top of page
Business Handshake

GDPR

Privacy Notice on the processing of Personal Data

This Privacy Notice explains how Magyar Iskola Kft. (address of office: 1052 Budapest, Petőfi Sándor utca 11., Hungary; company registration number: 01-09-921566; email: info@hlschool.hu) processes personal data in connection with its adult education and language training activities.

Magyar Iskola Kft. acts as the data controller in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR).

 

The purpose of this Notice is to provide clear and transparent information about:

  • what personal data we collect,

  • for what purposes and on what legal basis we process it,

  • how long we retain it,

  • with whom we share it,

  • and what rights data subjects have in relation to their personal data.

Magyar Iskola Kft. is committed to ensuring that personal data is processed lawfully, fairly, and transparently, and that appropriate technical and organisational measures are in place to protect such data.

Principles of Data Processing

Magyar Iskola Kft. processes personal data in accordance with the principles set out in Article 5 of the GDPR. In particular, we ensure that personal data is:

  1. Processed lawfully, fairly and transparently in relation to data subjects;

  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes;

  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (data minimisation);

  4. Accurate and kept up to date;

  5. Stored only for as long as necessary for the purposes for which it is processed (storage limitation);

  6. Processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.

We implement internal data protection policies and conclude data processing agreements with all service providers who process personal data on our behalf.

Purposes of Data Processing

Magyar Iskola Kft. processes personal data for the following purposes:

1. Organisation and Delivery of Language Training

  • processing application forms and conducting preliminary level assessments prior to contract conclusion;

  • concluding and performing adult education contracts;

  • organising courses and managing student participation;

  • recording attendance and monitoring academic progress;

  • issuing certificates and proof of language level;

  • managing online and in-person classes.

2. Operation of Online Learning and Administrative Platforms

  • providing access to the schooldrive.net administration system;

  • operating the SkillDict e-learning and online testing platform;

  • providing AI-supported language learning services (AI Teacher / Speakifyr);

  • storing and evaluating learning progress and performance data.

3. Communication with Students

  • providing course-related information;

  • responding to inquiries;

  • sending administrative notifications;

  • managing customer support requests.

4. Financial Administration

  • issuing invoices;

  • managing payments;

  • fulfilling accounting and tax obligations.

5. Legal and Regulatory Compliance

  • fulfilling obligations under Act LXXVII of 2013 on Adult Education;

  • reporting data to the Adult Education Data Management System (FAR);

  • complying with applicable tax and accounting laws.

6. Website Analytics and Marketing (where applicable)

  • improving website performance;

  • analysing website usage;

  • conducting online marketing and remarketing activities;

These activities are subject to cookie consent where required.

Categories of Personal Data Processed

Depending on the type of service used, Magyar Iskola Kft. may process the following categories of personal data:

1. Identification Data

  • Full name

  • Birth name

  • Mother’s name

  • Place and date of birth

  • Nationality

  • Gender (where required by law)

  • Identity document details (where required by law)

2. Contact Details

  • Email address

  • Telephone number

  • Residential address

  • Correspondence address

3. Contract and Course-Related Data

  • Course registration details

  • Level assessment results

  • Attendance records

  • Student contract documentation

  • Certificates and proof of language level

  • Course start and completion dates

4. Learning and Performance Data

  • Test results,

  • Assessment scores and responses provided during level assessment tests;

  • optional audio recordings submitted during level assessment (processed only upon user consent);

  • Teacher evaluations,

  • Progress tracking records,

  • Learning history within the e-learning platform and AI supported platforms.

5. AI-Based Learning Data (if applicable)

When using the AI-supported language learning service:

  • Email address

  • Conversation transcripts

  • Performance evaluation data

  • Learning progress metrics

  • (Optional) Voice recordings, if the user explicitly activates the voice-saving function

Voice recordings are not mandatory and are processed only upon user activation.

