Privacy Policy

The company Educage Training Ltd. (hereinafter referred to as the “Company”) respects and protects your personal data.

This Privacy Policy provides information about how we handle the personal data of our Clients, Visitors, and other data subjects (such as agents or end users) who are in contact with us. It covers personal data processed through email or telephone communication (under “Contact”), as well as your rights related to data protection.

1. Important Information

We would like to inform you that by using the website https://educage.training/, the Company collects and processes personal data when you contact us via the option available under the “Contact” tab.

It is important that the personal data we hold about you is accurate and up to date. Please let us know if your personal information changes.

We do not collect data from children.

Data Controller

The Company is the data controller and is responsible for the processing of personal data.

Contact Information

Our detailed company information:

Legal entity full name: Educage Training Ltd.

Data Protection Coordinator: Dr. Ákos Balázs Filep (info@educage.training)

Email: info@educage.training

Mailing address: 56 St. Williams Way, Norwich, England, NR7 0AP

Phone:

You may submit your complaint to the Data Protection Coordinator using any of the contact methods listed above.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues:

2. Data We Hold About You

Personal data refers to any information relating to an individual through which that person can be identified.

On a lawful basis, we may collect, use, store, and transfer various types of personal data about you, including the following:

Contact Data: This includes your email address and any personal data you provide in the email you send to the Company via the section under the “Contact” tab

· We do not collect any special categories of personal data (such as information revealing racial or ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health data, or genetic and biometric data). The only exception is the result of an occupational health examination strictly necessary for employment purposes. We also do not collect any information related to criminal proceedings.

· Data Required for Employment: This data set includes information typically needed for employment, such as: name, date of birth, address, ID card number, social security number (TAJ), tax identification number, proof of educational qualifications, etc.

3. How Do We Collect Your Personal Data?

We collect personal data about you through the following activities:

• When you send us an email via the contact option under the “Contact” section.

• In the case of an employee or job applicant, the personal data is provided by the employee or applicant after receiving prior information.

4. How Do We Use Your Personal Data?

We will only use your personal data when we have a proper legal basis to do so. Most commonly, we process your personal data in the following cases:

• When entering into a contract

• Based on your consent (e.g. when submitting a CV)

• When it is necessary for our legitimate interests – supported by a legitimate interest assessment

• When we must comply with legal obligations

Purposes of Data Processing

Below, we present the personal data processing activities in a tabular format.

Change of Purpose in Data Processing

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If you would like an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law, or where we have a legitimate interest in doing so, and such processing complies with the principles outlined above.

5. Data Security

We ensure that appropriate technical and organizational measures are in place to protect your personal data from accidental or unlawful destruction, loss, alteration, damage, unauthorized disclosure, or access.

In doing so, we take into account the risks related to the processing and the nature of the personal data.

Personal data is handled by our employees under our instructions, and we require them to sign confidentiality agreements.

6. Your Rights

You may request information at any time about the processing of your personal data.
You may also request the correction, clarification, deletion, or restriction of your personal data and exercise all rights to which you are entitled under applicable law. These rights include the following:

6.1. Right of Access

You have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning you is being processed, and, if so, to receive information regarding:

  • whether data processing is taking place,

  • the purposes of the processing,

  • the categories of personal data concerned,

  • the recipients (to whom the data may be disclosed),

  • the period for which the data will be stored, or the criteria used to determine that period,

  • your rights as a data subject and available remedies,

  • the source of the data, if it was not collected directly from you,

  • the existence of automated decision-making, including profiling,

  • and whether there is any international data transfer involved.

The Data Controller shall provide a copy of the personal data undergoing processing free of charge on the first occasion.

If you wish to exercise your rights, please contact us using any of the contact methods listed above, and we will get in touch with you.

6.2. Right to Rectification

Upon the Data Subject’s request, the Data Controller is obliged to rectify any inaccurate personal data concerning the Data Subject without undue delay.

Taking into account the purpose of the data processing, the Data Subject has the right to request the completion of incomplete personal data — including by means of providing a supplementary statement.

6.3. Right to Erasure (Right to be Forgotten)

The Data Subject has the right to request the erasure of personal data concerning them from the Data Controller.

