Xeropan International Kft.
Seat: 4028 Debrecen, Simonyi út 14.
VAT number: 26304706-2-09
Company registration number: 09-09-029639
Representative: Mile Ferenc managing director, independently, Al-Gharawi Madzsid Attila managing director, independently
Name: CodeYard Kft.
Seat: 4026 Debrecen, Mester utca 1. III. em. 6.
Email: info@codeyard.eu
Activity: Development
Name: VENGIT Kft.
Seat: 1143 Budapest, Gizella út 42-44.
Activity: Computer consultancy activities
Name: Gonda József self-employed
Seat: 4225 Debrecen, Kiserdő u. 92.
Activity: Marketing
MailChimp
c/o The Rocket Science Group, LLC
675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308
MOSS No. EU 826 477 914
Activity: newsletters
DigitalOcean, LLC
101 Avenue of the Americas, 10th Floor, New York, NY 10013
Activity: hosting service
Facebook, Inc.
1601 Willow Road Menlo Park, CA 94025
Activity: analytic and remarketing
Google LLC
1600 Amphitheatre Parkway Mountain View, CA 94043
Activity: Analitical and remarketing services
Mailgun Technologies, Inc.
535 Mission St. San Francisco, CA 94105
Processing of data relating to the users of the Xeropan© mobile application shall be made on the basis of the users’ freely given and informed consent, which shall contain the Data Subject’s explicit consent for the processing of personal data provided in the course of using the Website.
The processing of data by the Data Controller shall be made on the basis of the Data Subject’s voluntary consent pursuant to Section 5(1) Paragraph a) of Act CXII of 2011 on the right of informational self-determination and on freedom of information (hereinafter referred to as: Freedom of Information Act) and on the basis of Act CVIII of 2001 on certain issues of electronic commerce and information society services.
The Service Provider does not verify the authenticity of the personal data received. The provider of the personal data, the data subject or contracting party shall bear the exclusive responsibility for the accuracy of the data provided. The Data Subject undertakes to be the sole person using the services with the data provided. With respect to this, the Data Subject who registered the e-mail address shall bear all responsibility in relation to signing in with the data provided.
The processing of data by the Service Provider is based on the voluntarily given consent of the Data Subject, of which the Service Provider shall provide information in this paragraph, and on separate, incidental occasions.
If the Data Subject does not provide his own personal data to the Service Provider, the Data Subject shall be the one obligated to obtain the consent of the Data Subject.
a. Xeropan© website
i. The legal basis of data processing: the Data Subject’s voluntary consent pursuant to Section 5(1) Paragraph b) of the Freedom of Information Act, and section 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce and information society services.
ii. Description of processed data: The computer identifier (IP address) of the Data Subject’s computer, the browser type, the date and time of visit, the content accessed, the website from where the visitor came from, and the site which the visitor accesses after exiting the website. These data are unsuitable for the personal identification of the Data Subject, and the Data Controller, except for when it is provided by law and with the observance of conditions laid down therein, shall not take steps to identify the owner of the IP address.
iii. The purpose of data processing: statistical data analysis, fulfillment of the Service, verification of the functioning of the Service, improvement of user experience, customisation of the Service.
iv. The duration of data processing: 3650 days starting from the accessing of the website.
The html code of the Data Controller’s website available at www.xeropan.com contains links from and to third-party servers, which are independent of the Data Controller. The providers of these links are able to collect data upon direct connection to their servers.
b. Downloading of the Xeropan© mobile application (IOS and Android platforms)
i. The legal basis of data processing: the Data Subject’s voluntary consent pursuant to Section 5(1) Paragraph b) of the Freedom of Information Act
ii. Description of processed data: the unique device identifier of the Data Subject’s mobile phone, the hardware type, the operating system version number of the mobile phone, the name of the mobile phone, the e-mail address of the Data Subject (for joining with Facebook or Google), the Data Subject’s location (based on IP address). The Data Controller uses an own identification number (Player ID) as well for the identification of the Data Subject in connection with the use of the application.
iii. The purpose of data processing: statistical data analysis, fulfillment of the Service, verification of the functioning of the Service, improvement of user experience, customisation of the Service, delivering the proper Xeropan© mobile application version depending on the location of the Data Subject, prevention of abuse.
iv. The duration of data processing: until the receipt of the Data Subject’s request for deletion sent to the Data Controller. The Data Controller shall delete the data from the system within 5 working days following the receipt of the request.