6. Financial and Billing Data

  • Invoice data

  • Payment records

  • Tax-related information

  • Outstanding balances

7. Communication Data

  • Email correspondence

  • Group messages

  • Customer service interactions

8. Technical and Online Usage Data

When visiting our website or using online services:

  • IP address

  • Device type and browser information

  • Website usage data

  • Cookie-related data

  • Interaction data related to chatbot services

9. Data Required by Law

For approved adult education programmes:

  • Data required by Act LXXVII of 2013

  • Data reported to the Adult Education Data Management System (FAR)

Legal Basis for Processing

Magyar Iskola Kft. processes personal data on the following legal bases pursuant to Article 6 of Regulation (EU) 2016/679 (GDPR):

1. Performance of a Contract

(Article 6(1)(b) GDPR)

Personal data is processed where necessary for the conclusion and performance of the adult education contract or for the provision of separately subscribed services.

This includes in particular:

  • processing of application data and preliminary level assessment prior to entering into a contract;

  • course registration and participation;

  • level assessment and academic evaluation;

  • attendance tracking;

  • issuing certificates and proof of language level;

  • access to the SchoolDrive administration system;

  • access to the SkillDict e-learning and online testing platform;

  • access to the AI-supported language learning service (Speakifyr / AI Teacher);

  • processing conversation transcripts and performance metrics within the AI system;

  • storing and evaluating learning progress data.

The provision of the required personal data is necessary for the conclusion and fulfilment of the contract. Without such data, the service cannot be provided.

2. Compliance with Legal Obligations

(Article 6(1)(c) GDPR)

Personal data is processed where required by applicable Hungarian or EU law, including:

  • Act LXXVII of 2013 on Adult Education;

  • reporting obligations towards the Adult Education Data Management System (FAR);

  • accounting and tax legislation;

  • statutory data retention requirements.

3. Consent of the Data Subject

(Article 6(1)(a) GDPR)

Certain processing activities are based on the voluntary consent of the data subject, including:

  • subscription to newsletters or marketing communications;

  • website analytics and marketing cookies;

  • activation of optional voice recording within the AI-supported language learning system;

  • optional voice recordings submitted during level assessment;

  • participation in non-anonymised feedback surveys.

Consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal.

4. Legitimate Interests

(Article 6(1)(f) GDPR)

Magyar Iskola Kft. may process personal data where necessary for its legitimate interests, provided such interests are not overridden by the rights and freedoms of the data subject.

Such legitimate interests may include:

  • ensuring the security and integrity of IT systems;

  • preventing fraud or misuse of services;

  • internal administrative purposes;

  • quality assurance and service improvement.

Where processing is based on legitimate interest, an appropriate balancing test is carried out.

Who do we share personal information with?

Magyar Iskola Kft. processes personal data as data controller. Personal data is shared only where necessary, proportionate, and lawful.

Personal data may be shared with the following categories of recipients:

1. Internal Access Within the Organisation

Personal data may be accessed by authorised employees and contracted teachers of Magyar Iskola Kft. strictly on a need-to-know basis for the purposes of:

  • organising and delivering language training;

  • evaluating academic performance;

  • administering courses and examinations;

  • providing customer support.

All staff and teachers are subject to confidentiality obligations.

2. Data Processors Acting on Our Behalf

We engage carefully selected service providers who process personal data exclusively on our behalf and in accordance with Article 28 of the GDPR.

 

These include:

  • School Administration System - Solware Kft. (SchoolDrive)
    Student administration, attendance records, contracts, financial data management.

  • E-learning and Online Testing Platform - SkillDict Zrt.
    Provision of digital learning materials and online testing services.

  • AI-Supported Language Learning System - Aidia ApS (Speakifyr)
    Processing of conversation transcripts, performance metrics and (if activated) optional voice recordings.

  • Online Communication Platform - Zoom Video Communications, Inc.
    Delivery of online classes.

  • Website Analytics and Marketing Services - Google LLC (Google Analytics, Google Ads, Google Tag Manager)
    Website analytics and online marketing activities (subject to cookie consent).

  • Chatbot Service - Chatfuel Inc.
    Automated website communication and customer support.

 

Where required by law, we enter into data processing agreements with service providers. In the case of standard software services, data processing is governed by the providers’ applicable data protection agreements and privacy policies. Magyar Iskola Kft. remains responsible for ensuring that such processing complies with applicable data protection laws.

3. Authorities and Public Bodies

Personal data may be transferred to competent authorities where required by law, including:

  • the Adult Education Data Management System (FAR);

  • tax authorities;

  • courts or regulatory authorities.

