Purpose and Scope of the Policy

This Policy aims to define the data protection and data processing principles applied by Executive Services Center Kft. (hereinafter: the Company), which the Company acknowledges as binding upon itself. The Policy includes the principles regarding the handling of personal data provided by Users on the website of the Company. By providing their personal data through the website, Users consent to the full or partial processing of their personal
data as described in this Policy.

The Company formulated the provisions of this Policy with special attention to the regulations of the European Parliament and the Council (EU) 2016/679 (General Data Protection Regulation, GDPR) and the Hungarian law
on information self-determination and freedom of information (Act CXII of 2011, Infotv).

This Policy covers the following:

What personal data we collect from you and how we process it in connection with our customer relationship and the use of our website. Where we obtain these data. How we store the data. What we do with the data. To whom we transfer the data. How we consider your data protection rights. And how we comply with data protection laws.

All personal data collection, processing, and storage are carried out in compliance with applicable GDPR regulations.

The Company adheres to the following principles in its data processing activities:

We process personal data lawfully, fairly, and transparently. Personal data are only collected for specific, clear, and lawful purposes and not processed in a way incompatible with those purposes. The personal data we collect and process are adequate and relevant for the purposes of data processing and limited to what is necessary. We take all reasonable steps to ensure that the data we process are accurate and up-to-date, and we promptly delete or correct inaccurate personal data. Personal data are stored in a way that ensures the user is identifiable only for the time necessary to fulfill the purposes of the data processing. We implement appropriate technical and organizational measures to ensure the security of personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

Definitions

This Policy uses the terms defined in Article 4 of the GDPR:

Data Processing: Any operation or set of operations performed on personal data or data files, whether automated or non-automated (e.g., collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction).

Legal Basis for Data Processing: Typically, data processing is based on the consent of the individual or required by law. Consent: The voluntary, informed, and unambiguous expression of the individual's will by which they consent to the processing of their personal data for one or more specific operations.

Adequate Information: Before starting data processing, the data subject must be informed about whether the processing is based on consent or is mandatory, and they must be clearly and fully informed about all facts related to the processing (e.g., the purpose and legal basis of the processing, the identity of the data controller and data processor, the duration of the processing, and who may access the data).

Scope of Personal Data Processed

The Company processes the personal data provided by the User voluntarily and with their decision, as part of specific services recorded in the contract, for the purpose of using the service provided by the Company’s website, achievementmasteryacademy.com or achievementmastery.academy.

If the User sends an email to the Company (e.g., a message or letter), the Company records the User’s email address and processes it to the extent necessary for the provision of the service.

Use of Cookies

The Company’s website uses cookies to provide personalized service. Cookies are information files stored on the User’s computer, enabling the website to record information about the User's browsing habits (such as
preferences, settings, login assistance, personalized ads, and website performance). The cookies used by the Company’s website are secure and do not contain viruses or cause damage to your device.

Purpose and Legal Basis of Data Processing

The Company processes personal data for the operation of its Achievement Mastery Academy services, user identification, contact with Users, and ensuring the functioning of features like personalized services and statistics.

The legal basis for processing personal data is the User’s voluntary, informed consent. Users are entitled to withdraw their consent at any time, although this will not affect the legality of the processing carried out before the withdrawal.

Data Processors

In connection with the services provided through the achievementmasteryacademy.com or achievementmastery.academy websites, the Company uses external data processors, such as hosting services and other service providers. The following entities qualify as data processors:

Hosting Service Provider:

Whois Digital Pte Ltd

Headquarters: 9A Jasmine Road, Singapore 576582

Company Registration Number: 200001439H

Website: whois.com.

Phone: +65.31507504

Data Processed: First and last name, email address, password, phone number, billing name, billing address, system activity, IP address, and browser data. Purpose: Hosting the achievementmasteryacademy.com and achievementmastery.academy websites, ensuring server and network infrastructure operation, and providing email services.

Online Payment Service Providers:

Stripe Inc.:

Headquarters: 510 Townsend Street, San Francisco, CA 94103, USA.

Website: stripe.com.

Data Processed: Name, phone number, email address, billing information, and IP address.

Purpose: Online payment processing.

PayPal (Europe) S.à r.l:

Headquarters: 22-24 Bd Royal, 2449 Ville-Haute, Luxembourg.

Website: paypal.com.

