The purpose of this privacy policy is to establish the key regulations related to the data processing activities connected to the BRACE application (hereinafter: application) operated by Logicgears Limited Liability Company, in accordance with the applicable legal provisions.
In preparing this privacy policy, the data controller has paid particular attention to the provisions of the European Parliament and Council Regulation 2016/679 (“General Data Protection Regulation” or “GDPR”), as well as Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (“Infotv.”). The data controller processes personal data in compliance with the above-mentioned laws and takes the necessary technical and organizational measures to ensure the secure processing of personal data.
This privacy policy applies exclusively to the data processing activities related to the BRACE application. Data processing activities of the controller other than those related to the application are covered by the privacy policy available on the website https://brace.hu/adatkezelesi-tajekoztato.
The data controller reserves the right to unilaterally modify this privacy policy at any time. Amendments to the privacy policy will take effect upon publication on the https://brace.hu/adatkezelesi-tajekoztato page and in the application. By logging into the application after the changes, the user accepts the provisions of the current privacy policy, and no further consent from individual users is required.
User: A natural person who is at least 18 years old and registers through the BRACE application, providing their data as part of the registration process.
Personal Datas: Any data or information through which the user can be identified, either directly or indirectly.
Special Categories of Personal Datas: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data intended to uniquely identify a natural person, health data, or data concerning a natural person’s sex life or sexual orientation, which are prohibited from processing under Article 9 (1) of the GDPR, and may only be processed under the exceptions provided in Article 9 (2) of the GDPR, particularly with the explicit consent of the data subject.
Data Processing: Any operation or set of operations performed on personal data, regardless of the process used, such as collecting, recording, organizing, structuring, storing, altering, modifying, using, retrieving, accessing, utilizing, disclosing, transmitting, distributing, or otherwise making available, publishing, coordinating, linking, restricting, deleting, or destroying personal data.
Data Controller: The entity that determines the purposes and means of data processing.
Data Processor: The entity that performs technical operations related to data processing on behalf of the data controller.
Service: The services operated and provided by the data controller.
Logicgears Korlátolt Felelősségű Társaság
Headquarters: 3332 Sirok, Nyírjes út 50.
Court of Registration: Eger Court of Registration
Company registration number: 10-09-040166
Tax number: 32299034-2-10
Email: info@logicgears.hu
Phone number: +36 20 931 2164
Website: https://logicgears.hu/
4.1. Purpose of Data Processing
The purpose of data collection, processing, and use is to operate the BRACE community-building application, which promotes and supports regular physical activity on mobile devices. This is done for the purpose of identifying users, completing the necessary registration for the application, accessing the user account, and utilizing the services provided by the application.
4.2. Categories of Data Processed
4.2.1. Personal data provided during registration
To use the BRACE application, users must provide certain data through the registration process. To create a user account, the following personal data must be provided:
Data subject: all individuals registered in the application
Processed personal datas:
– Username, name, email address, password, registration date, messages exchanged with other users (including any personal data shared in these messages), location
– Statements required for the use of the application
Purpose of data processing: enabling registration, executing technical operations, ensuring secure login to the user account, sending notifications related to system operation
Legal basis for data processing: the user’s voluntary consent, contract formation and performance pursuant to Article 6 (1)(a) and (b) of the GDPR
Data retention period: data processing lasts until the withdrawal of consent, i.e., until the deletion of the registration. The personal data provided by the user can be processed by the data controller until the user explicitly requests in writing to terminate the processing. If the user does not unsubscribe from the service or delete their registration, the data may continue to be processed until a written request for termination is submitted.
Consent for the processing of the user’s personal data must be provided on the registration form. If consent is not provided, registration and data processing will not take place. By providing an email address and other registration details (e.g., username, password), the user is responsible for ensuring that the service is accessed exclusively through the provided email and data.
In this respect, all liability related to the use of the account with the given email and/or data falls on the user who registered the email address and provided the data.