Such transfers are based on legal obligations.

4. Independent Service Providers (Where Applicable)

In certain cases, personal data may be shared with external professionals such as accountants or IT service providers who may act either as data processors or, where legally required, as independent data controllers.

Magyar Iskola Kft. remains responsible for ensuring that all data sharing complies with applicable data protection laws.

International Data Transfers

Certain service providers used by Magyar Iskola Kft., including Google LLC (Google Analytics, Google Ads, Google Tag Manager), Zoom Video Communications, Inc., Chatfuel Inc., and Meta Platforms Inc. (WhatsApp services), may process personal data outside the European Economic Area (EEA), including in the United States.

Such processing may involve the transfer of technical data (such as IP address and device information), usage data, communication data, and, where applicable, chatbot interaction data.

Where personal data is transferred to countries that do not provide an adequate level of data protection under EU law, such transfers are based on appropriate safeguards in accordance with Articles 44–49 of the GDPR, including:

  • participation in the EU–US Data Privacy Framework (where applicable); and/or

  • Standard Contractual Clauses adopted by the European Commission.

Magyar Iskola Kft. takes reasonable steps to ensure that any international data transfers are subject to appropriate safeguards and that personal data remains protected in accordance with the GDPR. You may request further information about the safeguards applied.

Data Retention

Magyar Iskola Kft. retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.

Retention periods depend on the type of personal data processed:

 

Contractual and Course-Related Data

Personal data related to course participation, contracts and level assessments is retained for the duration of the contractual relationship and for up to five years thereafter in accordance with the general limitation period under Hungarian civil law.

Accounting and Financial Data

Invoice and accounting-related data is retained for eight years in accordance with Hungarian accounting legislation.

Data Processed Pursuant to Legal Obligations

Data required under adult education legislation, including data reported to the Adult Education Data Management System (FAR), is retained for the period required by applicable Hungarian law.

E-learning and AI Learning Data

SkillDict (SkillToolkit) – course-based access (as part of an online course):
Learning progress data and test results generated through the SkillDict online testing platform are retained for the duration of the course and thereafter in accordance with the retention period applicable to contractual data. User accounts may be deactivated when a student no longer participates in courses, while learning data may be retained for administrative and documentation purposes.

SkillDict (SkillToolkit) – standalone e-learning subscription:
Learning progress data and usage history related to standalone e-learning subscriptions are retained for the duration of the subscription and thereafter in accordance with the retention period applicable to contractual data, unless deletion is requested and no legal obligation requires continued retention.

 

AI-supported language learning (Speakifyr / AI Teacher – Talkio):
AI-supported language learning data, including conversation transcripts and performance metrics, are retained for the duration of the AI service subscription. Upon termination of the service or removal of a user from the organisation, such data may be retained for a limited period and may be deleted upon request, unless legal obligations require otherwise.

 

Optional voice recordings:
Optional voice recordings (whether submitted during level assessment or activated within the AI-supported service) are processed only upon user consent and may be deleted at any time upon request.

 

Website Analytics and Marketing Data

Cookie-related and analytics data are retained in accordance with the retention settings and policies of the respective service providers (e.g., Google Analytics), or until consent is withdrawn.

Communication Data

Email correspondence and customer support interactions are retained for as long as necessary to handle the request and for documentation purposes.

Security of Processing

Magyar Iskola Kft. implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.

Such measures include, in particular:

  • access controls ensuring that personal data is accessible only to authorised personnel on a need-to-know basis;

  • the use of password-protected systems and secure authentication methods;

  • secure cloud-based platforms provided by reputable service providers;

  • regular review of access rights;

  • data processing agreements with contracted service providers;

  • internal data protection policies and confidentiality obligations applicable to staff and teachers.

Where personal data is processed through external service providers, the security measures implemented by those providers are governed by their applicable data protection and security policies.

Magyar Iskola Kft. takes reasonable steps to protect personal data against unauthorised access, accidental loss, destruction or damage. However, no method of electronic storage or transmission over the internet can be guaranteed to be completely secure.

In the event of a personal data breach, Magyar Iskola Kft. follows the procedures required under Articles 33 and 34 of the GDPR.

