Data Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (GDPR – article 4., point 2.).
Data Subject is an identified or identifiable natural person (GDPR – article 4., point 1.).
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, anonline identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; (GDPR – article 4., point (1)).
II. General provisions
The name of the Data Controller: Day-to-day Ltd. (hereinafter as ’Data Controller’), represented by: Krisztina Somogyi, CEO
The seat, company registration number, tax number of the Data Controller: H–2421 Nagyvenyim, Nefelejcs utca 11.; Cg. 07-09-028513; tax no.: 26195041-2-07
The contact information of the Data Controller: firstname.lastname@example.org
This Policy determines that Day-to-day Ltd. on which legal basis processes the personal data which are collected from the Data Subject or which are provided to Day-to-day Ltd. by the Data Subject.
The purpose of Data Processing on the one hand is that Day-to-day Ltd. fulfills the contract concluded on the use of the website and the application, namely to support the parent-child joint activity with activity ideas; by using the functions of the application, parents make notes and store photos regarding to the activity ideas, and they have the opportunity to ask questions on child rearing from psychologist and kindergarten-teacher professionals; the further purpose is to issue the documents necessary for the conclusion and performance of the contract between Day-to-day Ltd. and Clients, to issue the invoice, and to check the authentication of the user. In addition to the above, the purpose of data processing is to keep the contact with the Client and to enforce the rights of Day-to-day Ltd. in the event of the Client’s breach of the contract. A further purpose of the data processing is to evaluate and analyze the Data Controller’s market, consumers, products and services.
The legal basis of data processing is the consent of the Data Subject.
III. External Service Providers
We engage third parties to fulfill the service. The third-party service providers (“External Service Provider”) are the follows:
- Facebook: By liking the Facebook profile of Day-to-day Ltd. (Day-to-day Kids Development), the User’s data (as indicated in the Privacy Statement of Facebook) will be available to Day-to-Day Ltd., which data may be used for targeted ads within Facebook. https://www.facebook.com/full_data_use_policy
- Instagram: By following the Instagram profile of Day-to-day Ltd. (@daytodaykids), the User’s data (as indicated in the Privacy Statement of Instagram) will be available to Day-to-Day Ltd., which data may be used for targeted ads within Instagram.
- Vimeo: The created and published videos by Day-to-day Ltd. are stored on Vimeo’s system and this system displays them on various interfaces (Username: Day-to-day Kids, Profile access: https://www.vimeo.com/daytodaykids). The Privacy Statement of Vimeo is available at the following link: https://vimeo.com/privacy
- Google Ads: Day-to-day Ltd. uses its Google Ads account for ads within the Google services. The Privacy Statement of Google Ads is available at the following link: https://policies.google.com/privacy?hl=hu&gl=hu
- Google Analytics: Day-to-day Ltd. uses its Google Analytics account for analyze the traffic data of the website and the applications. The Privacy Statement of Google Analytics is available at the following link: https://policies.google.com/privacy
- Firebase: Day-to-day Ltd. uses its Firebase account for analyze the traffic data of the applications. The Privacy Statement of Firebase is available at the following link: https://policies.google.com/privacy
- Google Play Console: Day-to-day Ltd. publishes its Android-based application through Google Play Console, and Google Play Console also provides the in-app product sales. The Privacy Statement is available at the following link: https://policies.google.com/privacy
- Google Drive: Day-to-day Ltd. uses the system of Google Drive as a file server. The Privacy Statement of the system is available at the following link: https://policies.google.com/privacy
- Dropbox: Day-to-day Ltd. uses the system of Dropbox as a file server. The Privacy Statement of the system is available at the following link: https://www.dropbox.com/privacy
- App Store: Day-to-day Ltd. publishes its IOS-based application through the App Store, and also provides the in-app product sales. The Privacy Statement is available at the following link: https://www.apple.com/legal/privacy/hu/
- Amazon Web Services: The mail system of Day-to-day Ltd. and the backend system of the application runs on the cloud-based platform of Amazon. The data protection provisions of Amazon are available at the following link: https://aws.amazon.com/compliance/data-privacy-faq/
- One Signal: Day-to-day Ltd. uses the system of One Signal for sending notification within the application. Data protection provisions of One Signal are available at the following link: https://onesignal.com/privacy_policy
- HACKY Digital Communications Kft: Hacky Digital Communications Ltd. prepares and performs the software maintenance of Day-to-day Ltd.’s the applications. Hacky operates the servers of Day-to-day Ltd. on the cloud-based platform of Amazon.
The personal data are stored in an electronic form; insight right into these data has – in addition to the above External Service Providers – for:
- the Day-to-day Ltd.’s CEO, the natural person owners and the representative of its owner
- the appointed employees of Day-to-day Ltd.
- the appointed employees of the accounting company on behalf of the Day-to-day Ltd.
- the IT partner of Day-to-day Ltd. and its appointed employees
- claim management entities on behalf of the Day-to-day Ltd.
In addition to the above, the Data Controller shall carry out the data transfer only within the limits set forth by law, and only at the request of court or authority, on the basis of the above entities or as required by law provision, and only to the extent necessary to achieve the purpose of the data request.
