Privacy Policy

of the International Christian School of Budapest

according to the European Union's General Data Protection Regulation (GDPR)

The International Christian School of Budapest (ICSB) is committed to the protection of personal data. We process the personal data of our former, current, and prospective staff members, students, and students' family members in accordance with current data privacy policies set forth by the European Union's General Data Protection Regulation.

What is the General Data Protection Regulation (GDPR)?

European privacy law is designed to protect individuals from having personal and private information shared, stolen, or sold to others by businesses or institutions without knowledge or consent. While many countries around the world have created their own data privacy policies, GDPR (General Data Protection Regulation) is the one that all 27 countries of the European Union use.

Data Controller

Nemzetközi Alapítvány a Keresztyén Kultúráért, Oktatásért Magyarországon
Registered office: 2049 Diósd, Ifjúság út 11.
Registration number: 01-01-005300
Represented by: Kristi Joy Hiltibran

Data Protection Officer

Ms. Ildikó Tabajdi

If you wish to exercise your rights set below or to request further information about ICSB’s processing of your personal data, please contact the data protection officer via email.

7 Principles of GDPR that Form the Core of European Privacy Law

Lawfulness, Fairness & Transparency

We only collect personal data when it is legal to do so, and we will be transparent as to what we are collecting and how we will use it.

Purpose Limitation

We only collect personal data for legitimate purposes, including purposes that are required by law, will help the individual be a part of ICSB and/or are necessary to the function of the school.

Data Minimization

We do not collect and store more personal data or keep data longer than is necessary.

Accuracy

We will work to keep people’s personal data accurate and up to date. Individuals can request that errors be corrected, and errors will be corrected in a timely manner.

Storage Limitation

Each kind of personal data will have an expiration date, and processes will be in place and followed to make sure data past its expiration date is expunged from the system.

Integrity and Confidentiality

We will be careful to guard collected data so that it is not mishandled, accidentally lost, or compromised.

Accountability

We are all accountable to follow these principles and best practices in order to comply with GDPR and protect the privacy of the staff, students, and families whom we serve.

Legal Rights Related to Personal Data Processing

Right to Transparent Information

Before and during the data processing, staff members, students, and families have the right to receive information about the data processed and the processing of data, including this notice.

Right to Access

Staff members, students, and families have the right to receive feedback from ICSB as to whether their personal data is being processed, and if so, they may receive access it.

Rectification

The personal data of a staff member, student or family will be accurate; if not, they have the right to have it corrected at any time and without delay.

Right to Erasure

Staff members, students, and families have the right to have their personal data removed (erased) from the system if the data is no longer necessary for the purposes for which it was collected, or there is no longer any legal grounds for ICSB to retain your data, or if they wish to withdraw consent.

Right to Restriction of Processing

Staff members, students, and families have the right to request the school to restrict the processing of their data, under certain legal conditions.

Right to Object

Staff members, students, and families have the right to object at any time to the processing of their personal data for reasons related to his/her own situation, under certain legal conditions.

Right to Data Portability

When a staff member, student, or family leaves ICSB, they may choose to take a copy of their personal data with them.

Right of Withdrawal

Staff members, students, and families shall have the right to withdraw his or her consent at any time.

Right of Appeal

You have the right to file a complaint with the competent supervisory authority and before the competent courts in relation to processing of your personal data.

Supervisory Authority: Nemzeti Adatvédelmi és Információszabadság Hatósága (National Authority for Data Protection and Freedom of Information)

Address: 1055 Budapest, Falk Miksa utca 9-11.
Telephone number: +36/1-391-1400 Fax: +36/1-391-1410
Email: ugyfelszolgalat@naih.hu
Website: www.naih.hu

The Competent Court: Budapest Környéki Törvényszék (Budapest Regional Tribunal)

Address: 1146 Budapest, Thököly út 97-101.
Postal address: 1443 Budapest, PO Box: 175. (1443 Budapest, Pf. 175.)
Central phone: +36-1/467-6200
Email: birosag@budapestkornyekit.birosag.hu

The Data Controller will:

Inform the staff members, students, and families that a designated Data Protection Officer is available. Staff members, students, and families may exercise their rights above and/or make an observation or complaint against data processing any time, by writing to the Data Protection Officer, Ildikó Tabajdi via email or to the postal address: H-2049 Diósd, Ifjúság út 11., Hungary.

Validate the identity of the staff members, students, and families before responding to an observation or complaint (to check whether the request originates from the person entitled). Requests received from the staff members, students, and families ’s email addresses registered by the Data Controller are considered by the Data Controller to come from the Staff members, students, and families. In the case of requests received in other forms, the Data Controller is entitled to authenticate the Staff members, students, and families in another way (e.g. verbally inquire about the validity of the written request on a given telephone number, request a written confirmation of the oral request or initiate other appropriate identification).

Examine the requests received and handle them without delay, but no later than within one month, or, in exceptional cases, within a longer period permitted by law, or rejects them (with justification).

Inform the staff members, students, and families of the outcome of the decision in writing. The processing of the request is free of charge, except for unfounded or excessive requests for which the Data Controller may charge a reasonable fee corresponding to its administrative costs.