Data Processed: Name, phone number, email address, billing information, and IP address.

Purpose: Online payment processing.

Newsletter Provider:

MailerLite Limited: Headquarters: Ground Floor, 71 Lower Baggot Street, Dublin 2, D02 P593, Ireland. Website: mailerlite.com. Data Processed: First and last name, email address, purchase information. Purpose: Sending marketing emails and newsletters.

Rights of the User

The User has the following rights regarding the processing of their personal data:

Right to Access: The User has the right to request access to their personal data and information about the purposes of processing, categories of processed data, recipients of the data, and the duration of storage.

Right to Rectification: The User can request the correction of inaccurate personal data or the completion of incomplete data.

Right to Erasure (Right to be Forgotten): The User may request the deletion of their personal data when it is no longer necessary for the purposes for which it was collected, or if the User withdraws their consent.

Right to Restriction of Processing: The User can request that the processing of their data be restricted under certain circumstances (e.g., if the accuracy of the data is disputed).

Right to Data Portability: The User has the right to receive their personal data in a structured, commonly used, and machine-readable format and to transfer that data to another controller.

Right to Object: The User can object to the processing of their personal data if it is processed for direct marketing purposes or based on the legitimate interests of the controller.

Right to Withdraw Consent: Users have the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Duration of Data Processing

The personal data collected will be stored for as long as it is necessary to fulfill the purposes for which it was collected. For example: The data associated with the User’s account will be stored until the account is deleted. Transaction data will be retained for the legally required period (usually 8 years) in accordance with tax and accounting laws. If the User withdraws their consent, their personal data will be erased unless there is another legal ground for continued processing (e.g., for legal claims).

Security of Data Processing

The Company takes all necessary technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. The Company ensures that data is processed securely and confidentially, preventing accidental loss or unlawful access.

All external service providers that process personal data on behalf of the Company are required to implement appropriate security measures to protect personal data.

Data Breaches

In the event of a data breach, the Company will notify the relevant supervisory authority within 72 hours, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. If the breach poses a high risk to the affected individuals, the Company will also notify the data subjects without undue delay.

Transfer of Data to Third Countries

In cases where personal data are transferred to third countries (outside the European Economic Area), the Company ensures that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission, to guarantee the protection of personal data.

Contact Information

For any questions or concerns related to data protection, Users can contact the Company at:

Executive Services Center Kft. Headquarters: 1036 Budapest, Pacsirtamező utca 67, Fsz.2. Email: [email protected] Phone: +36 30 289 6030

Additionally, Users can submit complaints regarding data processing to the National Authority for Data Protection and Freedom of Information (NAIH):

Address: 1055 Budapest, Falk Miksa utca 9-11. Postal Address: 1363 Budapest, Pf. 9. Phone: +36 1 391 1400 Email: [email protected] Website: www.naih.hu

International Data Transfers and Compliance with Global Regulations

Since Achievement Mastery Academy clients may come from various countries, the Company ensures that personal data transfers comply not only with the General Data Protection Regulation (GDPR) but also with other relevant data privacy laws, including:

California Consumer Privacy Act (CCPA) for clients in California, USA. Personal Information Protection and Electronic Documents Act (PIPEDA) for clients in Canada. Brazilian General Data Protection Law (LGPD) for clients in Brazil. Australian Privacy Act for clients in Australia. Singapore Personal Data Protection Act (PDPA) for clients in Singapore.

Cross-Border Data Transfers:

Personal data may be transferred to or processed in countries outside of the European Economic Area (EEA). In such cases, the Company will ensure appropriate safeguards are in place to protect the data in accordance with the standards required by the GDPR and other international regulations. Such safeguards may include standard contractual clauses approved by the European Commission, binding corporate rules, or other mechanisms recognized under relevant regulations. Clients will be informed if their personal data is transferred internationally and will have the option to inquire about the specific safeguards in place for these transfers.

Rights of Individuals under International Data Protection Laws

The rights provided under the GDPR are extended globally to all users wherever possible, in accordance with applicable local data protection laws.

These rights include:

Right to Access: Under the GDPR and similar international regulations, individuals have the right to request access to the personal data held by the Company. In some regions, like California (CCPA), users may request additional details about the categories and specific pieces of personal information the Company has collected.

Right to Rectification: Users have the right to request the correction of inaccurate or outdated personal data. In regions like Canada (PIPEDA), users may also request corrections or updates to ensure data accuracy.