Data Subject Rights

Data subjects have the following rights under the GDPR:

 

Right of Access

You have the right to request confirmation as to whether we process your personal data and, if so, to obtain access to such data and information about the processing.

Right to Rectification

You have the right to request correction of inaccurate personal data and completion of incomplete data.

Right to Erasure (“Right to be Forgotten”)

You may request deletion of your personal data where:

  • the data is no longer necessary for the purposes for which it was collected;

  • you withdraw consent and there is no other legal basis for processing;

  • the data has been unlawfully processed.

Please note that certain data may not be deleted where retention is required by law (e.g., accounting or adult education legislation).

Right to Restriction of Processing

You may request restriction of processing in certain circumstances, such as where the accuracy of the data is contested or the processing is unlawful but you oppose deletion.

Right to Data Portability

Where processing is based on contract or consent and carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit that data to another controller.

Right to Object

Where processing is based on legitimate interest, you have the right to object to such processing on grounds relating to your particular situation.

Right to Withdraw Consent

Where processing is based on consent (e.g., optional voice recordings or marketing communications), you may withdraw your consent at any time.

Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

Automated Processing

Although certain services involve automated analysis (e.g., AI-supported language evaluation), no decisions producing legal or similarly significant effects are made solely on the basis of automated processing. Such processing does not constitute automated decision-making within the meaning of Article 22 GDPR.

Right to Lodge a Complaint

If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) or with the supervisory authority in your country of residence.

 

Contact details:
Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
Website: https://naih.hu

How to Exercise Your Rights

You may exercise your data protection rights by contacting us using the following details:

  • By post: Magyar Iskola Kft., 1052 Budapest, Petőfi Sándor u. 11.

  • By telephone: +36 20 424 1012

  • By email: info@hlschool.hu

We will respond to your request without undue delay and in any event within one month of receipt, in accordance with Article 12 of the GDPR. We may request verification of identity before fulfilling a request.

Modification of the Privacy Notice

Magyar Iskola Kft. reserves the right to modify or update this Privacy Notice where necessary to reflect changes in our data processing practices or applicable legal requirements.

Any material changes will be communicated through our website or by other appropriate means.

Privacy Notice on the processing of Personal Data

This Privacy Notice explains how Magyar Iskola Kft. (address of office: 1052 Budapest, Petőfi Sándor utca 11., Hungary; company registration number: 01-09-921566; email: info@hlschool.hu) processes personal data in connection with its adult education and language training activities.

Magyar Iskola Kft. acts as the data controller in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR).

 

The purpose of this Notice is to provide clear and transparent information about:

  • what personal data we collect,

  • for what purposes and on what legal basis we process it,

  • how long we retain it,

  • with whom we share it,

  • and what rights data subjects have in relation to their personal data.

Magyar Iskola Kft. is committed to ensuring that personal data is processed lawfully, fairly, and transparently, and that appropriate technical and organisational measures are in place to protect such data.

Principles of Data Processing

Magyar Iskola Kft. processes personal data in accordance with the principles set out in Article 5 of the GDPR. In particular, we ensure that personal data is:

  1. Processed lawfully, fairly and transparently in relation to data subjects;

  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes;

  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (data minimisation);

  4. Accurate and kept up to date;

  5. Stored only for as long as necessary for the purposes for which it is processed (storage limitation);

  6. Processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.

We implement internal data protection policies and conclude data processing agreements with all service providers who process personal data on our behalf.

Purposes of Data Processing

Magyar Iskola Kft. processes personal data for the following purposes:

1. Organisation and Delivery of Language Training

  • processing application forms and conducting preliminary level assessments prior to contract conclusion;

  • concluding and performing adult education contracts;

  • organising courses and managing student participation;

  • recording attendance and monitoring academic progress;

  • issuing certificates and proof of language level;

  • managing online and in-person classes.

2. Operation of Online Learning and Administrative Platforms

  • providing access to the schooldrive.net administration system;

  • operating the SkillDict e-learning and online testing platform;

  • providing AI-supported language learning services (AI Teacher / Speakifyr);

  • storing and evaluating learning progress and performance data.

3. Communication with Students

  • providing course-related information;

  • responding to inquiries;

  • sending administrative notifications;

  • managing customer support requests.

