity of the person violating the law.