Full policy

 Please note that by continuing, you are not giving consent to data processing. The processing of your personal data as a registered user is based on legitimate interests, and is necessary for the operation of the Moodle platform (GDPR Art. 6(1) (f)). Your click below only acknowledges that you have read and understood this Privacy Notice. Any processing that requires your consent (e.g. optional profile fields or marketing) is always collected separately and remains fully optional.

Last updated: 23 January 2026

Version: 1.

 

CSCF & Partners Kft.

Privacy Notice (Registered Users)

Self-hosted Moodle E-learning Courses

 

CSCF & Partners Kft. (hereinafter referred as: “Our Company”, "we", "us", "our”) is part of the CSCF Sport Integrity Group which includes Stichting CSCF – Foundation for Sport Integrity. We provide self-hosted Moodle-based e-learning services. This Privacy Notice explains how we collect, use, share, and protect personal data of registered users who create an account and enroll in our courses.

For information for website visitors who do not register, please see our Privacy Notice for Visitors. For information about cookies, please see our Cookie Policy.

1. Data Controller and Contacts

Controller: CSCF & Partners Kft.,

Postal Address: H-1029 Budapest, Gyulai Pál u. 18., Hungary

Contact for privacy queries:

-       email: admin@cscfsport.com

-       Phone: +31 611880838

Data Protection Officer (if applicable): Not applicable

2. Categories of Personal Data We Process

- Account and mandatory profile data: name, email address.

- Optional profile data (provided voluntarily): e.g., city/country, organisation, role, phone (only if enabled in Moodle; not required to register).

- Education data / course activity: enrollments, learning progress, completed modules, quiz results (if applicable), course completion status, issued certificates (e.g., trainee name, course title, certificate ID/serial).

- Technical logs: login/logout time, IP address, security and system logs, device/browser metadata strictly for security and troubleshooting. 

- Cookies: strictly necessary cookies required for platform operation (e.g., MoodleSession, MoodleID1). No analytics or marketing cookies are used. Details in the Cookie Policy.

Optional Profile Data

In addition to your name and email (required to create and use your account), you may voluntarily provide additional profile information (e.g., city/country, organisation, role, phone). Supplying these fields is entirely optional and not required to access our courses or receive a certificate.

Purpose: We use optional profile data only to (i) personalise your experience (e.g., prefill details in certificates where applicable), (ii) facilitate relevant communications related to your learning. We do not use optional profile data for marketing or profiling.

Legal basis: Where optional profile data is provided, the legal basis is your consent {GDPR Art. 6(1)(a)}. You can update or remove optional fields at any time in your profile settings. Not providing (or later deleting) optional profile data has no impact on your access to courses or on certificate issuance.

Retention: Optional profile data follows the same retention approach described in Section 6 (contract end + 2 years), unless you delete it earlier or request erasure. After the retention period, data is deleted or anonymised as part of our administrative cycles.

How to withdraw consent: You can withdraw consent by editing your profile and clearing optional fields, or by contacting us at admin@cscfsport.com. Withdrawal does not affect the lawfulness of processing before withdrawal. 

3. Purposes and Legal Bases

We process your personal data for the following purposes:

Purpose	Legal basis	Rationale
Account creation and administration, authentication, access to the e-learning platform, enrollment management, course delivery, and issuing certificates	Legitimate interests GDPR Art. 6(1)f)	Our service is provided under contract with your organisation; we process learner data as an independent controller on the basis of our legitimate interest to operate and provide the service to contracted organisations in a proportionate manner. A balancing test has been conducted.
Platform security, fraud/misuse prevention, troubleshooting (incl. IP/logs)	Legitimate interests GDPR Art. 6(1)f)	To ensure the secure operation of the Moodle platform.
Reporting course participation/completion to our contractual partner (your organisation)	Legitimate interests GDPR Art. 6(1)f)	Our service is provided under contract with your organisation; To fulfil our contractual obligations, we have to report and update education activities.
Responding to data subject requests, dispute handling	Legal obligation GDPR Art. 6. (1) c)   Legitimate interests GDPR Art. 6(1)f)	Our service is provided under contract with your organisation; Ensuring that the data subject can exercise their rights under the GDPR in relation to the processing of personal data; Facilitating the resolution of any legal disputes arising in connection with the performance of the contract.

