If You have any questions or comments, please refer to the operator of the Application: Spatium Advertising Kft. (a Hungarian company, seat:Apaczai Csere János u 11, H-1051 Budapest, Hungary) being the data controller (hereinafter referred to as “Data Controller”).
- Data Controller’s Data and Contact Information:
Company name: Spatium Advertising Kft.
Registered seat: H-1051 Budapest, Apáczai Csere J utca 11. 5. em. 512.
Company registration number: 01-09-284614
Represented by: Balázs Palotai
- Which data are requested from Users?
The Application obtains the information You provide when You download and register the Application. Registration with us is optional. However, please keep in mind that You may not be able to use some of the features offered by the Application unless You register with us.
By using this Application the User hereby may give his/her consent to Data Controller to process the following types of data for the given purposes:
The User may provide their data on the registration interface in order to be able to use the services of the Application. During registration, the following personal data must be provided (all data marked with an * must be provided):
- email address*,
- user name*,
- phone number*,
- profile picture.
In the case of an order, the following data may also be provided:
- payment information for purchase and use of the Application*.
The Data Controller declares not processing, collecting or storing any card data required for the payment and not having access to such data in any manner when the payment is made with a credit card. The payment method is provided by Adyen, in relation to data processing by the Adyen, the User may find information on the Adyen’s website and other contacts
Following registration, the system creates a User profile, containing the following data:
- User’s data provided during registration,
- transaction-related information, such as when you make purchases, respond to any offers, or download or use applications from us;
- data of the User’s previous orders:
- data of carwash (location, type, status and fee of carwash, comments)
- data of car (number plate, type, uploaded photos)
- rating of previous carwashes.
- information User enter into our system when using the Application, such as contact information ,
While using their own profile, the User may give the data which is not mandatory at registration, may modify the provided data or delete data other than those the supply of which is mandatory, may use the services of the Application, …
Making an order
In order to perform the car-wash service of the Application it is required to give the following data regarding the order (all data marked with an * must be provided):
- type of the car;
- number plate of the car;
- location of the car;
- parking time of the car.
For direct marketing purposes:
If User has agreed to opt-in User gives consent for Data Controller to use the following data for the purpose of advertising communications and marketing promotions:
- full name;
- e-mail address;
Automatically collected information
In addition, the Application may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile devices unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use the Application.
Collect precise real time location information of the device
When You visit the Application, we may use GPS technology (or other similar technology) to determine your current location in order to determine the city you are located within and display a location map with relevant advertisements. We will not share your current location with other users or partners.
If You do not want us to use your location for the purposes set forth above, you should turn off the location services for the mobile application located in your account settings or in your mobile phone settings and/or within the mobile application.
Using the function “Contact us”:
The Users may send e-mail messages through the Application to Data Controller. To send the message it is compulsory to provide the following data: name, reason and e-mail address. Replies will be sent to the provided e-mail address. If User contacts us we may keep a record of that correspondence.
- in case of written complaint:
- postal or e-mail address;
- subject and content of the complaint.
- in case of oral complaint or oral complaint by phone, if the complaint was not remedied immediately, Data Controller takes a report, which contains the following data:
- place, time, mode, subject and content of the complaint;
- unique identification number of the complaint.
- Purpose and duration of data processing
The Data Controller uses the data for the following purposes in relation to the supply of services available through the Application.
- In the course of registration on, and use of the Application (use of User profile; making an order; automatically collected information and collection of precise real time location information of the device): The purpose of data processing is to supply the services available in the Application, to manage the database related to the operation of the Application, as well as to maintain contact in order to provide Users with important information, required notices regarding the service of Application.
- In the case of registration for the direct marketing purpose: to send an electronic newsletter and promotion messages on the products, services, special offers, promotions and prize games related to the Data Controller to the e-mail address provided by the User (hereinafter jointly referred to as “Marketing promotions”). (Registration number for data processing: )
- In case of using the function “Contact Us”: The purpose of data processing is to provide information on User’s request regarding the services of the Application to the availability given by the User.
