Privacy Policy

The purpose of the data management information

Zoltán Gábor Pelva, a natural person entrepreneur (hereinafter referred to as: Service Provider/Data Controller), wants to ensure the protection of personal data of partners and respect for the right of its customers to self-determination of information by complying with the provisions of this data management information. The service provider reserves the right to change the content of information on data management at any time, about which it will inform the affected parties in a timely manner.

Data of the Service Provider/Data Manager

Name: Zoltán Gábor Pelva e.v.
Headquarters: 1037 Budapest, Perényi út 27, building 9 FSZ. 1 door
Registration number: 43290690
Represented by: Zoltán Gábor Pelva
Email: hello@gocollegesports.com
Phone: +36 70 439 7733

Governing Laws

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) – on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, as well as Regulation 95/46/EC in force its externalization (General Data Protection Regulation, GDPR);
  • 2011. year CXII. Act – on the right to self-determination of information and freedom of information (Infotv.);
  • 2000. Act C of the year – on accounting (Accounting Law);
  • 2013. Act V – on the Civil Code (Ptk.);
  • 2017. year LIII. Act – on the prevention and prevention of money laundering and terrorist financing (Pmt.)

Interpretative provisions

    • personal data: any information relating to an identified or identifiable natural person (“data subject”); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable.
    • adata management: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise making available, coordination or connection, restriction, deletion or destruction.
    • thedata controller: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data manager or the special aspects regarding the designation of the data manager may also be determined by EU or member state law.
    • data processor: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller.
    • caddressee: is the natural or legal person, public authority, agency or any other body to whom or to which the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the handling of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management.
    • third party: the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data manager, the data processor or the persons who are the data manager or data processor were authorized to handle personal data under his direct control.
    • registry system: a file of personal data in any way – centralized, decentralized or divided according to functional or geographical aspects – which is accessible based on specific criteria.
    • data protection incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.


  • representative: the natural or legal person with a place of business or residence in the European Union and designated in writing by the data controller or data processor pursuant to Article 27, who represents the data controller or data processor in the data manager or data processor in relation to the obligations under this regulation.
  • enterprise: a natural or legal person engaged in economic activity, regardless of its legal form, including partnerships and associations engaged in regular economic activity.
  • data asset inventory: a document for assessing the scope and nature of personal data managed by the data controller.
  • technical and organizational measures: the nature, scope, circumstances and purposes of the data management, as well as the varying probability and severity of the risk posed by the data controller to the rights and freedoms of natural persons, ensuring and proving that for the purpose of personal data being handled in accordance with the GDPR. These measures are reviewed by the data controller and updated if necessary.
  • cookie: a small data file that is placed on the visitor’s computer when browsing the website, precisely in its browser software (Google Chrome, Mozilla Firefox, Microsoft Edge, etc.). these sites allow users to enable user-specific features.

General guidelines and principles

The data management guidelines applied by the data controller are in accordance with the legislation listed in point 3.

The Service Provider ensures fair and legal data management during data management, and practices data management in such a way that it is transparent for the data subjects.

The Service Provider ensures the unauthorized or illegal handling of personal data, their accidental loss, destruction or damage with appropriate technical or organizational measures.

The Data Controller carries out its data management activities according to the following principles:

  • principle of purpose limitation: the Service Provider processes personal data only for a predetermined purpose, in order to exercise a right or fulfill an obligation
  • data saving: the Service Provider does not collect or store more data than is absolutely necessary to achieve the purpose of data management.
  • accuracy: the Service Provider ensures that the processed data is accurate and complete. Inaccurate personal data will be deleted or corrected immediately.
  • limited storage: the Service Provider manages the data until the goal is achieved.
  • preliminary information: the Service Provider provides comprehensible, detailed, complete and easily accessible information about data management.

The Service Provider ensures that the information contained in the data protection information is continuously enforced, reviewed and any necessary amendments made.

Legal basis

The data processing of the data manager’s activities is primarily based on the voluntary consent of customers and employees, or on the protection of the legitimate interests of customers (players). Data subjects may withdraw their voluntary consent at any stage of data processing. If the Service Provider is required by law to transmit, manage or store data provided by informants, our customers will be notified separately.

We draw the attention of informants that if they do not provide their own personal data, the informant must obtain the consent of the data subject.

Scope of processed personal data

Personal data to be provided during application

The Service Provider only requests personal data during the free consultation on the website https://gocollegesports.com/.