Where we rely on legitimate interests, we have balanced these interests against your rights and freedoms and concluded that the processing is proportionate and minimally intrusive. 

4. Recipients and Sharing

- Independent controller (contracted partner): We share name, email address, and the fact of participation/completion with your organization, located in the EU/EEA, on a quarterly basis, for the purpose of confirming participation and course completion. Your organization acts as an independent data controller and applies its own privacy notice.

- Service operations (hosting/IT): We operate a self-hosted Moodle environment within the EU/EEA.

- ELIN.hu Kft. - Hosting & domain provider (processor): We use an external hosting and domain services provider to run our self‑hosted Moodle environment. Processing is performed within the EU/EEA. Access is restricted to authorised personnel for hosting, security, backup and troubleshooting purposes only.

- Microsoft 365 (Technical Issue Reports): If you submit a Technical Issue Report via Microsoft Forms, data is processed in the Microsoft 365 environment under EU data residency and applicable safeguards (e.g., Standard Contractual Clauses where relevant).

We do not sell or otherwise disclose your data to third parties for marketing.

5. International Data Transfers

We primarily process data within the EU/EEA. If a transfer outside the EU/EEA occurs (e.g., within Microsoft 365 operations or by the hosting provider), we apply appropriate safeguards such as the Standard Contractual Clauses (SCCs) and complementary safeguards, as required by GDPR Chapter V.

6. Retention Periods

We retain personal data only as long as necessary for the purposes described above. Given that our service is provided under a contract with your organisation, we apply the following retention approach based on GDPR Art. 6(1)f) (legitimate interests) and proportionality: 

Data category	Retention period	Legal basis / rationale
User account and profile data (including optional profile fields)	until the end of the contract + 2 years, unless you request earlier erasure where applicable.	Consent – GDPR Art 6. (1) a); Legitimate interest – GDPR Art.6 (1) f); Contract performance; dispute handling
Education / Course activity data (including completion status, quiz results where applicable, and issued certificates)	until the end of the contract + 2 years,	Legitimate interest – GDPR Art.6 (1) f); Evidence participation / completion and support audits/dispute handling.
Security logs (IP, log‑in/out)	180 days	Legitimate interest – GDPR Art.6 (1) f); IT security, incident response (proportionality)
Anonymised statistics	Unlimited	GDPR not applicable as they are not personal data (Recital 26)
Technical Issue Report data (Microdoft 365)	1 year after submission	Consent – GDPR Art.6 (1) a); Legitimate interest – GDPR Art.6 (1) f); operational issue handling, website maintenance.

Deletion/anonymization is performed at least annually as part of our administrative cycles. Where required by law or in case of ongoing disputes/legal holds, certain records may be preserved beyond the periods above.  

7. Your Rights

Subject to conditions under the GDPR, you may have the right to access, rectification, erasure, restriction, objection, and data portability.

The right to access – You have the right to request Our Company for copies of your personal data. 

The right to rectification – You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete the information you believe is incomplete.

The right to erasure – You have the right to request that Our Company erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to Our Company’s processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.

We respond within one month of receipt of your request. Fees may be charged only where requests are manifestly unfounded or excessive (e.g., repetitive), as permitted by the GDPR.

To exercise your rights, contact us at: admin@cscfsport.com. You also have the right to object to processing based on our legitimate interests (Art. 21 GDPR).

8. Cookies

We use strictly necessary cookies only, required for secure login and essential functionality of the Moodle platform (e.g., MoodleSession, MoodleID1). We do not use analytics, advertising, or tracking cookies. For details, see our Cookie Policy.