IV. Collected data from Data Subjects
Day-to-day Ltd. may process only such data which are essential and suitable for achieving the specific purpose of data processing. The Data Subjects make available the data processed to our Company by the registration of the website and the application or by using the services.
The scope of data processed: Name, e-mail address, password used to log-in to the application, nickname of child(ren), date of birth of child(ren), completion date of the activities, memories and notes written in the application log and the uploaded photos.
Data provided by the Data Subject: The Data Subject shall provide the data to the Data Controller by filling out forms regarding the services of Day-to-day Ltd., subscribing to the newsletter, joining to or liking the pages of the Day-to-day Ltd. community pages (including Facebook.com, Instagram.com and other sites mentioned in the “External Service Providers” section); using any application or service provided by Day-to-day Ltd. in the Apple Apps Store or in Google Play Store; and by telephone or via e-mail or any other way during the communication with the Data Controller. It also includes the information which the Data Subject provides to the Data Controller by registering for the Data Controller’s services; using or subscribing to the service; during the order of the service; on the service forums, or in other social media functions; by registering for prize game, campaign, loyalty program or research; or in a comment under a post or in a blog post or when reporting a problem.
The data provided to Day-to-day Ltd. by the Data Subject may include data which are provided upon the login by Facebook, including inter alia the User’s name, address, e-mail address and telephone number, personal description and photo, the birth year of children, zip code and preferences regarding the activities, which may be collected by the Data Controller during the use of the services of Day-to-day Ltd.
Data collected about the Data Subjects:
During each use of the services of Day-to-day Ltd., the Data Controller can automatically collects the following data, which are used for profiling: technical information, including the Internet Protocol (IP) address used by the Data Subject’s device to connect to the Internet; the login information of Data Subject; browser type and version; time zone settings; browser plug-in types and versions; operation system and platform; information about the visit of Data Subject, including the complete Uniform Resource Locator (URL); the clicks to, trough or from the Data Controller’s Service (including their date and time); the response time of the page; the time spent on each pages or in the applications; the data of the actions performed on the page (eg. scrolling pages, clicking and moving the cursor); the methods used to navigate away from the page.
We expressly draw your attention that you have the right to object to such data processing concerning your personal data for which purpose is the above mentioned, including profiling, whether with regard to initial or further processing, at any time and free of charge.
Information that the Data Controller may collect from other sources: Information that the Data Controller receives when the Data Subject uses other websites which are operated by the Data Controller, or uses other services provided by the Data Controller.
V. Duration of the Data Processing
The data processing in case of the consent given of the Data Subject shall take place until the withdrawal of the consent or until the submission of the request for erasure; during the relevant legal relationship (existence of a profile), the Day-to-day Ltd. is entitled to manage and process the data of Data Subject.
Day-to-day Ltd. may process the personal data, without the specific given consent and after the withdrawal of the Data Subject’s consent, with the purpose of the performance of relating legal obligation, and the validation of the legitimate interest of Day-to-day Ltd. or third party. The validation of the interests must be proportionate with the restriction of the right to the protection of personal data.
VI. Personal Data Disclosure
In the absence of explicit legal provision, the Data Controller can disclose the personal data – which are suitable for the identification of the Data Subject – to third parties only with the explicit given consent of the Data Subject.
VII. Personal Data Storing
The data collected about the Data Subject may not be released to or stored in outside the European Economic Area (“EEA”). The data is processed by the employees in EEA who are working to the Data Controller. This may include employees who are working with the implementation of the Data Subject’s orders, the processing of payment details, or who are providing support services. By providing your personal data, you give Your consent to the above data disclosure, data storage and data processing.
All data provided by You is stored on our secure servers: As described in detail at the part of External Service Providers, we use file server and mail system services. The data are also available through the Internet, for those who are entitled to it. The solutions of the Service Providers shall ensure the management of the folder-level permission, by this, the employees who are working at the different workspaces, do not see each other’s data. In all cases, we ensure access to the electronic folders only for the entitled person. The computers – which perform data processing – are provided with an access code and protected by a security program; the paper-based documents are stored in a closed place by the Company. The location of the storage is: 2421 Nagyvenyim, Nefelejcs utca 11.; the location of the electronic data processing is the locations which are indicated in the Privacy Policies by the External Service Providers.
Where we gave You a password (or it chosen by You) to have an access to a part of our Service, You are responsible to keep the password confidentially. Please do not share Your password with anybody.
Once we have received the data of Data Subject, we apply strict procedures and security measures to prevent any unauthorized access.
VIII. Rights of the Data Subjects
Data Subjects have the right to request that their personal data should not be processed for marketing purposes by the Data Controller. The Data Subject may exercise the right to prohibit the above data processing by marking the appropriate box on the form used for data collection. The Data Subject can exercise this right at any time by contacting the Controller at email@example.com.
The Data Subject shall be entitled to:
- request information on personal data processing
- restrict the personal data processing
- have an access to and rectify the personal data
- the data portability
- the erasure of personal data
If You want to exercise any of the above rights, please contact us at firstname.lastname@example.org.