4.2.2. Additional data that users can provide for using the application
Profile picture, gender, location, age, fitness level, interests/other views, messages sent by users.
4.2.3. Newsletter
Users can subscribe to the application’s newsletter through the app, meaning they can explicitly and voluntarily consent to being contacted by the data controller with advertising offers and other communications using the contact information provided during registration.
Data subject: all individuals subscribed to the newsletter
Processed personal datas: username, email address, name, subscription date
Purpose of data processing: identification, execution of technical operations, sending advertising electronic messages to users, regular updates about the data controller’s services and related information, sending other marketing messages, personalized and promotional offers to users.
Legal basis for data processing: the user’s prior, voluntary, and explicit consent under Article 6 (1)(a) of the GDPR, and according to Section 6 (5) of Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activities.
Data retention period: data processing lasts until the withdrawal of consent, i.e., until unsubscribing. Newsletters sent by the data controller can be unsubscribed via the unsubscribe link in the emails. Personal data will be processed until the data subject requests its deletion or unsubscribes from the newsletter. Users can unsubscribe from the newsletter at any time, free of charge. In the case of unsubscribing, the data controller will delete the user’s personal data from the newsletter database.
To carry out its activities, the data controller engages the following data processors as named in this data privacy notice:
A továbbított adatok köre | Adatfeldolgozó | Az adattovábbítás célja |
Last name, first name, billing name, billing address, bank account number | Csirincsikné Donkó Beáta egyéni vállalkozó | Accounting services, fulfilling the data controller’s accounting and taxation legal obligations. |
Last name, first name, email address, encrypted password, billing name, billing address, IP address, profile picture, gender, location, age, fitness level, interests/other views, messages sent by users | ATW Internet Kft. Tax number: 13471868-2-41 Phone number: +36 1 6000 289 E-mail: info@atw.co.hu website: https://atw.hu/ | Providing hosting services. |
Last name, first name, bank account number, payment details related to the contract or bank card payments | K&H Bank Zrt. | The data controller’s account-holding bank, which performs its activities, including data processing, in compliance with applicable domestic laws and strict financial regulations. K&H Bank Zrt. Privacy policy: https://www.kh.hu/adatvedelem |
Last name, first name, billing name, billing address, bank account number, email address | Billingo Technologies Zrt. 1133 Budapest, Árbóc utca 6. I. emelet Company registration number: 01-10-140802 Tax number: 27926309-2-41 Phone number: +36 1 500 9491 E-mail: hello@billingo.hu website: https://www.billingo.hu/ | Issuing invoices, generating electronic invoices, and sending them to customers. |
The Data Controller stores the personal data specified in Section 4 in a closed, IT algorithm-protected system and manages them with closed software that is protected by IT algorithms and ensures data protection security.
The Data Controller undertakes to take all necessary and reasonable steps to safeguard the processed data from unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as from accidental destruction and damage, and from becoming inaccessible due to changes in the applied technology, both during network communication and data storage and retention.
7.1. Right to Transparent Information
You have the right to receive clear, transparent, and easily understandable information regarding the processing of your personal data and the rights you can exercise in relation to data processing. The Data Controller fulfills this obligation through this Data Processing Notice.
7.2. Right of Access
You are entitled to request information from the Data Controller, through the contact details provided in Section 8.1, about whether your personal data is being processed and, if so, to access the personal data processed by the Data Controller. This request for information may extend to the data processed, their source, the purpose, legal basis, and duration of the processing, the names and addresses of any data processors, the activities related to the data processing, and, in the case of data transfer, to whom and for what purpose your data has been or will be provided.
The personal data provided by the user related to the specific service can be viewed on the profile page of the service, but information about the processing of personal data can also be requested in writing or via email at any time.
To ensure data security requirements and protect the rights of the data subject, the Data Controller is required to verify the identity of the individual requesting access to their personal data. Therefore, the provision of information, access to data, and issuing of copies is subject to verifying the identity of the data subject.