4. Financial Administration

  • issuing invoices;

  • managing payments;

  • fulfilling accounting and tax obligations.

5. Legal and Regulatory Compliance

  • fulfilling obligations under Act LXXVII of 2013 on Adult Education;

  • reporting data to the Adult Education Data Management System (FAR);

  • complying with applicable tax and accounting laws.

6. Website Analytics and Marketing (where applicable)

  • improving website performance;

  • analysing website usage;

  • conducting online marketing and remarketing activities;

These activities are subject to cookie consent where required.

Categories of Personal Data Processed

Depending on the type of service used, Magyar Iskola Kft. may process the following categories of personal data:

1. Identification Data

  • Full name

  • Birth name

  • Mother’s name

  • Place and date of birth

  • Nationality

  • Gender (where required by law)

  • Identity document details (where required by law)

2. Contact Details

  • Email address

  • Telephone number

  • Residential address

  • Correspondence address

3. Contract and Course-Related Data

  • Course registration details

  • Level assessment results

  • Attendance records

  • Student contract documentation

  • Certificates and proof of language level

  • Course start and completion dates

4. Learning and Performance Data

  • Test results,

  • Assessment scores and responses provided during level assessment tests;

  • optional audio recordings submitted during level assessment (processed only upon user consent);

  • Teacher evaluations,

  • Progress tracking records,

  • Learning history within the e-learning platform and AI supported platforms.

5. AI-Based Learning Data (if applicable)

When using the AI-supported language learning service:

  • Email address

  • Conversation transcripts

  • Performance evaluation data

  • Learning progress metrics

  • (Optional) Voice recordings, if the user explicitly activates the voice-saving function

Voice recordings are not mandatory and are processed only upon user activation.

6. Financial and Billing Data

  • Invoice data

  • Payment records

  • Tax-related information

  • Outstanding balances

7. Communication Data

  • Email correspondence

  • Group messages

  • Customer service interactions

8. Technical and Online Usage Data

When visiting our website or using online services:

  • IP address

  • Device type and browser information

  • Website usage data

  • Cookie-related data

  • Interaction data related to chatbot services

9. Data Required by Law

For approved adult education programmes:

  • Data required by Act LXXVII of 2013

  • Data reported to the Adult Education Data Management System (FAR)

Legal Basis for Processing

Magyar Iskola Kft. processes personal data on the following legal bases pursuant to Article 6 of Regulation (EU) 2016/679 (GDPR):

1. Performance of a Contract

(Article 6(1)(b) GDPR)

Personal data is processed where necessary for the conclusion and performance of the adult education contract or for the provision of separately subscribed services.

This includes in particular:

  • processing of application data and preliminary level assessment prior to entering into a contract;

  • course registration and participation;

  • level assessment and academic evaluation;

  • attendance tracking;

  • issuing certificates and proof of language level;

  • access to the SchoolDrive administration system;

  • access to the SkillDict e-learning and online testing platform;

  • access to the AI-supported language learning service (Speakifyr / AI Teacher);

  • processing conversation transcripts and performance metrics within the AI system;

  • storing and evaluating learning progress data.

The provision of the required personal data is necessary for the conclusion and fulfilment of the contract. Without such data, the service cannot be provided.

2. Compliance with Legal Obligations

(Article 6(1)(c) GDPR)

Personal data is processed where required by applicable Hungarian or EU law, including:

  • Act LXXVII of 2013 on Adult Education;

  • reporting obligations towards the Adult Education Data Management System (FAR);

  • accounting and tax legislation;

  • statutory data retention requirements.

3. Consent of the Data Subject

(Article 6(1)(a) GDPR)

Certain processing activities are based on the voluntary consent of the data subject, including:

  • subscription to newsletters or marketing communications;

  • website analytics and marketing cookies;

  • activation of optional voice recording within the AI-supported language learning system;

  • optional voice recordings submitted during level assessment;

  • participation in non-anonymised feedback surveys.

Consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal.

4. Legitimate Interests

(Article 6(1)(f) GDPR)

Magyar Iskola Kft. may process personal data where necessary for its legitimate interests, provided such interests are not overridden by the rights and freedoms of the data subject.

Such legitimate interests may include:

  • ensuring the security and integrity of IT systems;

  • preventing fraud or misuse of services;

  • internal administrative purposes;

  • quality assurance and service improvement.

