Privacy Policy
Registered office: 1054 Budapest, Bajcsy-Zsilinszky út 58. 2. em. 1., Hungary
Company registration number: 01-09-334831
Court of registration: Company Registry Court of the Budapest-Capital Regional Court
Tax number: 26608206-1-41
Represented by: Zoltán Deli
Effective: 21 May 2026
In establishing the provisions of this notice, our Company has paid particular attention to Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation, hereinafter: „GDPR"), Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: „Infotv."), Act V of 2013 on the Civil Code (hereinafter: „Civil Code"), Act C of 2000 on Accounting (hereinafter: „Accounting Act"), Act CXXVII of 2007 on Value Added Tax (hereinafter: „VAT Act"), and Act LXXVII of 2013 on Adult Education.
Introduction
Data protection is of paramount importance to our business, and we wish to act openly and transparently when processing your personal data.
Who processes your personal data?
The Hungarian-owned Cromwell Global Media Kft. processes the personal data you provide to us, and this business is responsible for your personal data under the applicable data protection laws.
- Controller: Cromwell Global Media Kft.
- Registered office (postal address): 1054 Budapest, Bajcsy-Zsilinszky út 58. 2. em. 1., Hungary
- Email: info@cafeenglish.eu
- Phone: +36 1 987-6831
Basic concepts
To help you better understand this Privacy Notice, the definitions of certain data protection concepts as set out in the GDPR are described below.
Personal data: Any information relating to an identified or identifiable natural person (the „data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Third party: A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Recipient: A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Data subject: Any natural person identified or identifiable on the basis of any information; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as a name, an identification number, location data or an online identifier) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Consent of the data subject: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Information: Any data, signal or image that can be processed, stored or transmitted by electronic means, regardless of whether its content is subject to legal protection.
Website: The website operated by the Controller, available at https://cafeenglish.eu/.
Purpose of the data processing
Visitors may use our website without providing any personal data. However, for services requested on certain parts of the website (e.g. the „Free consultation" area) or to fulfil a request, the User may need to provide personal data.
The personal data processed
Contact details: name used, phone number and email address. For persons under 18, the contact details of the parent or legal guardian.
Billing data: billing name and address, as well as the tax number.
Other personal data to be processed under statutory requirements: natural personal identification data (name used, birth/maiden name, mother’s birth/maiden name, place and date of birth, citizenship), email address, highest level of education, and education identification number.
How do we collect your data?
Voluntary provision of data: Interested persons may voluntarily provide their name, as well as their phone number and/or email address, for the purpose of keeping in contact.
Provision of data during application or request for a quote: On the application form, we collect the contact details and the other personal data to be processed under statutory requirements.
How personal data is stored
We guarantee that we never transfer, sell or exchange your personal data with external parties for marketing purposes. Data transferred to third parties as necessary for the services provided to you (for example, courses) is used solely for the provision of the service. To protect your personal data, paper-based documents are stored locked away in a secure place, and your electronically stored data can be accessed only by staff with the appropriate authorisation. Electronically stored data can be accessed only by staff with the appropriate authorisation, thereby guaranteeing the protection of your personal data.
Processors
For the performance of certain tasks, our Company uses processors — service providers acting on our behalf and on our instructions. Processors make no independent decisions regarding the personal data processed.
Our Company typically uses processors in the following areas:
- the hosting provider of the website;
- the service ensuring email and contact communication;
- the system handling the application and contact forms;
- the online booking system of the „Free consultation" (TidyCal);
- the service provider performing invoicing.
The statistics and marketing service providers (Google Analytics, Vimeo, YouTube) are described in the separate Cookie Policy.
Apart from the processors indicated above, our Company does not transfer personal data to any other person, unless such transfer is mandatory under a legal provision or an order of an authority or a court.
Cookies
The website uses cookies and similar technologies for its operation and — where consent is given — for statistical and marketing purposes. A detailed description of these — the categories, the purposes, and how to give and withdraw consent at any time — is provided separately in our Cookie Policy.
Purposes, legal bases, scope of data processed and retention periods of the individual processing activities
Processing for contact purposes
| Scope of data processed | Name; Email address; Phone number; Other contact data provided |
|---|---|
| Purpose of processing | Keeping in contact with the data subject. |
| Legal basis for processing | Consent of the data subject (Article 6(1)(a) GDPR). |
| Duration of processing | Until consent is withdrawn. |
Processing related to the conclusion of a contract
| Scope of data processed | Name; Billing address (residential address) |
|---|---|
| Purpose of processing | Performance of the contract concluded with the data subject. |
| Legal basis for processing | Performance of the contract concluded with the data subject (Article 6(1)(b) GDPR). |
| Duration of processing | Until the limitation period of the contractual obligations expires (5 years). |
Mandatory data provision related to adult education (training provided as a free-market service)
| Scope of data processed | Family and given name, birth family and given name; Place and date of birth; Mother’s birth family and given name; Email address; Highest level of education |
|---|---|
| Purpose of processing | Fulfilment of the data provision and retention obligations under Sections 15–16 of Act LXXVII of 2013 on Adult Education. |
| Legal basis for processing | Compliance with a legal obligation (Article 6(1)(c) GDPR). |
| Duration of processing | Until the last day of the 8th year following the creation of the document. |
Your rights regarding the processing of your personal data
The right of access: you may at any time request feedback on whether the processing of your data is ongoing, what type of your data is being processed (in cases where you did not provide the data directly), to whom and where it will be transferred, how long it will be stored, etc.; that is, all information relating to your personal data, including information about the existence of automated decision-making and profiling. Upon request, you may also obtain a copy of the data.
The right to rectification: you may request the correction, within a reasonable time, of your data that has been recorded inaccurately or incompletely.
The right to erasure: you may request that your data be erased from the database within a reasonable time if it is no longer necessary for the purpose for which it was collected, if you withdraw your consent to the processing of your data, if you object to the processing of your data, or if your data has been processed unlawfully.
The right to restriction of processing: if for some reason you dispute that your data is being processed appropriately, you may restrict the use of your data until the matter is clarified.
The right to object: you may object at any time to the processing of your data, in which case the training institution may no longer process your data.
The right to data portability: upon your request, the personal data you have provided on the basis of your consent or for the performance of a contract, and which we process by automated means, will be made available to you in a structured, commonly used, machine-readable format, and — where technically feasible — will be transmitted upon your request directly to another controller designated by you.
The right to lodge a complaint: If you believe that our business processes your personal data incorrectly, please contact us. If necessary, you may lodge a complaint with the Supervisory Authority at the contact details below, and you may also exercise your right to a judicial remedy.
Contact details of the supervisory authority
Address: 1055 Budapest, Falk Miksa u. 9–11., Hungary
Phone: +36 (30) 683-5969, +36 (30) 549-6838, +36 (1) 391-1400
Email: ugyfelszolgalat@naih.hu
Postal address: 1363 Budapest, PO Box 9.