The Data Controller considers a request for information sent by letter as valid if the data subject or the person exercising the right of access is clearly identifiable from the request. Requests sent by email will be considered valid only if sent from the registered email address, but this does not preclude the Data Controller from verifying the identity of the requester through other means before providing information.
7.3. Right to Rectification
You may request, through the contact details provided in Section 8.1, that the Data Controller rectify any inaccurate personal data concerning you without undue delay, and you are also entitled to request the completion of any incomplete personal data.
The personal data provided by the user related to the specific service can be modified on the profile page of the service. Once the request for personal data modification has been fulfilled, the previous (deleted) data cannot be restored.
7.4. Right to Restrict Processing
You may request that the Data Controller restrict the processing of your personal data by clearly marking the restricted nature of the data and ensuring separate processing from other data, under the following circumstances:
– You contest the accuracy of your personal data, in which case the Data Controller will restrict the processing for the period necessary to verify the accuracy of the personal data;
– The processing is unlawful, and you oppose the deletion of the data, requesting instead the restriction of their use;
– The Data Controller no longer needs the personal data for processing purposes, but you require them for the establishment, exercise, or defense of legal claims;
– You have objected to the processing, and the restriction applies until it is determined whether the Data Controller’s legitimate grounds override yours.
7.5. Right to Object
You have the right, at any time, to object to the processing of your personal data on grounds related to your particular situation, if the processing is based on the Data Controller’s legitimate interests. In this case, the Data Controller may no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
If the personal data is processed for direct marketing purposes, you may object at any time to the processing of your personal data for such marketing, including profiling related to direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
7.6. Right to Erasure (Right to be Forgotten)
You may request the erasure of your personal data processed by the Data Controller through the contact details provided in Section 8.1. Erasure may be refused where processing is necessary for exercising the right of freedom of expression and information or where personal data must be processed pursuant to a legal obligation, or for the establishment, exercise, or defense of legal claims. Once a request for erasure has been fulfilled, previously deleted data cannot be restored.
7.7. Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to a Data Controller, in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another Data Controller without hindrance from the original Data Controller, where the processing is based on consent or contract and the processing is carried out by automated means.
7.8. Right to Legal Remedies
If you believe that the Data Controller has violated the applicable data protection regulations while processing your personal data, you can lodge a complaint with the National Authority for Data Protection and Freedom of Information or seek judicial redress. Courts will handle such cases with priority.
8.1. Exercise of Data Subject Rights, Submitting Complaints or Other Claims
Any inquiries or comments related to data processing can be addressed to the Data Controller through the following contact details:
By post: 3300 Eger, Berva-völgy 28.
By email: ugyfelszolgalat@brace.hu
By phone: +36 20 425 1272.
The Data Controller is required to respond to requests regarding the exercise of data subject rights within one month of receipt, which may be extended by two months depending on the complexity and number of requests. The Data Controller will notify the data subject of any extension within one month of receipt, along with the reasons for the delay. The Data Controller will provide information through the same channel used by the data subject to submit their request.
8.2. Data Protection Authority Procedure
Data protection authority procedures can be initiated with the National Authority for Data Protection and Freedom of Information to terminate the alleged unlawful data processing.
National Authority for Data Protection and Freedom of Information
Headquarters: 1055 Budapest, Falk Miksa utca 9-11,
Postal address: 1363 Budapest, Pf.: 9.
Phone: +36 (30) 683-5969, +36 (30) 549-6838, +36 (1) 391 1400,
Fax: +36 (1) 391-1410
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
8.3. Right to Legal Action
In case of violation of data protection regulations, or if the Data Controller has failed to comply with a request concerning data processing, civil action can be initiated against the Data Controller at the competent court (https://birosag.hu/torvenyszekek). The lawsuit may also be filed with the court of the data subject’s residence or habitual domicile.