Where processing is based on legitimate interest, an appropriate balancing test is carried out.

Who do we share personal information with?

Magyar Iskola Kft. processes personal data as data controller. Personal data is shared only where necessary, proportionate, and lawful.

Personal data may be shared with the following categories of recipients:

1. Internal Access Within the Organisation

Personal data may be accessed by authorised employees and contracted teachers of Magyar Iskola Kft. strictly on a need-to-know basis for the purposes of:

  • organising and delivering language training;

  • evaluating academic performance;

  • administering courses and examinations;

  • providing customer support.

All staff and teachers are subject to confidentiality obligations.

2. Data Processors Acting on Our Behalf

We engage carefully selected service providers who process personal data exclusively on our behalf and in accordance with Article 28 of the GDPR.

 

These include:

  • School Administration System - Solware Kft. (SchoolDrive)
    Student administration, attendance records, contracts, financial data management.

  • E-learning and Online Testing Platform - SkillDict Zrt.
    Provision of digital learning materials and online testing services.

  • AI-Supported Language Learning System - Aidia ApS (Speakifyr)
    Processing of conversation transcripts, performance metrics and (if activated) optional voice recordings.

  • Online Communication Platform - Zoom Video Communications, Inc.
    Delivery of online classes.

  • Website Analytics and Marketing Services - Google LLC (Google Analytics, Google Ads, Google Tag Manager)
    Website analytics and online marketing activities (subject to cookie consent).

  • Chatbot Service - Chatfuel Inc.
    Automated website communication and customer support.

 

Where required by law, we enter into data processing agreements with service providers. In the case of standard software services, data processing is governed by the providers’ applicable data protection agreements and privacy policies. Magyar Iskola Kft. remains responsible for ensuring that such processing complies with applicable data protection laws.

3. Authorities and Public Bodies

Personal data may be transferred to competent authorities where required by law, including:

  • the Adult Education Data Management System (FAR);

  • tax authorities;

  • courts or regulatory authorities.

Such transfers are based on legal obligations.

4. Independent Service Providers (Where Applicable)

In certain cases, personal data may be shared with external professionals such as accountants or IT service providers who may act either as data processors or, where legally required, as independent data controllers.

Magyar Iskola Kft. remains responsible for ensuring that all data sharing complies with applicable data protection laws.

International Data Transfers

Certain service providers used by Magyar Iskola Kft., including Google LLC (Google Analytics, Google Ads, Google Tag Manager), Zoom Video Communications, Inc., Chatfuel Inc., and Meta Platforms Inc. (WhatsApp services), may process personal data outside the European Economic Area (EEA), including in the United States.

Such processing may involve the transfer of technical data (such as IP address and device information), usage data, communication data, and, where applicable, chatbot interaction data.

Where personal data is transferred to countries that do not provide an adequate level of data protection under EU law, such transfers are based on appropriate safeguards in accordance with Articles 44–49 of the GDPR, including:

  • participation in the EU–US Data Privacy Framework (where applicable); and/or

  • Standard Contractual Clauses adopted by the European Commission.

Magyar Iskola Kft. takes reasonable steps to ensure that any international data transfers are subject to appropriate safeguards and that personal data remains protected in accordance with the GDPR. You may request further information about the safeguards applied.

Data Retention

Magyar Iskola Kft. retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.

Retention periods depend on the type of personal data processed:

 

Contractual and Course-Related Data

Personal data related to course participation, contracts and level assessments is retained for the duration of the contractual relationship and for up to five years thereafter in accordance with the general limitation period under Hungarian civil law.

Accounting and Financial Data

Invoice and accounting-related data is retained for eight years in accordance with Hungarian accounting legislation.

Data Processed Pursuant to Legal Obligations

Data required under adult education legislation, including data reported to the Adult Education Data Management System (FAR), is retained for the period required by applicable Hungarian law.

E-learning and AI Learning Data

SkillDict (SkillToolkit) – course-based access (as part of an online course):
Learning progress data and test results generated through the SkillDict online testing platform are retained for the duration of the course and thereafter in accordance with the retention period applicable to contractual data. User accounts may be deactivated when a student no longer participates in courses, while learning data may be retained for administrative and documentation purposes.

