Privacy Policy KKM Hungarian Academy of Diplomacy Ltd. With the purpose of data management on Balassa Training Programs’ website
1. Name of Data Controller
KKM Hungarian Academy of Diplomacy
| Headquarters: | 1107 Budapest, Ceglédi street 2. |
| Postal address | 1107 Budapest, Ceglédi street 2. |
| Telephone: | +36-70-4000-483 |
| E-mail: |
2. Name and contact information of the data protection officer
The data protection officer of KKM Hungarian Academy of Diplomacy Ltd. (hereinafter: Data Controller): dr. Szilvia Molnár-Friedrich
Direct contact information: e-mail address:
3. Purpose and legal basis of data management
| Purpose of data management | Data circle | Legal basis |
| Facilitating the Data Controller’s online educational organization tasks, providing information about available services, contacting via phone, letter, e-mail and/or online messaging form. | Name used during login (surname and first name), email address. | The data management is based on point a) of Article 6 (1) of the GDPR, its legal basis being the Subject’s consent. |
| Compilation and analysis of statistics for the website’s development. | Information about Internet activities, including, but not limited to, browsing history, search history, and information about the user’s interaction with Internet sites, applications, or advertisements; geographic data. | The data management is based on point a) of Article 6 (1) of the GDPR, its legal basis being the Subject’s consent. |
Contact details of the live system: https://balassieducation.hu/en/
4. The source of personal data and scope of processed data, in case they were not made available to the Data Controller by the Subject.
The Data Controller does not manage personal data that it does not collect from the Subject.
5. Recipients of personal data, categories of recipients, data processing
The Data Controller uses the following data processors when operating the website.
Data processors
Hosting provider:
DENINET Ltd.
1188. Budapest, Bercsényi street 79/b.
Data management information of the service provider: https://www.deninet.hu/aszf20220706.pdf#page=68
Google Analytics:
Google Ireland Limited
Gordon House, Barrow Street, Dublin 4, Ireland
Google’s Privacy Policy: https://policies.google.com/privacy?hl=en
6. Period of storage of personal data, training participants’ obligations
The personal data provided by the Subject – with regard to its legal basis – will be processed by the Data Controller until the termination of the service provided by the website, or until the withdrawal of consent. Every 3 years, in the absence of withdrawal of consent, the Data Controller reviews the necessity of data management. If, during the investigation, it is determined that the personal data are no longer needed for the purpose for which they were collected, or the data subject withdraws his consent, the Data Controller shall ensure the permanent deletion of the electronically stored personal data.
7. The Subject’s rights related to data management
7.1. Deadline
The Data Controller fulfills the Subject’s request to exercise their rights within a maximum of one month from the date of receipt.
If necessary, taking into account the complexity of the request and the number of requests, the Data Controller may extend this deadline by another two months. The Data Controller shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request.
7.2. Stakeholder rights related to data management
7.2.1. Right to access and information
The Subject has the right to request information from the Data Controller via the contact details provided in section 1, as to whether his personal data is being processed, and if such data processing is in progress, he is entitled to find out how
• the Data Controller treats
– what personal data;
– on what legal basis;
– for what data management purposes
– for how long
• to whom, when, on the basis of which legislation, and which personal data did the Data Controller grant access or to whom did they transmit the Subject’s personal data;
• the source of the Subject’s personal data;
• whether the Data Controller uses automated decision-making as well as its logic, including profiling.
The Data Controller will provide a copy of the personal data that is the subject of data management at the Subject’s request free of charge for the first time, after which it may charge a reasonable fee based on administrative costs.
7.2.2. Right to rectification
The person concerned may request that the Data Controller amend any of their personal data via the contact details provided in section 1. If the Subject can credibly prove the accuracy of the corrected data, the Data Controller fulfills the request within a reasonable time – no more than one month – and notifies the Subject at the contact information provided by them.
7.2.3. Right to blocking (restriction of data processing)
The person concerned can request that the processing of their personal data be limited by the Data Controller via the contact details provided in section 1 (by clearly indicating the limited nature of the data processing and by ensuring that it is handled separately from other data).
7.2.4. Right to erasure
In connection with the data management described in the information sheet, the Subject has the right to request that the Data Controller delete the personal data concerning the Subject without causeless delay, and the Data Controller is obliged to delete the personal data concerning the Subject without causeless delay, if there is no other legal basis for processing the data.
7.2.5. Right to data portability
In relation to data processing – subject to its legal basis – the Subject is entitled to receive their personal data provided to the Data Controller in a segmented, widely used, machine-readable format via the contact details provided in section 1, moreover they are entitled to have these data transferred to another Data Controller without the Data Controller hindering this in connection with automated data management operations.
8. Right to legal remedy
If the Subject considers that the Data Controller has violated the applicable data protection requirements when handling their personal data
– to the data protection officer of the Data Controller, or
– to the court (Fővárosi Törvényszék, 1055 Budapest, Markó utca 27.) they may turn, and
– they may initiate a data protection authority procedure (National Data Protection and Information Freedom Authority, 1055 Budapest, Falk Miksa street 9-11., 1363 Budapest, Pf. 9. ).