- In case of complaint handling: The purpose of data processing is to document the person of the User, the exact time and content of the complaint, and the information given by the Data Controller regarding the complaint, in order to handle and retrieve complaints received in written and oral form, by phone or by e-mail.
The Data Controller processes personal data while the purpose of data processing exists, i.e. in the case of registration in the Application, use the Application, use of “Contact Us” function and distribution of Marketing promotions until the User requests the erasure of the data or withdraws the consent to the processing of their personal data to receive Marketing promotions. Automatically collected information are retained – except if the User requests the erasure of these data – for up to 24 months and thereafter may store it in aggregate form. The personal data shall be erased immediately when the purpose of data processing ceases to exist or when requested by the User, with the exception of those data that the Data Controller must preserve for the period defined in the legal regulation requiring data processing as a statutory obligation. In order to comply with the applicable data preservation obligation, the Data Controller preserves the data of the name and address of the User indicated in the accounting document pursuant to Section 169 of Act C on Accounting for at least 8 years only for the purpose of complying with the accounting obligation.
In case of complaint handling pursuant to Section 17/B of Act CLV on Consumer Protection Data Controller shall preserve the minutes of the oral complaint, the written complaint and the response for 5 (five) years.
- Data transfer, third parties eligible for accessing personal data, data process
The Data Controller and the Data Processor employed by it are entitled to have access to personal data in compliance with the provisions of effective laws and regulations.
The data are processed by the following data processing parties, acting under the authority of the Data Controller:
We may disclose User Provided and Automatically Collected Information:
- as required by law, such as to comply with a subpoena, or similar legal process;
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
- with our trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement.
- if Spatium Advertising Kft is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of this information, as well as any choices you may have regarding this information.
Without an expressed statutory provision, the Data Controller may transfer to third parties data suitable for personal identification only with the expressed consent of the particular user.
- The legal basis
The data processing necessary for using Data Controller’s services and the Application’s functions is based on voluntary consent of the User given in the course of the use of the Application.
The User may give only his/her own personal data on the Application. If the data provided by the User is in relation to a third party, then the consent of the concerned party must be obtained by the User.
The personal data shall be processed by the Data Controller only for the duration necessary to achieve the purpose of data processing described in Section 3., or until the User requests the deletion of its data or revokes its consent to data processing.
- User’s rights connected to their processed data
You can stop all collection of information by the Application easily by uninstalling the Application. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.
Right of information
Upon the User’s request the Data Controller provides information concerning the related data, including those data which are processed by a data processor on its behalf, the sources from where the data were obtained, the purpose, grounds and duration of the data processing, the name and address of the data processor and on its activities relating to data processing, and – if the personal data of the data subject has been disclosed to third parties – the legal basis of the disclosure and the detailed list of the concerned third parties, as recipients. Information can be requested by email and by postal mail at the following address: firstname.lastname@example.org. Data Controller shall answer the received inquiry within 25 days from receiving it.
Right of rectification or erasure
The User has the right to request their personal data to be corrected (specifying the accurate data) also by e-mail sent to email@example.com or by post sent to Apaczai Csere János u 11, H-1051 Budapest, Hungary. The Data Controller shall make the correction in the records immediately and informs the data subject about it in writing.
In addition, the User may also request their data to be erased or blocked, either in part or in full, by e-mail addressed to firstname.lastname@example.org or by post sent to Apaczai Csere János u 11, H-1051 Budapest, Hungary, free of charge, without any explanation. The Data Controller shall arrange for the termination of data processing and erase the User from the records immediately after receiving the request for erasure.
Personal data shall be blocked by the Data Controller instead of erasing them if so requested by the data subject, or if there are reasonable grounds to believe that erasure could affect the legitimate interests of the data subject. Blocked personal data shall be processed only as long as the data processing purpose which prevented their erasure prevails.
If the Data Controller refuses to comply with the User’s request for rectification, blocking or erasure, the factual or legal reasons on which the decision for refusing the request for rectification, blocking or erasure is based must be communicated in writing within 25 days of receipt of the request. Where rectification, blocking or erasure is refused, the Data Controller must inform the User of the possibilities for seeking judicial remedy or for lodging a complaint with the Hungarian National Authority for Data Protection and Freedom of Information.