SkillDict (SkillToolkit) – standalone e-learning subscription:
Learning progress data and usage history related to standalone e-learning subscriptions are retained for the duration of the subscription and thereafter in accordance with the retention period applicable to contractual data, unless deletion is requested and no legal obligation requires continued retention.

 

AI-supported language learning (Speakifyr / AI Teacher – Talkio):
AI-supported language learning data, including conversation transcripts and performance metrics, are retained for the duration of the AI service subscription. Upon termination of the service or removal of a user from the organisation, such data may be retained for a limited period and may be deleted upon request, unless legal obligations require otherwise.

 

Optional voice recordings:
Optional voice recordings (whether submitted during level assessment or activated within the AI-supported service) are processed only upon user consent and may be deleted at any time upon request.

 

Website Analytics and Marketing Data

Cookie-related and analytics data are retained in accordance with the retention settings and policies of the respective service providers (e.g., Google Analytics), or until consent is withdrawn.

Communication Data

Email correspondence and customer support interactions are retained for as long as necessary to handle the request and for documentation purposes.

Security of Processing

Magyar Iskola Kft. implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.

Such measures include, in particular:

  • access controls ensuring that personal data is accessible only to authorised personnel on a need-to-know basis;

  • the use of password-protected systems and secure authentication methods;

  • secure cloud-based platforms provided by reputable service providers;

  • regular review of access rights;

  • data processing agreements with contracted service providers;

  • internal data protection policies and confidentiality obligations applicable to staff and teachers.

Where personal data is processed through external service providers, the security measures implemented by those providers are governed by their applicable data protection and security policies.

Magyar Iskola Kft. takes reasonable steps to protect personal data against unauthorised access, accidental loss, destruction or damage. However, no method of electronic storage or transmission over the internet can be guaranteed to be completely secure.

In the event of a personal data breach, Magyar Iskola Kft. follows the procedures required under Articles 33 and 34 of the GDPR.

Data Subject Rights

Data subjects have the following rights under the GDPR:

 

Right of Access

You have the right to request confirmation as to whether we process your personal data and, if so, to obtain access to such data and information about the processing.

Right to Rectification

You have the right to request correction of inaccurate personal data and completion of incomplete data.

Right to Erasure (“Right to be Forgotten”)

You may request deletion of your personal data where:

  • the data is no longer necessary for the purposes for which it was collected;

  • you withdraw consent and there is no other legal basis for processing;

  • the data has been unlawfully processed.

Please note that certain data may not be deleted where retention is required by law (e.g., accounting or adult education legislation).

Right to Restriction of Processing

You may request restriction of processing in certain circumstances, such as where the accuracy of the data is contested or the processing is unlawful but you oppose deletion.

Right to Data Portability

Where processing is based on contract or consent and carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit that data to another controller.

Right to Object

Where processing is based on legitimate interest, you have the right to object to such processing on grounds relating to your particular situation.

Right to Withdraw Consent

Where processing is based on consent (e.g., optional voice recordings or marketing communications), you may withdraw your consent at any time.

Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

Automated Processing

Although certain services involve automated analysis (e.g., AI-supported language evaluation), no decisions producing legal or similarly significant effects are made solely on the basis of automated processing. Such processing does not constitute automated decision-making within the meaning of Article 22 GDPR.

Right to Lodge a Complaint

If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) or with the supervisory authority in your country of residence.

 

Contact details:
Hungarian National Authority for Data Protection and Freedom of Information (NAIH)
Website: https://naih.hu

How to Exercise Your Rights

You may exercise your data protection rights by contacting us using the following details:

  • By post: Magyar Iskola Kft., 1052 Budapest, Petőfi Sándor u. 11.

  • By telephone: +36 20 424 1012

  • By email: info@hlschool.hu

We will respond to your request without undue delay and in any event within one month of receipt, in accordance with Article 12 of the GDPR. We may request verification of identity before fulfilling a request.

Modification of the Privacy Notice

Magyar Iskola Kft. reserves the right to modify or update this Privacy Notice where necessary to reflect changes in our data processing practices or applicable legal requirements.

Any material changes will be communicated through our website or by other appropriate means.

bottom of page