PRIVACY STATEMENT

The purpose of this statement is to provide you with relevant information, as well as Data-Vita Ltd.’s (hereinafter „Company”) policy of data protection and data processing. Our objective is to comply with the applicable requirements in the course of our data processing, and to ensure that our customers are assured when it comes to entrusting us with their personal data. 

Data protection is very important to us, and we wish to be transparent about how we collect and use your personal data. Please read this statement thoroughly and contact us if you have any questions or queries.

1)  Definitions 

• “Personal data”: means any information relating to an identified or identifiable natural person („data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• „Data processing”: means any operation or set of operations, performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
• „Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
• „Processor”: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
• „Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
• „Protest”: Statement by the affected person to object to the processing of his or her personal data and to request the termination of data management and the deletion of the managed data.
• „Personal data breach”: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
• „Biometric data”: means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
• „Data concerning health”: means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.

2) Principles related to data processing

Our Company follows the following principles in the processing of your data:

1. Your personal data will be processed in accordance with the provisions of this statement and the applicable laws („lawfulness, fairness”).
2. We will do everything that can be reasonably expected in order to make the processing of your personal data transparent, and we are at your service if any questions arise („transparency”).
3. We collect data for specified, explicit and legitimate purposes only and data are not further processed in a manner that is incompatible with those purposes. Data collected by us are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed („data minimization”). We make sure that data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
4. Our Company does everything it can to ensure that data are accurate and, where necessary, kept up to date; our Company takes reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay („accuracy”).
5. Data are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures („integrity and confidentiality”).

3) Purpose of processing personal data, legal base

Our Company processes data:

1. based on priorly informing you and asking your consent; we handle the data (collect and store data) only to the required extent and in every case, only for given purposes;
2. in certain cases, data processing is mandatory, and we base such data processing on regulations; if such cases occur, we inform you about it;
3. in certain cases, it is in the legal interest of our Company or of a third party to process data, for instance, for ensuring the security or the updating of our webpage or webshop.
4. we do not knowingly collect any personal data from children under the age of 18. If you are under 16, please do not provide personal information through the application. If you have a reason to believe that a child under 16 provided personal information through the application, please contact us and ask for removal of such information from our database. Parents and legal guardians are encouraged to monitor their children use of the internet and facilitate the enforcement of this data protection information by instructing their children to never give personal information without their permission through the application.

This privacy policy applies solely to information/data collected by us through our services.

4) Purpose of collecting data 

 Our company can analyze anonymous and potentially aggregated data provided by customers. Typical customer goals: understanding and improving services, developing new services, and achieving other legitimate business goals.

If you have questions about data management, you can request further information via the e-mail address info@data-vita.com or via our postal address. If possible, we will send you our answer within 1 week (but no more than 1 month) to the contact information available to you. 

5) Cookie and data – information related to our webpage 

What are the cookies?

Cookies are small text files that are placed to your computer via your browser such that the browser stores the cookies on your hard disk. The main purpose of a cookie is to identify users and possibly prepare customized web pages or to save site login information for you. The most often used browsers (Chrome, Firefox) accept and permit downloading and using cookies, yet, it depends on you whether with the help of setting the browser, you deny them, or you may even delete the cookies stored on your computer. Further information about the use of cookies is given through the Help menu of various browsers, also you may consult http://www.cookiecentral.com.

There are some cookies that may not require your prior consent. You receive information about these on your first visit to the webpage (such cookies are for example the multimedia-player, or user- centric security cookies). You get notification about those cookies which require your consent at the moment you visit the webpage – if data processing commences once you visit the webpage – and therefore, your consent is asked. It is not obligatory to accept cookies; however, the webpage may not work in the expected way.

The Use of Google Analytics and Google AdWords Programs

Google Analytics is primarily used for statistical purposes, among others, with its help the effectiveness of campaigns can be measured. With the use of this program, information can be received for example about the number of the visitors as well as the amount of time they spend using the webpage. The program recognizes the IP address of the visitor, that is how it is able to follow the visitor. Similarly, the program may recognize whether it is the first time a visitor visits the website or the visitor is recurrent on the webpage. As a result, the program can trace the path of the visitor while visiting the webpage.

Google AdWords is an advertising service for businesses wanting to display ads on Google and its advertising network. Remarketing is an AdWords feature that allows marketers to show advertisements to users that have previously visited their website. Advertising campaigns typically measure the effectiveness of ads using Google AdWords program. In this case, apart from collecting Google Analytics data, the data of Google AdWords are also collected. As informed by Google, these cookies store information which by themselves are not capable for identification. You must be informed that the setting and the use of Google Analytics and Google Remarketing programs are in full compliance with the requirements of Data Protection Authority. You may consult Google Privacy Policy for further information. However, the user may deactivate the data processing and storing of cookies at any time. You may deny cookies as described below.

How to prevent the setting of cookies?

