Privacy Policy

Last Updated: April 05, 2019

Data Controller

Company: Breakslow Kft. 

Headquarter: 9 Bem Street, Drégelypalánk 2646, Hungary

Mailing address, complaint handling: 9 Bem Street, Drégelypalánk 2646, Hungary

Email: hello@breakslow.hu

Phone: +36203702253

Website: https://breakslow.co/

Application: Breakslow App, Breakslow Admin App

Hosting Provider

Company: DigitalOcean, LLC

Mailing address: 101 Avenue of the Americas, 10th Floor, New York, NY 10013

Email: privacy@digitalocean.com

What kind of data Breakslow process during the operation of the website and applications?

Information about using cookies

What is a cookie?
When you visit the website the Data Controller uses so-called cookies. The cookie is an information package from letters and numbers that our website sends to your browser to save certain settings to make it easier for you to use our website and help us collect some relevant, statistical information about our visitors.

Some of the cookies do not contain personal information and are not suitable for identifíing the indivisual user, but some of them contain a unique identifier – a secret, randomly generated sequence of numbers stored on your device – to ensure your identity. The duration of each cookies is set out in the respective cookies description.

Legal background and legal basis for cookies:

The legal basis for data processing is your consent based on Article 6 (1)(a) of the EU General Data Protection Regulation.

The main features of the cookies used by the website:

Google Ads cookie When someone visits our website the visitor’s cookie ID is added to the remarketing list. Google uses cookies like NID and SID to help customize ads on Google properties, like Google Search. For example, they use such cookies to remember your most recent searches, your previous interactions with an advertiser’s ads or search results, and your visits to an advertiser’s website. This helps them to show you customized ads on Google.

Google use cookies to make advertising more engaging to users and more valuable to publishers and advertisers. Some common applications of cookies are to select advertising based on what’s relevant to a user; to improve reporting on campaign performance; and to avoid showing ads the user has already seen.

Google Analytics cookie: Google Analytics is Google’s analytics tool that helps website and app owners to understand how their visitors engage with their properties. It may use a set of cookies to collect information and report website usage statistics without personally identifying individual visitors to Google. The main cookie used by Google Analytics is the ‘_ga’ cookie.

In addition to reporting website usage statistics, Google Analytics can also be used, together with some of the advertising cookies described above, to help show more relevant ads on Google properties (like Google Search) and across the web and to measure interactions with the ads we show.

Facebook pixel (Facebook cookie): The Facebook pixel is an analytics tool that allows website’s owners to measure the effectiveness of their advertising by understanding the actions people take on their website. They can use pixel data to: Make sure their ads are being shown to the right people on Facebook. You can read the Facebook privacy policy here: https://www.facebook.com/privacy/explanation

If you do not accept the use of cookies, certain features will not be available to you. For more information about deleting cookies, please visit the following links:

Data processed for contracting

Several data process cases can be implemented in order to conclude the contract. We inform you that data process related to complaint handling and error reporting  only happens if you live with these rights.

If you are only a visitor to the website, not a registered user then only the ones described ’data process for marketing purposes’ will apply to you if you give us a contribution to data process for marketing purposes.

More details on data processing for contracting:

Contact

For example, by email, by using the Breakslow App’s ’Send feedback’ feature or by phone you ask us about our services.

Prior contact is optional, you can use our website and the Breakslow App at any time. The use of the Breakslow Admin App is only permitted for our contracted partners (Restaurants), so prior contact is essential in this case.


Managed data

The data you provided during the contact.

Duration of data management

Data will only be processed until the contact is closed.

The legal basis for data management


Your voluntary contribution you give to Data Controller through contact. [data processing based on Article 6 (1)(a) of the EU General Data Protection Regulation.]

Registration on the website and apps

By storing the data provided during the registration, the Data Controller can provide a more convenient service (e.g. recent searches in the Breakslow App) and certain services (e.g. loyalty points, Breakslow tours, add review) are only available after registration. Registration is not required for the contract ont he website, but is required to use the apps.

Managed data

During data managemant the Data Controller processes your name, email address, gender (optional), date of birth (optional) and telephone number (optional).

Duration of data management

Until your consent is withdrawn.