Right to Deletion/Erasure: GDPR-compliant: Users may request the deletion of their personal data when it is no longer necessary for the purposes for which it was collected, or if they withdraw their consent. Under the CCPA, users may similarly request the deletion of their personal information, subject to certain exceptions. In Brazil (LGPD), individuals also have the right to request the deletion of data processed unlawfully or beyond the required period.

Right to Restriction of Processing: GDPR-compliant: Individuals may request that their data be restricted from further processing under certain conditions. In certain jurisdictions, users can opt out of specific data processing activities, particularly where consent is required.

Right to Data Portability: GDPR-compliant: Users can request their personal data in a structured, commonly used, and machine-readable format to transfer it to another controller. In some jurisdictions, such as Brazil (LGPD), similar data portability rights are offered.

Right to Object: GDPR-compliant: Users can object to the processing of their personal data for legitimate interests or direct marketing. CCPA provides consumers with the right to opt-out of the sale of their personal information.

Right to Withdraw Consent: GDPR-compliant: Users have the right to withdraw their consent at any time, without affecting the lawfulness of data processing conducted before the withdrawal. Similar withdrawal rights are available in many countries under respective privacy laws.

Data Processing for Marketing Purposes

Achievement Mastery Academy may process personal data for direct marketing purposes, such as sending newsletters or promotional offers, under the following conditions:

Consent: Direct marketing communications will only be sent to individuals who have expressly consented to receive them (opt-in) under GDPR, CCPA, and other applicable laws.

Opt-Out: Individuals have the right to opt-out of receiving marketing communications at any time by using the unsubscribe link provided in the emails or by contacting the Company directly.

For users protected under the CCPA, they can opt out of the sale of their personal information by contacting the Company via the provided contact information.

Handling Data Breaches

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, the Company will:

Notify the appropriate data protection authority within 72 hours of becoming aware of the breach, in accordance with the GDPR. Notify the affected individuals without undue delay if the breach is likely to result in high risks to their rights and freedoms. Document all data breaches, regardless of their impact, including the cause of the breach, the affected data, and the response measures taken.

For international clients, notification processes will comply with the applicable local regulations, such as

CCPA, PIPEDA, and LGPD.

Use of Automated Decision-Making and Profiling

Achievement Mastery Academy may use automated decision-making processes, including profiling, to improve user experience and for marketing purposes. In these cases:

Users will be informed about the use of such technology and will have the right to opt out where applicable.

Under the GDPR, individuals have the right not to be subject to a decision based solely on automated processing that significantly affects them, including profiling. Similar protections are offered under the CCPA and other international laws.

Third-Party Websites and Links

The Company's websites may contain links to third-party websites or services. The Company is not responsible for the data processing practices or content of these third-party websites. Users are encouraged to review the privacy policies of any third-party websites they visit.

Data Retention

Personal data will be retained by the Company for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, or contractual obligations.

For example:

Transactional data will be stored for a minimum period of 8 years to comply with tax and financial regulations.

User account data will be retained until the account is deleted or until the User requests the erasure of their personal data. After the expiration of the retention period, personal data will be securely deleted or anonymized.

Children’s Privacy

The services provided by Achievement Mastery Academy

are not intended for children under the age of 16, and the Company does not knowingly collect personal data from individuals under 16 years old without the consent of a parent or legal guardian. In some jurisdictions, such as California, the minimum age is 13. If the Company becomes aware that it has collected personal data from a child without the necessary consent, it will take immediate steps to delete the information.

Changes to the Data Processing Policy

The Company reserves the right to update this Data Processing Policy at any time to reflect changes in laws, regulations, or business practices. Users will be notified of any material changes through the Company's website or via email.

The latest version of this Data Processing Policy will
always be available on the achievementmasteryacademy.com and achievementmastery.academy websites.

Contact Information

For any questions, concerns, or to exercise your rights under this Data Processing Policy, please contact:

Executive Services Center Kft. Address: 1036 Budapest, Pacsirtamező utca 67, Fsz.2. Email: [email protected] Phone: +36 30 289 6030

You may also submit a complaint to the National Authority for Data Protection and Freedom of Information (NAIH) in Hungary or to the relevant data protection authority in your country.

For clients in California, please contact the California Attorney General's Office for additional assistance.