Ask the staff members, students, and families to inform the Data Controller as soon as possible of any change in their personal data as recorded. This is to ensure the accuracy, completeness and - if necessary for the purposes of data processing - actuality of the data.

ICSB’s Responsibilities Regarding Processing of Personal Data

Collection and storage of staff, students, or family’s data will be limited to that which they have agreed to (consent) or is necessary by law e.g. for employment, or for enrollment, or for the legitimate interest of the school.

The school will follow practices (see below) and policy to confidentially and securely store and retain staff, volunteer, student, and family data. Data subjects will be notified if there’s a privacy incident likely to result in a high risk to their rights and freedoms. See our Data Storage and Retention Practices for more details.

Photos and videos of the student and staff members will only be used for the yearbook, website, social media, and other promotion with individual (staff and students aged 14 and above) or parental consent (all students).

Your email contact information will be kept by the school, but you may choose to unsubscribe from school correspondence at any time after employment, enrollment, or association with the school ends.

The school will respect the privacy of staff members and will only look into personal files and correspondence if they have an actual legal concern. In which case, you will be notified and, if possible, present.

Staff, student, and parent data is also shared with certain third-party data processors for educational or operational purposes. See the list of Third-Party Companies that occasionally process the personal data of our students, staff, volunteers, and families.

ICSB collects and stores staff, student, and family personal data for security purposes through its electronic key card system as well as cameras, and sign-in sheets. Camera recordings are erased every 5 days, key card information is purged at the end of the year, and sign-in information is retained electronically until the end of the year. See the Location of Security Cameras and Viewing Angles.

The school automatically applies the following text alert at the bottom of all emails sent from the school's official email account: This email contains confidential information and personal data. Disclosure to unauthorized persons, unauthorized handling, including use, transmission and public disclosure is prohibited. If you are not the recipient of this message, please notify the sender immediately, and delete this message. Ez a levél bizalmas információkat tartalmaz, melyek felhasználása, továbbítása és nyilvánosságra hozatala tilos. Amennyiben nem Ön a levél címzettje, kérjük, haladéktalanul értesítse a levél feladóját, és törölje ezt a levelet.

Website Cookies

What are Cookies? How to Manage Cookies?

What are cookies?

A cookie is a piece of data sent to your device from a website. This means the website can recognise your device if you return to the same website. Cookies do not contain any personal information about you and cannot be used to identify an individual user. A cookie often includes a unique identifier, which is an anonymous number (randomly generated) and is stored on your device. Some expire at the end of your website session; others remain on your computer for longer.

These pieces of information are used to improve services for you through, for example:

recognising that you may already have given a username and password so you don’t need to do it for every web page requested
measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure that they are fast
analysing anonymised data to help us understand how people interact with our services so that we can make them better

How to Manage Cookies

You can manage these small files and learn more about them from the article Internet Browser cookies- what they are and how to manage them.
Learn how to remove cookies set on your device

Cookies Used on Our Website

Cookies used on this Website

There are two types of cookie you may encounter when using our website:

First party cookies: these are our own cookies, controlled by us and used to provide information about usage of our site.

Third party cookies: these are cookies found in other companies’ internet tools which we are using to enhance our site, for example Facebook or Twitter have their own cookies, which are controlled by them.

First Party Cookies

First party cookies

The ICSB website uses cookies in several places – we’ve listed each of them below with more details about why we use them and how long they will last.

Name	Typical Content	Description	Expires
CFGLOBALS	Randomly generated URL token	Set by Adobe ColdFusion to help identify a client device to enable the site to maintain user session variables.	30 years
CFID	Randomly generated number	Set by Adobe ColdFusion to help identify a client device to enable the site to maintain user session variables	5 minutes
CFTOKEN	Randomly generated number	Set by Adobe ColdFusion to help identify a client device to enable the site to maintain user session variables	5 minutes
JSESSIONID	Randomly generated	Used by sites written in JSP to maintain an anonymous user session by the server	When user exists browser

Third Party Cookies

Third party cookies

We use suppliers who may also set cookies on their websites’ on its behalf. The ICSB website does not control the dissemination of these cookies. You should check the third party websites for more information about these.

Name	Typical Content	Description	Expires
_atuvc	Randomly generated URL token	AddThis social sharing widget	2 years
_atuvs	Randomly generated number	AddThis social sharing widget	30 minutes
_ga	Randomly generated number	Google Analytics web metrics	2 years
_gat	Randomly generated number	Google Analytics web metrics	1 hour
_gid	Randomly generated number	Google Analytics web metrics	1 day

We will not use cookies to collect personally identifiable information about you.

How to Control and Delete Cookies

We will not use cookies to collect personally identifiable information about you.

However, if you wish to restrict or block the cookies which are set by our websites, or indeed any other website, you can do this through your browser settings. The ‘Help’ function within your browser should tell you how.

Alternatively, you may wish to visit aboutcookies.org which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your machine as well as more general information about cookies.

Please be aware that restricting cookies may impact on the functionality of our website.

If you wish to view a cookie's code, just open your cookie file in your browser and click on a cookie to open it. You'll see a short string of text and numbers. The numbers are your identification card, which can only be seen by the server that gave you the cookie.

For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.

To opt-out of third-parties collecting any data about your interaction on our website, please refer to their websites for further information.