Application and Website Privacy Notice Full Privacy Notice
The purpose of this short Privacy Notice (“Privacy Notice”) is to provide you basic information about how VisitBalaton365 Np. Ltd. processes your data when you use Balaton Bike 365 mobile application (“Application”) and the respective website: balatonbike365.hu (“Website”) (Application and Website collectively: “Interface”). The Privacy Notice helps you to better understand how we use your personal data and explains how we collect and use it for and with whom it is shared.
Data Controller
VisitBalaton365 Nonprofit Limited Liability Company (seat: 1011 Budapest, Szilágyi Dezső tér 1.; e-mail address: adatvedelem@balatonbike365.hu; “BB365”,„we”, our or „us”) .
Purposes and Legal Basis for Processing Your Personal Data
BB365 processes your personal data for the purposes below:
- User account registration, managing user account: the processing of your data is necessary for the execution and fulfillment of the related Application and Website Terms of Use, as a contract and to access the services of the Interface.
- Service provider application: any cycling-friendly service provider may register as a point of interest through the Website.
- Communication with service providers: you may communicate with any cycling-friendly service provider through the Interface, where we rely on your consent as a legal basis.
- Location sharing with service providers: you can share your current location with service providers for 60 minutes, so that the service provider can plan a route to your current location, where we rely on your consent as a legal basis.
- Location sharing: you can share your own location with other group members, if they also turn on location sharing. Location sharing will automatically turn off when you close the location sharing view.
- Recommend tours, tour planning: registered users may recommend touring routes to each other through the Interface.
- User statistics and recent activities: you can save your previous tours and you can make related statistics.
- Service provider and places rating: you may rate service providers and places.
- Tour group management: you can create and/or join groups through the Interface with your registered friends to organize cycling tours.
- Communication and contact: the purpose of processing your personal data is to manage your questions and inquiries to us.
- Add Places: you can add new places that are currently unavailable on the Interface.
- Newsletters, notifications and marketing communication: the purpose of processing your data is to send you updates about our services and activities.
WHAT PERSONAL DATA WE PROCESS ABOUT YOU?
For the purposes outlined above we process the data categories indicated below:
- Registration data: including your name, identification data (email address and password), Facebook/Google ID, registration confirmation code.
- User account data: including your username, user’s e-mail address, saved user activities, user group, group ID, date and time accessing the Interface, logins, profile picture, user type (general/admin), use of language, newsletter subscription (if any), code for password change and its validity date, code for e-mail address change and its validity date.
- Tour data: including saved touring routes, saved route plans.
- Location data: including the last geographical location of the user, date of last geographical location.
- POI data: including POI name, e-mail address, phone number, description details, POI location data, POI picture, details of user assessments.
- Service provider data: name, e-mail address and phone number of the Service provider (only when browsing Website), service provider rating.
- Device data: including, type of user device, the internet protocol (IP) address you use to visit our Interface and cookies, local storage and session storage data.
- Communication data: including details of your question, inquiry, comments or our communication with you.
THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
To process your personal data, we may rely on the legal bases below:
- The processing of your personal data is necessary for the performance of a contract with you under Article 6 (1) b) of the EU Regulation 679/2016 ("GDPR") (Contract).
- Your consent provided to us under the Article 6 (1) a) of the GDPR (Consent).
- The processing of your personal data is possible based on our legitimate interest under of the Article 6 (1) f) of the GDPR (Legitimate Interest).
BB365 has a legitimate interest in processing data to respond to user's questions, inquiries, and complaints, because BB365 has a legitimate interest in meeting user needs and concerns. If a user has directly contacted BB365 with a question or complaint, it is reasonable for them to expect that their data will be processed to facilitate a response.
BB365 has a legitimate interest in ranking POIs based on users’ feedback, furthermore, to provide users with the possibility to recommend new POIs through the Interface. It is our legitimate interest to provide up to date information to users relative to POIs and to improve the value of our service through the involvement of new POIs.
For more information, please contact us at adatvedelem@balatonbike365.hu.