9. Security

We apply appropriate technical and organisational measures (e.g., HTTPS/TLS, role-based access controls, secure configuration, regular updates) to protect personal data against unauthorised access, alteration, or loss.

10. Changes and Review

We may update this Notice to reflect legal, technical, or operational changes. The latest version is always available on this page with the “Last updated” date. We review this Notice at least annually. 

11. Complaints

If you have concerns, please contact us first at admin@cscfsport.com. Additional contact details are:

Phone: +31 611880838

Postal address: H-1029 Budapest, Gyulai Pál u. 18.

 

You also have the right to lodge a complaint with the competent supervisory authority:

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)

Address: 1055 Budapest, Falk Miksa utca 9 11.

Postal Address: 1363 Budapest, Pf.: 9.

Phone: +36 (1) 391 1400

E mail: ugyfelszolgalat@naih.hu

Web: https://www.naih.hu

Full policy

 

Last updated: 23 January 2026

Version: 1.

 

CSCF & Partners Kft.

Privacy Notice (Website Visitors)

Self-hosted Moodle E-learning Website

 

CSCF & Partners Kft. (hereinafter referred as: “Our Company”, "we", "us", "our”) is part of the CSCF Sport Integrity Group which includes Stichting CSCF – Foundation for Sport Integrity. We operate a self-hosted Moodle-based website. This Privacy Notice explains how we process personal data of visitors who browse our website without registering or enrolling in any course.

1. Data Controller and Contacts

Controller: CSCF & Partners Kft.,

Postal Address: H-1029 Budapest, Gyulai Pál u. 18., Hungary

Contact for privacy queries:

-       email: admin@cscfsport.com

-       Phone: +31 611880838

Data Protection Officer (if applicable): Not applicable

2. Scope of this Notice

This Notice applies to visitors who view publicly available pages without creating an account or enrolling in a course. If you register or enroll, please see our Privacy Notice (Registered Users).

3. Data We Process from Visitors

- Technical and usage data (server logs): IP address, date/time of access, requested pages/URLs, HTTP status codes, referrer (if provided by your browser), browser and operating system information. These data are processed automatically when you access the site and are not used to identify you personally, except where necessary for security or legal purposes.

- Cookies (strictly necessary): cookies required for basic operation and security of the Moodle platform (e.g., MoodleSession, MoodleID1). No analytics, advertising, or cross-site tracking cookies are used. See the Cookie Policy for details. 

4. Purposes and Legal Bases

We process visitor data for the following purposes:

• Ensuring the availability, security, and correct functioning of the website (e.g., session management, anti-abuse measures). - Legal basis: Legitimate interests {GDPR Art. 6(1) f)}.

• Producing aggregate, non-identifiable statistics to improve the site (e.g., uptime and performance metrics). - Legal basis: Legitimate interests {GDPR Art. 6(1) f)}.

5. Cookies and Similar Technologies

We use strictly necessary cookies only to operate the site and maintain secure sessions. We do not use analytics, advertising, or social media tracking cookies. For more details, cookie names and durations, please refer to our Cookie Policy.

6. Recipients and Sharing

Visitor data in server logs are accessed only by authorised personnel or technical service providers acting on our instructions, solely for security, troubleshooting, and maintenance. We do not sell visitor data. Data are processed within the EU/EEA; if exceptionally transferred outside the EU/EEA (e.g., incident response tools), appropriate safeguards such as Standard Contractual Clauses will apply.

Hosting & domain provider (processor): Our website is hosted by an external provider acting as a data processor, ELIN.hu Kft. Access to server‑level data (e.g., logs) is limited to authorised personnel strictly for hosting, security and maintenance.

7. Retention

- Server logs (IP, access records): retained for 180 days, then deleted or anonymised, unless longer retention is required for the investigation of specific incidents or legal obligations.

- Anonymized, aggregate statistics: retained without time limit, as they are not personal data (GDPR Recital 26).