Of course, you may use websites without any cookies being set. In your browser, you can at any time configure or completely deactivate the use of cookies depending on the various setting possibilities (Internet Explorer, Google Chrome, Mozilla Firefox, Safari). These are the links which help you set those tracking functions that you permit and those which you allow. In case you do not wish that Google Analytics would prepare a report about your visit, you may install Google’s extension program that disables cookies. This extension commands Google Analytics Javascripts (ga.js, analytics.js and dc.js) not to send visitor information to Google. If you wish to disable the activity of Analytics, visit Google Analytics Opt Out browser and install the extension to your browser. For further information on installing this extension, turn to „Help” menu of your browser. 

6) Application Data 

If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:

• Geolocation Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.
• Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device’s bluetooth, calendar, contacts, microphone, reminders, and other features. If you wish to change our access or permissions, you may do so in your device’s settings.
• Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our application(s), we may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, and information about the features of our application(s) you accessed.
• Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings. This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.

All personal data provided by you should be true, complete, and accurate. You must notify us of any changes to such personal information.

7) Data transfer

The Company can only transfer data within the framework defined by law, in case of our data processors we ensure with contractual obligations that they do not use your personal data for purposes contrary to your consent. More information located in point 9. Our company is subject to GDPR and the information act., and may only process information in accordance to them. The court, the prosecution and other authorities (e.g. police, tax office, National Data Protection and Freedom of Information Authority) can reach out to the Company about data and information provision. In these cases The Company needs to fulfill its obligation but only to an extent which is necessary.

8) Data processors 

The data controller is entitled to use a data processor to carry out its activities. The data processors cannot make an independent decision, they can only act according to their contractual obligations and received instructions from the data controller. The data controller checks the work of the data processors. The data processors are entitled to use an additional data processor only with the consent of the data controller.

Data processors used by the data controller 

DATA PROCESSING ACTIVITY RELATED TO WEBSITE SERVICE

Name of the data processor:                       Rackhost Zrt.
The seat of the data processor is:               Tisza Lajos körút 41, 6722 Szeged.
Tax number:                                                  25333572-2-06
Phone number:                                              (+36) 1 445 1200
E-Mail address:                                              info@rackhost.hu

Processing of all personal data for the proper operation of the website.

Duration of data processing and time of deletion: Until the termination of the agreement between the Service Provider and the Storage Provider, or the cancellation request towards the Storage Provider. 

DATA PROCESSORS ASSOCIATED WITH GOOGLE ANALYTICS AGGREGATE DATA ANALYSIS ACTIVITY

Name of the data processor:                       Google, Mountain View, California, United States of America
The seat of the data processor is:                Ireland, Dublin, Barrow str. 4

Data Processor uses Google Analytics service based on the contract with the Data Controller, which helps both the Data Controller and the Data Processor to get a more accurate picture of the activities of their visitors.

Name of the data processor:                       SalesAutopilot Kft.
The seat of the data processor is:               1016 Budapest, Zsolt utca 6/A. V. em.1.
Tax number:                                                  25743500-2-41
Phone number:                                              (+36) 1 490-0172
E-Mail address:                                              info@salesautopilot.hu

Processing of data for the purpose of promotion, information on updates new functions and content in the application.

Name of the data processor:                       FireBase (Google LLC)
The seat of the data processor is:               1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Tax number:                                                  770493581
Phone number:                                              (+800) 829-4933
E-Mail address:                                              privacyofficer@google.com

Provides online hosting for the mobile app.

Name of the data processor:                       RudderStack Inc.
The seat of the data processor is:                548 Market St Pmb 48141, San Francisco, California, 94104-5401, US
Phone number:                                              (+669) 292-6948
E-Mail address:                                              contact@rudderstack.com

The data collected during each follow-up is sent to the Rudderstack data platform. Identification is done with anonymous UUID, there is no logged-in user, because the app does not (currently) manage users. If the user deletes the application, a new ID is created when the application is re-downloaded. The incoming data is analyzed or used through the following other platforms/service providers:

Name of the data processor:                       AppsFlyer Inc.
The seat of the data processor is:                100 First Street, Suite 2500, San Francisco, CA, 94105, USA
Tax number:                                                   471748089
Phone number:                                              (+415) 636-94301
E-Mail address:                                              privacy@appsflyer.com

Cloud-based mobile attribution and marketing analytics tool that allows us to measure the performance of our advertising campaigns.

Name of the data processor:                       Mixpanel Inc.
The seat of the data processor is:                USA,San Francisco, One Front Street, 1 Front St 28th Floor
Tax number:                                                   270231379
Phone number:                                                (+888) 510-2370
E-Mail address:                                             support@mixpanel.com

Product analytics platform, allows us to better understand customer behavior in the application and on the website. Among other things, we measure customer activity, customer value and customer commitment. Mixpanel applies data protection standards that comply with the GDPR and allows users to control the data that Mixpanel collects about them.

9) Data safety 

Contributors and employees involved in the data management and data processing of our company are entitled to a predetermined extent – under the burden of confidentiality – to know your personal data.