These are the data:
name, e-mail address, phone number, sport

Data provided during the questionnaire:

name, place of residence (city), date of birth, details of parent or legal representative (name, e-mail, phone number), academic details (graduation year, academic average, level of English language skills), athlete details (sport, club, sports results)

Scope of data handled during the contract with the individual entrepreneur

name, address, ID number, billing name and address

Scope of personal data requested by the foreign university

Name, date of birth, contact person(s) name and contact information, school results, entrance exam results, clearinghouse ID, coach name and contact information, photographs, video materials, sports results, biographical data, height, weight, measurements/data indicating physical abilities, sports handicapping /influencing health data (sensitivity to medications, illness that prevents him from playing sports) other sports that the child plays regularly, professional athlete data (sponsorship contracts, derived income (money prizes), etc.)


The purpose of the cookie is to make the given information communication and Internet service easier and more convenient. The majority of the most commonly used Internet browsers (Chrome, Firefox, etc.) accept and enable the download and use of cookies as a default setting. By changing the browser settings, the visitor refuses or disables them, and can also delete the cookies already stored on the computer. The “help” menu item of each browser provides more information on the use of cookies.

Cookies can be distinguished based on whether they require prior consent or not. At the start of the first browsing, the website provides brief information about these and asks for the visitor’s consent, but their acceptance is not mandatory. (E.g. session cookies that help customize the user interface, as well as user-centered security cookies.)

The Service Provider does not use or allow cookies that allow third parties to collect data without the consent of the visitor/customer.

Acceptance of cookies is not mandatory, but the Service Provider does not assume responsibility if the website does not function as expected if cookies are not allowed.

Cookies used on the website:






(at most)

system cookies


does not require

is used to store user preferences

ensuring the operation of the website

1 year


does not require

is used to store user settings

ensuring the operation of the website

1 year

security cookies


does not require

web application
cookie, is used to distinguish visitors, to determine the access level, to limit access to the page

safe website operation

24 hours

facilitating use

cokie_notice< /a>_*


used for personalization, website cookie settings

note cookie management statement, improve website performance


30 days


does not require

used for personalization, recording language selection

keeping the chosen language of the website

2 years

tracking cookies
(third party)



does not require

the Google Analytics web tracking service was used to identify new sessions and visitors

when visiting the website, it is connected to the services of third parties (e.g. Google)


2 years



does not require

the Google Analytics web tracking service was used to identify new sessions and visitors

when visiting the website, it is connected to the services of third parties (e.g. Google)


2 years



does not require

the Google Analytics web tracking service was used to identify new sessions and visitors

when visiting the website, it is connected to the services of third parties (e.g. Google)


24 hours

Data related to the newsletter

The Service Provider does not deal with newsletter services, the newsletter subscription option is not available on its website (https://gocollegesports.com/).


Product sales are not carried out on the website, so we do not request related data.

Planned use and retention period of the Managed data

Name of data processingUseLegal basisRetention period
ApplicationContactArticle 6 point a) GDPR5 years
QuestionnaireSelect a universityGDPR Article 6 point a)5 years
Contractor contractCreation of contractGDPR Article 6 b)5 years
University contractachieving a scholarshipGDPR Article 6 point a)3 years

Personal data received via the Service Provider’s website (https://gocollegesports.com/) will not be forwarded, this data is only known and managed by the owner of the page for the purpose of contact/contact.

The Service Provider protects the personal data of children under the age of 16 (assignment agreement and declaration of consent as a legal basis) with enhanced protection, higher than that required by the GDPR, so it obtains the right of parental supervision over the child before sending the data for the assignment contract or to foreign educational institutions practitioner’s declaration of consent as well. The Service Provider will make every reasonable effort to verify that the consent was indeed given or authorized by the exerciser of parental custody over the child.

When providing information for the purpose of requesting consent, we especially strive to provide the information in a concise, transparent, comprehensible and easily accessible form, clearly and comprehensibly worded, if the recipient of the information is a child.

The Service Provider only enters into a data processing contract with a data processor that provides adequate guarantees that the data is processed in accordance with the requirements of the Regulation and ensuring the protection of the rights of the data subjects.

Before starting the data processing, the Service Provider makes sure that the data processor has taken the necessary technical and organizational measures for the appropriate level of data protection in the course of its daily activities.

The data processor may only use additional data processors based on the prior written permission of the Service Provider.

The data processor may not make substantive decisions regarding data management, may only process the personal data it receives according to the instructions of the Service Provider, may not process the data for its own purposes, and must store and preserve the personal data in accordance with the provisions of the Service Provider.