The Data Controller shall take appropriate security measures to protect the personal data – stored in the datasets – against the unauthorized access to, alteration, transfer or disclosure of, erasure or destruction; to prevent the accidental destruction and injury; and to avoid the inaccessibility of personal data, which deriving from the changes of the technology used.
The Data Controller will rectify the personal data, if the personal data is not comply to the reality and the accurate personal data is available to our Company.
The Data Controller shall erase the Data Subject’s personal data (in the absence of other provision by law), if:
- the data processing is unlawful;
- the Data Subject requests the erasure;
- it is incomplete or erroneous – which cannot be legally remedied –, unless the erasure is excluded by law;
- the purpose of the data processing has been terminated;
- or the period for the data storage – laid down in a legal act -, has expired;
- or it is ordered by the court or the National Authority for Data Protection and Freedom of Information.
Instead of erasure, the Data Controller shall block the personal data, if it is required by the Data Subject, or according to the information available, it is presumable that the erasure of the data would infringe the lawful interests of the Data Subject. This blocked personal data may only be processed for as long as the data processing purpose, which excludes the erasure of the personal data, is exist.
The Data Controller markes the processed data, if the correctness or accuracy of the personal data is contested by the Data Subject, but the impropriety or inaccuracy of the contested personal data cannot be clearly established.
If the Data Controller does not fulfill the Data Subject’s request for rectification, blocking or erasure, the factual and legal grounds of the rejection of the rectification, blocking or erasure request must be disclosed within 15 days from the receipt of request, in writing or, if the Data Subject gave his/her consent to this, by electronic means. In case of the rejection of the rectification, blocking or erasure request, the Data Controller shall inform the Data Subject about the possibility of judicial remedy, and the possibility to turn to the National Authority for Data Protection and Freedom of Information.
Data Subject may raise an objection against the personal data processing,
- if the personal data processing or the data transfering is only necessary for the fulfillment of the legal obligation which subject is the Data Controller, or for the validation of the lawful interests of the Data Controller, the Recipient or a third party (except in the case of mandatory data processing);
- if the personal data are used or transfered for the purpose of direct marketing, poll or scientific research;
- and in any other cases set out by law.
The Data Controller shall examine the objection within the shortest possible time from the submission of the request, but not later than within 15 days, and shall make the decision on the rationality of the objection, and shall notify the applicant on the decision, in writing.
If the Data Controller establishes that the Data Subject’s objection is reasonable, the data processing – including also the further data collection and data transfer – shall be terminated and the data shall be blocked, and furthermore the Data Controller shall inform everybody about the objection and the measures on base of that objection, to whom the personal data concerning with the objection has been transferred earlier and who has an obligation to take appropriate measures for enforcement of right to object. If the Data Subject disagrees with the Data Controller’s decision made on this way, or the Data Controller fails the deadline, the Data Subject may seek to judicial remedy.
You have the right to submit a complaint against the processing of your personal data at any time by sending a written complaint to email@example.com e-mail address. If you feel that your complaint has not been responded properly or within the deadline, you may turn to the National Authority for Data Protection and Freedom of Information.
By filing a notification at the National Authority for Data Protection and Freedom of Information (seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; postal address: 1530 Budapest, Pf.: 5. telephone: +36-1-391-1400; fax: +36-1-391-1410; e-mail: firstname.lastname@example.org), anyone may initiate an investigation referring to an infringement of rights or the imminent threat of infringement, which is in connection with the personal data processing, or the right to access data of public interest and data accessible on public interest grounds.
The Data Subject may turn to the court against the Data Controller in case of the infringe of his/her Rights. The court shall hear such cases as a matter of priority. The adjudication of the lawsuit is subject to the jurisdiction of the regional court in Hungary. According to the choice of the Data Subject, the lawsuit may be initiated in front of the court where the Data Subject has a permanent place of residence or where he/she has a place of stay.
In the cases specified in article 21 of Privacy Act, the Data Subject may object against the personal data processing which concerning him/her.
IX. Access to data
The Data Subject shall have the right of access the data which are store about the Data Subject by the Data Controller. The right of access shall be exercised in accordance with the applicable laws. Any request for access must be submit to email@example.com e-mail address, and it must be accompanied by an identification document (i.e. driver’s license or passport) as proof of the identity. Upon request, the Data Controller shall provide information about the data processed by the Controller or by the authorized data processor; its’ source; the purpose, the legal base, the duration of the data processing; about the data processor’s name, address and its activities regarding the data processing; and about the legal ground and the recipient of the data transfer – in case of the personal data transfer of the Data Subject.
The Data Controller must provide the information – referred to in this section – within the shortest possible time, but not later than within 15 calendar days from the submission of the request, in writing and in a plain language. The information is free of charge if the person has not yet submitted an information request in the current year regarding the same scope of data to the Data Controller. In any other cases the service fee is HUF 2.000,- per information request occasion. The Data Controller may refuse to inform the Data Subject in the cases and in the manner set out by law.
Contact details of the Data Controller: Krisztina Somogyi (TEL: +36-30-959-06-78.; E-MAIL: firstname.lastname@example.org ).