We protect and secure your personal data with appropriate technical and other measures, we ensure the security and availability of the data, and we also protect them from unauthorized access, from alteration, damage or disclosure and any other unauthorized use.

Within the framework of organizational measures, we continuously train our employees. We regularly check and monitor physical access, paper-based documents are kept closed with appropriate protection. As part of technical measures, we use encryption, password protection and anti-virus software. However, we draw your attention to the fact that data transmission via the Internet is not considered completely and comprehensively safe. Our company does everything to ensure that the processes are as good as possible, but we are not able to take full responsibility for the data transfer through our website, but with strict requirements regarding the data received by our Company we comply with the security of your data to prevent illegal access.

10) Rights related to data management 

• Right to request information: Any person through provided and verified contact details has the right to request information from the organization on what legal basis, for what purpose, from what source and how long their data is treated. Upon your request, immediately, but not later than 30 days within, information must be sent to the requestor.
• Right to rectification: Any person may request any kind of data modification through the verified contact details. Actions must be taken on this request immediately, but within 30 days at most and information must be sent to the contact address provided.
• Right to erasure: Any person may request the deletion of their data through the verified contact details. Actions must be taken on this request immediately, but within 30 days at most and information must be sent to the contact address provided. The data that the organization has to store due to legal, statutory or contractual obligations to preserve commercial records, is blocked instead of deleted in order to prevent the use for other purposes.
• Right to blocking and restriction: Any person may request any kind of data modification through the verified contact details. The blocking lasts as long as the specified reason makes it necessary to store the data. Actions must be taken on this request immediately, but within 30 days at most and information must be sent to the contact address provided.
• Right to object: Any person can protest through the contact details provided against data processing. The objection must be examined as soon as possible but not later than 15 days, and a decision must be made regarding its validity and information about the decision must be sent to the contact address provided.

For your convenience, we provide you with information on:

• the data processed by us;
• the source of data processed by us;
• the purpose and the legal basis of data processing;
• the duration of the data processing or, if this is not possible, we inform about the guidelines which define the duration;
• the names, addresses of those who process the given data as well as we provide information regarding activities related to data processing;
• our measures done in case of data protection incidents, their circumstances, their effects and measures done in order to prevent such incidents;
• in case of transferring your personal data, we provide information about its legal basis as well as information about those who we transfer data to.

We provide further information upon request preferably within 1 week (but in no longer than 1 month

time). We provide further information free of charge except in case you have already had such a request in the given year. If you have already paid a fee for requesting information, we are ready to return it if we have processed your data in an unappropriated way, in an illicit way or if we had to make corrections with regard to how we processed your data. We may decline to give further information regarding data processing only if this complies with the regulations or if we provide information on legal redress or we inform you about the possibility of exercising your rights by turning to the Authorities. Our Company informs you about any amendment, locks, delete or marking made. In addition, the Company informs about data transferring except in cases when by not informing you does not violate any regulations.

In case the Company fails to fulfill your request concerning amendment, lock or deleting, we will inform you – with your consent – via email or by post within 1 week (but in no longer than 1 month time) – about the reasons for refusing your request and we further give information about the possibilities to redress and how to turn to the authorities. If you object against data processing, we will examine this within 1 week (but in no longer than 1 month time) after receiving your request and we will give further information regarding the decision in a written form. If we establish that your objection is grounded, we terminate the data processing and we inform those as well whom the data were transferred to, in order to be able for them to take steps as well.

If we prove that the data processing is done in compliance with the regulations and data processing is legally grounded, which are in priority to your interests, rights and freedom, we will object to fulfill your request concerning data processing. In case you disagree with the Company’s decision, or if we fail to keep the deadline you may turn to court within 30 days after the decision or within 30 days after the last day of the deadline. The legal proceedings are under the responsibility of the court. A foreign citizen may lodge a complaint at a temporary residence as well.

11) Your rights and your possibilities for legal redress

 Authority: National Authority for Data Protection and Freedom of Information

• Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
• Address: 1530 Budapest, Pf.: 5
• Telephone number: +36 (1) 391-1400
• Fax: +36 (1) 391-1410
• Email address: ugyfelszolgalat@naih.hu

Webpage:                          https://naih.hu/

12) Regulations to follow in case of our activities

 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

• Act CXII of 2011 on autonomous information right and on the freedom of information
• Act V of 2013 on Civil Code
• Act CVIII of 2001 on questions regarding on questions regarding e-commerce services and services related to information society
• Act C of 2003 on e-communication
• Act CLV of 1997 on consumer protection
• Act CLXV of 2013 on complaints and public notices
• Act XLVIII of 2008 on the conditions and limitations of economic advertisement activities
• Act C of 2000 on accountancy

In matters not specified in this statement, Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act CXII of 2011 on autonomous information right and on the freedom of information are the governing rules.

13) Review of privacy statement

 The present Privacy Statement shall be reviewed as necessary. Our Company reserves the right to modify the Statement. In case of modifications, we provide further information about these changes

in a manner deemed appropriate by our Company.

Last modification:

Szeged, 01.12.2023.