The legal basis for data management

Your voluntary contribution you give to Data Controller through registration. [data processing based on Article 6 (1)(a) of the EU General Data Protection Regulation.]

Processing loyalty points and tour points

Data processing activities are required to complete the contract when processing loyalty points and tour points.

Managed data

During data managemant the Data Controller processes your name, email address, gender (optional), date of birth (optional) and telephone number (optional).

If you start collecting loyalty points or tour points through the Breakslow App, data processing and data entry are essential to fulfill the contract.

Duration of data management

Data are processed for a period of 5 years under the civil law limitation period.

The legal basis for data management

Contract performance. [data processing based on Article 6 (1)(a) of the EU General Data Protection Regulation.]

Data processed for verifying the consent

When registering or subscribing to a newsletter, the IT system stores the IT data related to the contribution for future proof. 

Managed data

Date of consent and IP address of the concerned.

Duration of data management

Due to legal requirements, the consent must be verified later, so the duration of the data storage will be stored for the limitation period after the data management ceases.

The legal basis for data management

Article 7 (1) of the EU General Data Protection Regulation imposes this obligation. [data processing based on Article 6 (1)(a) of the EU General Data Protection Regulation.]

Data process for marketing purposes

Data management for newsletter sending

Managed data

During data managemant the Data Controller processes your name, email address, gender (optional), date of birth (optional) and telephone number (optional).

Duration of data management

Until your consent is withdrawn.

The legal basis for data management

Your voluntary contribution you give to Data Controller by subscribing to the newsletter. [data processing based on Article 6 (1)(a) of the EU General Data Protection Regulation.]

Data management for sending and displaying personalized ads

Managed data

During data managemant the Data Controller processes your name, email address, gender (optional), date of birth (optional) and telephone number (optional).

Duration of data management

Until your consent is withdrawn.


The legal basis for data management

Your voluntary, separate contribution you give to Data Controller during the data recording process. [data processing based on Article 6 (1)(a) of the EU General Data Protection Regulation.]

Remarketing

Data management as a remarketing activity is done through cookies.

Managed data

Data processed by cookies specified in ’Information about using cookies’.

Duration of data management

Duration of data storage for that cookie, more information is available at:

Google general cookie information: https://www.google.com/policies/technologies/types/

Google Analitycs information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=hu

Facebook information: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

The legal basis for data management

Your voluntary, separate contribution you give to Data Controller through the use of the website. [data processing based on Article 6 (1)(a) of the EU General Data Protection Regulation.]

Giveaway

The data management process takes place to manage the giveaway. 

Managed data

During data managemant the Data Controller processes your name, email address and telephone number (optional).

Duration of data management

The data will be deleted after the giveaway, except for the data of the winner, which the Data Controller is required to kepp for 8 years under the Accounting Act.

The legal basis for data management

Your voluntary, separate contribution you give to Data Controller through the use of the website. [data processing based on Article 6 (1)(a) of the EU General Data Protection Regulation.]

More data management

If the Data Controller wishes to carry out further data management, it provides prior information on the essential circumstances of the data management (the lega background and legal basis of data management, the purpose of the data management, the duration of the data management).

Inform you that the Data Controller will have to fulfill theauthority’s requests for written data. Data Controller for data transfers in accordance with Article 15 (2)-(3) Infotv. keeps records (to which authority, what personal data, on what legal basis, when the Data Controller has been forwarded) of which the Data Controller provides information on request, unless the information is excluded by law.

Use of data processor and activities related to data management

Data processing for the storage of personal data

Name of the data processor: DigitalOcean, LLC

Contact details of the data processor:

Email: privacy@digitalocean.com

Headquarters address: 101 Avenue of the Americas, 10th Floor, New York, NY 10013

The Data Processor shall store personal data on basis of a contract with the Data Controller. The Data Processor is not entitled to access personal data.

Data processing related to newsletter transmission

The name of the company operating the newsletter system: The Rocket Science Group, LLC

The address of the company operating the newsletter system: 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA

The Data Processor contributes to the transmission of newsletters ont he basis of contract with the Data Controller. In doing so, the Data Processor handles the name and email address of the person to the extent necessary to send the newsletter, and deletes it at the request of the person.