The Data Controller is obliged to delete the Data Subject’s personal data without undue delay if any of the following conditions apply:

  • the personal data is no longer necessary for the purposes for which it was collected,

  • the Data Subject withdraws their consent and there is no other legal ground for processing,

  • the Data Subject objects to processing carried out in the public interest, in the exercise of official authority, or based on legitimate interests of the controller (or a third party), and there are no overriding legitimate grounds for the processing,

  • the personal data was unlawfully processed,

  • the personal data must be erased in order to comply with a legal obligation applicable to the Data Controller,

  • the personal data was collected in relation to the offer of information society services.

The Data Subject’s right to erasure may be restricted only in the cases specified by the GDPR, meaning that even in the above cases, continued retention of the personal data may be considered lawful if:

  • it is necessary for exercising the right of freedom of expression and information,

  • it is required to comply with a legal obligation,

  • it is needed for the performance of a task carried out in the public interest,

  • it is necessary for the exercise of official authority vested in the controller,

  • it serves the public interest in the area of public health,

  • it is necessary for archiving purposes in the public interest,

  • it is required for scientific or historical research or statistical purposes,

  • it is necessary for the establishment, exercise, or defense of legal claims.

6.4. Right to Restriction of Processing

The Data Subject has the right to request that the Data Controller restrict the processing of personal data if any of the following conditions apply:

  • The Data Subject contests the accuracy of the personal data; in this case, processing will be restricted for a period enabling the Data Controller to verify the accuracy of the data.

  • The processing is unlawful, and the Data Subject opposes the erasure of the personal data and instead requests the restriction of its use.

  • The Data Controller no longer needs the personal data for processing purposes, but the Data Subject requires it for the establishment, exercise, or defense of legal claims.

  • The Data Subject has objected to processing carried out in the public interest, in the exercise of official authority, or based on the legitimate interests of the Data Controller (or a third party); in such cases, the restriction applies during the period in which it is verified whether the legitimate grounds of the Data Controller override those of the Data Subject.

6.5. Right to Object

The Data Subject has the right to object, at any time and on grounds relating to their particular situation, to the processing of their personal data carried out in the public interest, in the exercise of official authority, or based on the legitimate interests of the Data Controller (or a third party), including profiling based on those grounds.

In such a case, the Data Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject, or which are related to the establishment, exercise, or defense of legal claims.

If personal data is processed for direct marketing purposes, the Data Subject has the right to object at any time to the processing of their personal data for such purposes, including profiling to the extent that it is related to such direct marketing.

If the Data Subject objects to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for this purpose.

6.6. Right to Data Portability

The Data Subject has the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another data controller without hindrance from the controller to which the personal data were provided, if:

  • the processing is based on the Data Subject’s consent or on a contract concluded with the Data Subject, and

  • the processing is carried out by automated means.

In exercising the right to data portability, the Data Subject also has the right—where technically feasible—to request the direct transmission of personal data from one controller to another.

6.7. Right to Withdraw Consent

The Data Subject has the right to withdraw their consent at any time.

The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

7. Retention Period

How Long Will We Use Your Personal Data?

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and whether those purposes can be achieved by other means.

Recordings from security cameras located in Company premises are retained for 30 days to protect human life and physical safety, as well as to safeguard hazardous materials.

By law, we are required to retain basic information about our clients (including contact persons, identifiers, financial, and transaction data) for 8 years due to invoicing regulations. After this period, such data will no longer be retained.

In the case of employees, upon termination of employment, documents containing personal data that are not legally required to be retained will be personally returned by the managing director.

In certain circumstances, you may request that we delete your personal data.

Generally, No Fee Is Required If:

You do not have to pay a fee to access your personal data (or to exercise any of your other rights).

However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive — and we will always inform you in advance before applying such a fee.

Response Timeframe

We aim to respond to all legitimate requests within one month.

Occasionally, it may take longer than one month if your request is particularly complex or if you have made multiple requests.

In such cases, we will notify you and keep you updated on the progress..

8. The Company Uses the Following Data Processors:

Name and Address of Data Processor: -

Purpose of Data Processing:

9. Data Transfers to Third Countries or International Organizations

The Company does not transfer personal data to any third country or international organization.

For transfers to third countries, the appropriate level of protection is always ensured by the UK Addendum or the UK IDTA (International Data Transfer Agreement).

10. Consequences of Refusing to Provide Data or Consent

If you do not provide your consent for the data processing purposes specified in Section 4, where the legal basis is voluntary consent, you will not be able to contact the Company through the options provided on the website. In such cases, you must visit our registered office in person.

If you do not provide consent in relation to a job application, you will not be able to participate in the selection process.