The Service Provider keeps a register of its data processors, which register contains the following characteristics of data processing:

  • purpose,
  • legal basis,
  • data processor data,
  • range of data to be processed,
  • characteristics of data deletion management,
  • does the data processor use an additional data processor, if so, its data.

The rights of the data subject

Right to information

The Service Provider ensures that the data subjects have easy access to information on data management. The Service Provider also ensures that the information contains information about data management in a concise, understandable form.

Right of access

The data subject is entitled to receive feedback from the Data Controller as to whether her personal data is being processed, and if such data processing is underway, she is entitled to access the personal data and the following information:

  • purpose of data management
  • categories of personal data concerned
  • recipients or categories of recipients to whom or to whom the personal data has been or will be disclosed, including in particular third-country recipients and international organizations;
  • planned period of storage of personal data;
  • the right to correct, delete or restrict data processing and to protest;
  • the right to submit a complaint to the supervisory authority;
  • information about data sources;
  • the fact of automated decision-making, including profiling, as well as comprehensible information about the applied logic and the significance of such data management and the expected consequences for the data subject.

The data controller shall provide the information within a maximum of one month from the date of submission of the request.

Right to rectification

The data subject has the right to have inaccurate personal data corrected without undue delay at the request of the data controller. Taking into account the purpose of the data management, the data subject is entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

Objection to data processing

The data subject has the right to protest at any time for reasons related to his own situation against the processing of his personal data necessary for the performance of a task carried out in the public interest or within the framework of the exercise of public authority granted to the data controller, or for the enforcement of the legitimate interests of the data controller or a third party, including profiling based on the aforementioned provisions too. In this case, the Data Controller may no longer process the personal data, unless the Data Controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are used to assert, assert or defend legal claims are connected.

The right to restrict data processing

The data subject has the right to request that the Data Controller restricts data processing if one of the following conditions is met:

  • the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the data controller to check the accuracy of the personal data;
  • the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use;
  • the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to present, enforce or defend legal claims; or
  • the data subject objected to data processing; in this case, the limitation applies to the period until it is established whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.

Right of withdrawal

The data subject has the right to withdraw her consent to the processing of her personal data at any time.

Right to erasure (right to be forgotten)

The data subject has the right to request that the Data Controller delete his personal data without undue delay. This is especially so if the data subject withdraws his consent to data processing or objects to data processing. The Data Controller must delete the data subject without delay if the personal data are no longer needed for the purpose for which they were collected, or if the personal data has been processed unlawfully. Personal data must also be deleted if it is necessary to fulfill a legal obligation prescribed by EU or member state law applicable to the Service Provider.

Data deletion cannot be initiated if data management is necessary: for the purpose of exercising the right to freedom of expression and information; for the purpose of fulfilling the obligation under the EU or Member State law applicable to the data controller requiring the processing of personal data, or for the execution of a task performed in the public interest or in the context of the exercise of public authority conferred on the data controller; affecting the field of public health, or for archival, scientific and historical research purposes or for statistical purposes, on the basis of public interest; or to submit, assert or defend legal claims.

Right to data portability

The data subject has the right to receive the personal data concerning him/her provided to the data controller in a segmented, widely used, machine-readable format, and to forward this data to another data controller.

Decision based on automated data management (including profiling).

The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have a legal effect on her or affect her to a similar extent.

Enforcement options

In the case of irregularities experienced during the handling of personal data, the data subject may lodge a complaint with the National Data Protection and Freedom of Information Authority.

Web address: http://naih.hu,
Phone number: +36 (1) 391-1400,
Postal address: 1530 Budapest, Pf.: 5.
E-mail: ugyfelszolgalat@naih.hu).

If you are a foreign citizen, you can also file a complaint with the supervisory authority of your place of residence.

In the event of a violation of their rights, the data subject may apply to the court against the data controller. The court acts out of sequence in the case.

Other provisions

We provide information on data management not listed in this information when the data is collected.

We inform our customers that the court, the prosecutor, the investigative authority, the infringement authority, the public administrative authority, the National Data Protection and Freedom of Information Authority, the Hungarian National Bank, or other bodies based on the authorization of the law, provide information, communicate data, transfer documents, or they can contact the data controller to make it available.

If the authority has indicated the exact purpose and the scope of the data, the data controller will only release personal data to the authorities to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.

Hosting provider of the operator’s website:

DotRoll Kft.
1148 Budapest, Fogarasi út 3-5.
+36 1 432 3232
+36 1 432 3231
11713005-20406563 (OTP Bank)
Company registration number: 01-09-882068
Tax number: 13962982-2-42