Purpose of data processing | Categories of personal data processed | Legal Basis |
---|---|---|
User account registration, managing user account |
| Contract |
Service provider application |
| Contract |
Communication with service providers |
| Consent |
Location sharing with service providers |
| Consent |
Location sharing |
| Consent |
Recommend tours, tour planning |
| Contract |
User statistics and recent activities |
| Contract |
Service provider and places rating |
| Legitimate interest |
Managing touring group |
| Contract |
Communication and contact |
| Legitimate interest |
Add Places |
| Legitimate interest |
Newsletters, notifications and marketing communication |
| Consent |
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We may process and store your personal data as long as necessary for the performance of our services and obligations and strictly for the time necessary to achieve the purposes for which the information was obtained. We will delete your personal data when it is no longer needed.
If we process your personal data based on your consent, we will process and store your personal data until your consent is withdrawn, but in case of marketing communication not longer than two years.
Any personal data relative to any complaint or legal claim will be stored until the statute of limitations under civil laws (i.e., 5 years).
We will retain your data during your contractual with us until the statute of limitations under civil laws (i.e., 5 years). Under Hungarian laws, at least eight years statutory data retention obligation applies to personal data in accounting documents, including contracts, communication and business correspondence.
WHO MAY ACCESS TO YOUR DATA?
Within BB365 our staff with appropriate authorization may have access to your personal data on a “need-to-know” basis. We may engage other persons, third parties as data processors to provide services to us and courts, government bodies or other authorities may require us to disclose your data them. We may transfer personal data to third parties for the following reason:
- With certain third parties: we may transfer your data to external consultants (e.g., lawyers) if this is necessary for responding to legal claims. Your Location data may be transferred to cycling-friendly service providers if you have consented to this in advance. The Interface uses the services of Google Maps to visually display your location data via Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google may transfer your personal data to the USA. Google's privacy policy is available at https://policies.google.com/privacy?hl=en
- Service providers: we use externally provided IT-services and systems provided by third party vendors as a support to our internal processes.
Name of the data processor | Seat | Activity |
---|---|---|
BIG FISH Kft. | 1066 Budapest, Nyugati tér 1-2. | Website operation |
DigitalOcean, LLC | 101 Avenue of the Americas, 10th Floor, New York, NY 10013 USA | Cloud service provider |
Mailjet SAS | 13 B Rue de l'Aubrac 75012, Ile de France - Franciaország | E-mail sending and managing marketing list |
OneSignal | 2850 S Delaware St #201, San Mateo, CA 94403, United States | Messaging services |
Nitro Communications Kft. | 1036 Budapest Lajos utca 48-66. | Prize draw operation Newsletter communication B2B Aquisition and database operation Marketing automation system operation Research |
Hubspot SAS | 2 Canal Park Cambridge, MA 02141 United States | database management, sales support, management and operation of marketing lists, email sending |
- Government authorities and enforcement bodies: government authorities or enforcement bodies such as regulatory authorities, upon their request and only as required by the applicable law or to protect our rights or the safety of our customers, staff, and assets.
By way of entering into appropriate data transfer agreements based on Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC) as referred to in Article 46(5) GDPR or other adequate means, we have established that all other recipients located outside the EEA will provide an adequate level of data protection for the personal data and that appropriate technical and organizational security measures are in place to protect Personal Data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.
Please contact us via the e-mail address above if you would like to receive from us the copy of these measures that secure the adequacy of personal data transfers abroad.
YOUR RIGHTS
You are entitled to exercise your rights below:
- Right of access: You have a right to ask whether or not we have personal data about you and, if that is the case, request information on what personal data we have. We may request additional information from you for identification or for further copies requested by you, we may charge a reasonable fee based on administrative costs.
- Right to rectification: We are required to rectify inaccurate personal data, or to complete personal data that is incomplete, upon your request.
- Right to erasure (right to be forgotten): We are in some circumstances required to erase personal data on your request.
- Right to restriction of processing: We are in some circumstances required to restrict our use of personal data on request by the person concerned. In such cases, we may only use the data for certain limited purposes set out by the law.
- Right to data portability: You may have the right to receive your personal data to which we have access, in a structured, commonly used and machine-readable format and you have the right transmit those data to another data controller.
- Right to object:
You have the right to object to the processing of your personal data for any reason relating to your situation, and in this case, we may not be able to process your personal information. If you have the right to object and the exercise of this right is justified, your personal data in concern will not be further processed for the purposes of the objection. |
You can contact the Hungarian National Data Protection and Freedom of Information Authority (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH; seat: H-1055 Budapest, Falk Miksa str. 9-11.; website: www.naih.hu; phone: +36-1-391-1400; email address: ugyfelszolgalat@naih.hu; fax: +36 1 391 1410).