Please also note that in cases where data processing is based on Article 6(1)(a) of the GDPR, you have the right to withdraw your consent at any time. However, the withdrawal of consent only affects future processing and does not affect the lawfulness of any processing carried out based on your consent before its withdrawal.

11. Automated Decision-Making:

We hereby inform you that the Company does not use automated decision-making processes.

12. Cookies

What Are Cookies?

Cookies are small text files that are placed on your device (computer, tablet, smartphone) when you visit our website. They are used to make websites work more efficiently, as well as to provide information to the website owner.

Cookies may be:

  • Strictly necessary: essential for the operation of the website (e.g. navigation, security).

  • Functional: enhance user experience (e.g. remembering preferences).

  • Analytical/Performance: help us understand how users interact with our website.

  • Marketing: used to track visitors across websites for advertising purposes.

Legal Basis for Using Cookies

Under the UK GDPR and the Privacy and Electronic Communications Regulations (PECR), we may only store cookies on your device if they are strictly necessary for the functioning of the website.

For all other types of cookies (e.g. analytics or marketing), we will request your explicit consent before placing them on your device.

Types of Cookies We Use

We use tools such as [e.g. Google Analytics, Facebook Pixel] to gather usage statistics and improve our services. These tools may set their own cookies — please refer to their policies for further details.

Cookie Consent Management

When you first visit our website, a cookie banner will appear asking for your consent to use non-essential cookies. You may:

  • Accept all cookies

  • Reject all non-essential cookies

  • Customize your preferences

You can withdraw or modify your consent at any time via the [Cookie Settings] link in the footer of our website.

How to Control Cookies in Your Browser

You can control and/or delete cookies through your browser settings. For more information:

  • Google Chrome

  • Mozilla Firefox

  • Microsoft Edge

  • Apple Safari

Contact

If you have any questions about our use of cookies or your data rights, please contact us at:

Educage Training Ltd.

Email: info@educage.training

Phone:

13. Definitions

Data Processing

The performance of technical tasks related to data processing operations, regardless of the methods and tools used or the location of execution, provided the tasks are performed on the data. In the context of this policy, data processing especially refers to any technical data operation not requiring substantive decision-making, performed by a data processor on behalf of the data controller.

Data Processor

A natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the data controller.

Data Processing Operation

Any operation or set of operations performed on personal data or data sets, whether by automated or non-automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission or dissemination, alignment or combination, restriction, erasure, or destruction.

Data Controller

A natural or legal person, public authority, agency, or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means are determined by Union or Member State law, the data controller or the specific criteria for its nomination may also be laid down by such law.

Pseudonymization

The processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure non-attribution to an identified or identifiable person.

Anonymization

A technical process that ensures the permanent exclusion of the possibility to re-establish the link between the data and the data subject.

Consent of the Data Subject

A freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Direct Marketing

All forms of direct communication and related services aimed at informing the data subject about products or services, sending advertisements, or informing consumers or business partners for the purpose of promoting transactions (purchases).

DPO (Data Protection Officer)

A person appointed to oversee data protection strategy and implementation to ensure compliance with GDPR requirements.

Data Subject

Any identified or identifiable natural person to whom the personal data relates, either directly or indirectly.

Supervisory Authority Concerned:

A supervisory authority is considered concerned by data processing when:

a) the data controller or processor is established in its Member State;

b) the processing substantially affects or is likely to substantially affect data subjects residing in its Member State;

c) a complaint has been lodged with that authority.

Third Party

A natural or legal person, public authority, agency, or body other than the data subject, data controller, processor, and persons authorized to process data under the direct authority of the controller or processor.

Consent

A voluntary and definite expression of the data subject’s will, based on adequate information, by which they give clear and unambiguous consent to the processing of their personal data—whether for full processing or specific operations.

Except for special categories of data, no specific form is required for consent; it may be given by express declaration or implied conduct but must always be demonstrable.

Special Categories of Data

a) Personal data revealing racial or ethnic origin, political opinions or party affiliation, religious or philosophical beliefs, trade union membership, sexual life;

b) Personal data concerning health, addictions, or criminal records.

Personal Data

Any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, ID number, location data, online identifier, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.

Objection

A declaration by the data subject opposing the processing of their personal data and requesting the termination of processing and/or deletion of the data.

Educage Training Ltd.

56 St. Williams Way, Norwich, England, NR7 0AP

info@educage.training

assembled & logo designed with love by:

Legal notice