c. The use of the Xeropan© mobile application
i. The legal basis of data processing: the User’s voluntary consent pursuant to Section 5(1) Paragraph b) of the Freedom of Information Act.
ii. Description of processed data: The full name of the Data Subject, his Facebook or Google identifier and/or username, e-mail address, location, gender, date of birth, profile picture or the URL of the picture, the identifier of the Data Subject’s Facebook or Google friends who have also registered in the application, the interactions of the Data Subject in connection with the Service via the log files, which can be related to the Data Subject’s Player ID, IP address or his mobile phone’s unique identification number.
iii. The purpose of data processing: statistical data analysis, fulfillment of the Service, verification of the functioning of the Service, improvement of user experience, customisation of the Service, prevention of abuse. Correspondence, electronically, providing information on the Company’s services, contractual terms and conditions and discounts. Advertisement may be sent electronically as part of the information provided.
iv. The duration of data processing: Until the receipt of the Data Subject’s request for deletion sent to the Data Controller. The Data Controller shall delete the data from the system within 5 working days following the receipt of the request.
d. Newsletter
i. The legal basis of data processing: the User’s voluntary consent pursuant to Section 5(1) Paragraph b) of the Freedom of Information Act
ii. Description of processed data: User ID, full name of Data Subject, his e-mail address, the date and time of subscription.
iii. The purpose of data processing: sending of newsletters and other advertisements, communication of current information, invitation of friends, sending of system messages and notifications regarding the use of the Service.
iv. The duration of data processing: Until the unsubscription of the Data Subject. For the analysis of the Data Subject’s interactions with the newsletter, the Service Provider uses newsletter tracking codes (mailgun, MailChimp), which provide feedback to the Service Provider if the Data Subject opened, read, or clicked on the newsletter. In the process of registration in the Xeropan© mobile application via Facebook or Google accounts, the Data Subject can subscribe to newsletters and other advertisements sent by the Data Controller. The Data Subject is entitled, at any time and at no charge, to withdraw his consent by clicking on the “Unsubscribe” link located at the bottom of the newsletter. After unsubscribing, the Data Subject will not receive any newsletters or other advertisements from the Data Controller, and the Data Controller shall delete the Data Subject’s data from the list of subscribed users.
The process:
A) I do want to receive letters.
B) I do not want to receive letters.
If the user chooses option A) I do want to receive letters:
A1.) The Service Provider enlists the email address in the PERMITTED email list (PERM). The Service Provider stores the date of subscription.
A2.) The Service Provider deletes the email address concerned from the PRL.
A3.) The invitation letter and the notifications on the validity of the invitation will be sent by the Service Provider.
A4.) Decision:
If the User choses the option B) I do not want to receive letters:
B1.) The Service Provider opens, upon the User’s clicking on the button, a webpage for unsubscribing for the User.
B2.) A remarketing code running in the webpage adds the user’s device anonymously to a remarking list to which the Service Provider sends no Google or Facebook advertisements.
B3.) The invited person must choose between the options of „refusing to give permission”:
B3.) In one case – „Not now”:
B3.) In case two - „Not now and remember this address to avoid sending letters to me in the future”:
If the User chooses neither option A) or B), then
The User will be deleted from the PRL list within 72 hours, which entails the same consequences as option B3.)1.
Legal basis for processing: the User’s voluntary consent as per Section 5 (1) b) of Infotv.
Processed data: email address
The purpose of processing: blocking e-mail invitations
Duration of processing: until the Data Subjects unsubscribes or requests for deletion.
i. The legal basis of data processing: the User’s voluntary consent pursuant to Section 5(1) Paragraph b) of the Freedom of Information Act.
ii. Description of processed data: The full name, e-mail address and other information provided voluntarily by the Data Subject.
iii. The purpose of data processing: Recording the observations and questions of the Data Subject for the development and verification of the functioning of the Service, the handling of the Data Subject’s complaints.
iv. The duration of data processing: up to 5 years commencing from the solving of the case.
Data processing not covered by this Policy shall be notified by the Data Controller upon the recording of the data.
The court, the prosecutor, the investigating authority, the misdemeanor authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, and other bodies, based on authorization conferred by law, may request the Service Provider to disclose information, transmit and disclose data, and hand over documents.
The Data Controller shall only disclose personal data to the authorities -- where the purpose and description of data has been specified -- to the extent and for the purposes necessary for the fulfillment of the objective of the request.