Your rights during data management

During the data management period, you are entitled to the following rights under the EU General Data Protection Regulation:

  • the right to withdraw consent
  • access to information on personal data and data management
  • the right to rectification
  • right to restriction of processing
  • the right to erasure
  • the right to object
  • right to data portability.

If you wish to exercise your rights, it entails your identification and the Data Controller must communicate with you as neccessary. Therefore, you will need  to provide personal information for identification purposes (but identification can only be based on data that the Data Controller otherwise manages about you), and your data management complaint will be available in Data Controller’s email account within the period specified in this bulletin for complaints.

Complaints about data management will be answered by Data Controller within 30 days at the latest.

The right to withdraw consent

You entitled at any time withdraw the consent for data management, in such case the provided data will be deleted from our systems. Please note that such case your loyalty points and tour points will be lost.

Access to information on personal data

You shall have the right to obtain from the controller confirmattion as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:

  • a the purposes of the processing
  • the categories of personal data concerned
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • the right to lodge a complaint with a supervisory authority
  • where the personal data are not collected from the data subject, any available information as to their source
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

The purpose of exercising the right may be to identify and verify the lawfulness of the data processing so in case of multiple information requests, the Data Controller may charge a reasonable fee based on administrative costs.

After your identification the Data Controller provides access to personal data by email. If you have a registration, you will be granted access by log in to personal account to check and manage your personal data.

Please indicate in your application whether you are requesting access to personal data or requesting information on data management.

Right to rectification

You shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to restriction of processing

You shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data. If the exact data can be determined immediately, there will be no restriction;
  • the processing is unlawful and you opposes the erasure of the personal data and requests the restriction of their use instead (for example, beause the data is important foryou to enforce a legal claim;
  • the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
  • you has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the Data Controller override those of you.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State

A data subject who has obtained restriction of processing shall be informed by the Data Controller before (at least 3 business days prior to lift) the restriction of processing is lifted.

Right to erasure – right to be forgotten

You shall have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • you withdraws consent on which the processing is based and where there is no other legal ground for the processing;
  • you objects to the processing and there are no overriding legitimate grounds for the processing;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.

Where the Data Controller has made the personal data public and is obliged for any of the above reasons to erase the personal data, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

Erasure shall not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for the establishment, exercise or defence of legal claims (e.g. if the Data Controller has a claim to you and has not yet complied with i tor if you are handling a consumer, data management complaint).

Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, including profiling based on those provisions. The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of you or for the establishment, exercise or defence of legal claims

Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Right to data portability

If the processing is carried out by automated means or based on your consent you shall have the right to receive the personal data concerning you, which you have provided to a Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data Controller to which the personal data have been provided.

Automated individual decision 

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects to you. In this cases the Data Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Data Controller, to express your point of view and to contest the decision.

The above shall not apply if the decision:

  • is necessary for entering into, or performance of, a contract between you and a Data Controller;
  • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • is based on your explicit consent.

Signing in to a privacy register

Under the provisions of the Infotv., the Data Controller had to report certain data handling to the data protection register. This reporting obligation expired on May 25, 2018.

Data security measures

The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against unavailability due to accidental destruction and damage to the technology used.

Compared to organizational and technical capabilities, the Data Controller will make every effort to ensure that its data processors take appropriate data security measures when working with your personal data.

Remedies

If, in your opinion, the Data Controller has violated any statutory provisions on data management or has not complied with any of its requests, the National Data Protection and Freedom of Information Authority may initiate an investigation procedure in order to terminate the alleged unlawful data management (mailing address: 1530 Budapest, Pf .: 5., e- mail: ugyfelszolgalat@naih.hu).

We also inform you that in case of violation of legal provisions on data management, or if the Data Controller has not complied with any of your requests, you may start a civil lawsuit against the Data Controller.

Modification of Privacy Policy

The Data Controller reserves the right to modify this Privacy Policy in a manner that does not affect the purpose and legal basis of the data management. By using the website and the apps after the entry into force, you accept the revised Privacy Policy.

 

This document contains all relevant data management information regarding the operation of the website and applications in the General Data Protection Regulation of the European Union 2016/679 (GDPR) and CXII of 2011. TV. ("Infotv.").