8. Your Rights

Subject to the GDPR, you may have the right to request access, erasure, restriction, or to object to processing based on legitimate interests.

The right to access – You have the right to request Our Company for copies of your personal data.

The right to rectification – You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete the information you believe is incomplete. 

The right to erasure – You have the right to request that Our Company erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to Our Company’s processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.

Given we normally do not identify visitors, we may ask you to provide additional information to reasonably verify your request. We respond within one month. Fees may be charged only where requests are manifestly unfounded or excessive (e.g., repetitive), as permitted by the GDPR.

Contact: admin@cscfsport.com

9. Security Measures

We implement appropriate technical and organisational measures (e.g., HTTPS/TLS encryption, role-based access, system hardening, updates) to protect the website and its data against unauthorised access, loss, or misuse.

10. Links to Other Websites

Our website may contain links to external websites. This Notice applies only to our site; please refer to the privacy notices of those third-party sites.

11. Changes and Review

We may update this Notice to reflect legal, technical, or operational changes. The latest version is always available on this page with the “Last updated” date. We review this Notice at least annually.

12. Complaints

If you have concerns, please contact us first at admin@cscfsport.com. Additional contact details are:

Phone: +31 611880838

Postal address: H-1029 Budapest, Gyulai Pál u. 18.

You also have the right to lodge a complaint with the competent supervisory authority:

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)

Address: 1055 Budapest, Falk Miksa utca 9 11.

Postal Address: 1363 Budapest, Pf.: 9.

Phone: +36 (1) 391 1400

E mail: ugyfelszolgalat@naih.hu

Full policy

 

Last updated: 23 January 2026

Version: 1.0

CSCF & Partners Kft.

Cookie Policy

Self-hosted Moodle E-learning Website

 

1. What Are Cookies?

Cookies are small text files placed on your device (computer, tablet, mobile phone) when you visit a website. They are widely used to make websites function properly and securely. Some cookies are essential for technical operation and cannot be disabled.

2. How We Use Cookies

We use cookies only to ensure the secure and proper functioning of our self-hosted Moodle website. We do not use cookies for analytics, advertising, tracking, or profiling. Only strictly necessary Moodle cookies are stored on your device when accessing the site.

3. Types of Cookies We Use

Our website uses the following categories of cookies:

·        Strictly Necessary Cookies – required for the basic operation and security of the Moodle platform. These cookies do not store personally identifiable information for marketing purposes and cannot be disabled through our site.

4. Moodle Cookies Used on This Website

We use only the essential cookies set by Moodle:

·        MoodleSession – Keeps you logged in while navigating the site. It is essential for session management and security. The cookie is deleted when you close your browser.

·        MoodleID1 – Remembers your username to make login easier. It is optional and used only to improve convenience; it does not track your activity across sites.

5. Legal Basis for Using Cookies

Under the GDPR and ePrivacy rules, strictly necessary cookies do not require user consent, as they are essential for providing the online service explicitly requested by the user. Therefore, our website does not require a cookie banner with an accept/reject mechanism. A simple informational banner may be displayed for transparency. 

6. How to Manage Cookies in Your Browser

Although we only set essential cookies, you can control or delete cookies at any time through your browser settings. Most browsers allow you to:

-            View cookies stored on your device

-            Block or delete specific cookies

-            Set preferences for future cookie storage

Please note that blocking essential cookies may affect the functionality and security of the site.

7. External Links and Third-party Cookies

Our website does not use third-party cookies. If we embed external content (e.g., videos or tools), we will update this Cookie Policy accordingly. For now, all cookies originate exclusively from our Moodle installation.

8. Changes to This Cookie Policy

We may update this Cookie Policy to reflect legal, technical, or operational changes. The latest version is always available on this page with the “Last updated” date. We review this policy at least annually.

9. Contact

If you have any questions about this Cookie Policy or our data protection practices, please contact us at:

-       email: admin@cscfsport.com

-       Phone: +31 611880838