In the interest of the proper functioning of certain features of the Service the use of cookies may become necessary, which can also fulfill certain convenience functions for the Data Subject. Cookies set by the Data Controller can help the Data Controller to identify the computer (IP address), to track browsing data, to remember the username and the password (autocomplete). Cookies may contain information for the identification of the Data Subject (User ID), which is processed by the Data Controller in order to customise the service according to the needs and interests of the Data Subject, and to ease the Data Subject’s use to the Service. The Data Subject may disable or delete cookies in his web browser at any time and by doing so acknowledges that certain features of the Service may not function properly as a result.
The Data Controller uses the Google Ads remarketing tracking code, which uses cookies to tag Data Subjects. With the help of the remarketing tracking codes, the Data Subject will be shown ads on the websites part of the Google Display network. The aforementioned shall apply accordingly to the handling of cookies.
The Data Controller can offer the possibility to third-party advertising service providers to share advertisements during the use of the Service. These advertising service providers can place cookies on the computer and/or mobile phone of the Data Subject in order to track browsing data, viewed advertisements and to customise their services based on the interests and needs of the Data Subject. This Policy does not apply to and the Data Controller shall not be liable for the privacy practices of these third-party advertising service providers.
In better understanding the use of the services by the Data Subject -- through analysing the visitor data of the Xeropan© website and Xeropan© mobile application, and through the measurement and auditing of other analytical data -- the Data Controller is helped by third-party servers (especially Google Analytics). These third-party servers may use cookies, APIs and SDKs. This Policy does not apply to and the Data Controller shall not be liable for the privacy practices of these third-party servers. The Data Subject can find information about their privacy policies at https://www.google.com/analytics/
The data are stored at the cloud computing softwares operated by VENGIT Kft., accessible by CodeYard Kft., Gonda József, self-employed, as well as the employees of Xeropan International Kft. The Data Controller implements appropriate technical, organisational measures for the adequate safeguarding of the security of data processing, and the Data Controller provides protection in particular against:
With regard to ongoing technical developments, the Data Controller and the data processor(s) shall select data security measures that provide adequate levels of protection against the risks that arise during data processing, and, when faced with more options, shall apply the option that provides a higher level of security of personal data, except if such measure would represent a disproportionate burden for the Service Provider.
The Data Controller employs personal data security measures on a server-side and application level.
CodeYard Kft., VENGIT Kft., Gonda József e.v., Digital Ocean:
User’s identification
Family name
Given name
Facebook identification
Google identification
Date of birth
Email address
Sex
Facebook profile picture
Language
Phone’s language settings
Application user activity
List of Facebook friends
Mailchimp: Family and given name, Email addeess
Mailgun: Email address, User activity
Facebook: User’s ID, User activity
Facebook ads: Email
Google: User’s ID, User activity
Google ads: Email address
9.1. The right to information
The controller informs the Data Subject of the existence of the right to request from the Controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability.
9.2. The right of access by the data subject
The Data Subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning him are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
9.3. Right to rectification
The Data Subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him.
9.4. Right to erasure
The Data Subject has the right to obtain from the Controller the erasure of personal data concerning him without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
The erasure of data may not be requested if data processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health, or archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; for the establishment, exercise or defence of legal claims.
9.5. Right to restriction of processing
The Data Subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
Complaint may be submitted to the National Data Protection and Information Authority:
Name: National Data Protection and Information Authority
Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal addres: 1530 Budapest, Pf.: 5.
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Email: ugyfelszolgalat@naih.hu
The Data Controller reserves the right to unilaterally modify this Privacy Policy subject to prior notification of the Data Subjects through the Xeropan© website and the Xeropan© mobile platform. Following the entering into force of the modification, by continuing to use the Xeropan© website and Xeropan© mobile application, the User shall be deemed to have implicitly accepted the provisions of the modified Privacy Policy.
The Service Provider manages a Facebook profile for advertising and promoting its products and services.
Questions asked on the Service Provider’s Facebook profile does not qualify as duly submitted complaints.
The Service Provider does not process personal data that are posted by Users in the Service Provider’s Facebook page.
Visitors are subject to the Facebook’s Privacy Policy.
The Service Provider may delete, without prior notification, the user from members for
posting unlawful and offensive contents or may delete the user’s posts.
The Service Provider assumes no liability for unlawful contents or comments posted by Facebook users. The Service Provider assumes no liability for any error or malfunction related to the operation of Facebook or for problems arising from changes in the system operation.
Customer Service