The Data Controller erasures User only from its direct marketing data base if the withdrawal of the consent affects exclusively the data processing for direct marketing purposes and the process of User’s data may continue to the extent of the purpose of providing the services of the Application.
The User has the right to file an objection concerning the data processing of its own data:
- if data processing or disclosure is carried out solely for the purpose of discharging the Data Controller’s legal obligation or for enforcing the rights and legitimate interests of the Data Controller, the recipient or a third party, unless processing is mandatory;
- if personal data is used or disclosed for the purposes of direct marketing, public opinion polling or scientific research; and
- in all other cases prescribed by law.
In the event of objection, the Data Controller investigates the cause of objection within the shortest time possible but no later than 15 days, adopts a decision as to the merits of the objection, and notifies the User in writing of its decision. If the User disagrees with the decision taken by the Data Controller, or if the Data Controller fails to meet the above deadline, the User has the right to turn to court within 30 days of the date of delivery of the decision or from the last day of the above deadline.
The Data Controller undertakes to ensure the security of data and to take all technical and organisational measures and put in place the procedural rules that ensure the protection of all collected, stored and processed data, as well as to prevent the destruction, unlawful use and unlawful alteration of data. The Data Controller also undertakes to call upon each third party to whom data are transferred or transmitted without the Users’ content to comply with the data security requirements.
The Data Controller shall ensure that no unauthorised persons may access, disclose, transfer, modify or delete the data processed. The processed data may be accessed only by the Data Controller and its employees, as well as Data Processor(s) employed by it, and the Data Controller shall not transfer them to any third party not authorised to have access to them.
The Data Controller shall take every possible effort to ensure that data are not accidentally damaged or destroyed. The Data Controller requires all its employees taking part in data processing activities to assume the above obligations.
The User acknowledges and accepts that in case their personal data are provided on the website or the blog, full data protection cannot be guaranteed on the internet despite the fact that the Data Controller has up-to-date security equipment to prevent any unauthorised access to data or the detection thereof. If data are accessed without authorisation or data are obtained despite our efforts, the Data Controller shall not be held liable for the obtaining of data in such a manner or for any unauthorised access to them, or for any damage occurring at the User as a consequence thereof. In addition, the User may also supply personal data to third parties who may use them for unlawful purposes and in an unlawful manner.
The Data Controller shall under no circumstances collect special data revealing racial origin or nationality, being part of an ethnic minority, political opinions and any affiliation with political parties, religious or philosophical beliefs or trade union membership, or data concerning health conditions, harmful addiction, sex life or a criminal record.
In terms of data security, it is important to always log off the website when the internet is used at a public place, from a jointly used computer. If you visit our website from your own computer, then you will remain logged in for a certain time, depending on the application. Even in such a case, you should be careful to make sure that third parties cannot have access to your computer and not being able to execute transactions in your name (subscriptions, applications, orders, etc.).
Data controller does not use the Application to knowingly solicit data from or market to children under the age of 16. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at email@example.com. We will delete such information from our files within a reasonable time.
- Remedies available relating to data processing
Data Controller makes every effort to ensure the compliance of data processing with the applicable laws. If User thinks that Data Controller does not meet the related requirements, please contact us by email or by postal mail on the following address: firstname.lastname@example.org
If User feels that his/her rights concerning personal data protection are being infringed, he/she has the right to seek remedy at the competent authorities:
- At the Hungarian National Authority for Data Protection and Freedom of Information [Nemzeti Adatvédelmi és Információszabadság Hatóság] (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.)
- at courts.
In case of electronic direct marketing messages the Hungarian National Media and Infocommunications Authority (http://nmhh.hu/; 1015 Budapest, Ostrom u. 23-25.) is entitled to act. User can find detailed rules in Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information and in Act CVIII of 2001 on Electronic Commerce and on Information Society Services.
The governing law is the Hungarian Law, with special regard to the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information.