DATA MANAGEMENT INFORMATION REGARDING THE MOBILE APPLICATION ‘INNOVATIVE EDUCATIONAL GAME’ OF MARY’S ROUTE PUBLIC BENEFIT ASSOCIATION

Mary’s Route Public Benefit Association (Hereinafter: Data Controller) undertakes to treat your personal data in a transparent and secure manner, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR) and the relevant Hungarian legislation. 

This information is intended to draw your attention to how, why and for how long we process your personal information.

The application is owned by the Data Controller and information about the financial services provided by Mary’s Route Public Benefit Association is available through the application.

The app can be downloaded and installed for free from the Google Play Store and Apple App Store on compatible devices running operating system versions supported by Android and IOS operating systems. No registration is required to use the application.

The application does not request access to personal data stored on the mobile device or other application before or during installation.

1. Name of Data Controller

The data controller is Mary’s Route Public Benefit Association, which means that the data controller determines the purposes and means of processing your personal data.

Contact details of the data controller:

Mária Út Közhasznú Egyesület (Mary’s Route Public Benefit Association)

Head office: 8200 Veszprém, Házgyári út 7. 

Tax number: 18939963-1-19

Email: info@mariaut.hu 

Website: www.mariaut.hu

2. Names and contact details of data protection officers

Data protection officer of Mary’s Route Public Benefit Association: Zsófia Galgócziné dr. Szabó, contact: info@mariaut.hu

3. Purpose and legal basis of data processing 

In this chapter of the Prospectus, the data controller presents the data management performed during the application.

I. Application Logging for the normal operation, development, and analysis of the application for statistical purposes

II. Proper operation of the application and performance of statistical measurements necessary for operation and development.

• Data deletion deadline: Two years from the logging of personal data.

III. Contact data management

• Data set:

• Data subject’s e-mail address 

• Data subject’s profile picture – in case of Google or Facebook login (optional)

• Data subject’s name - in case of Google or Facebook login (optional)

• Data subject’s name - It is not a condition to log in to the game, nor to save the result at the end of the game, for which any name can be entered

• Data subject’s score - The sum of the points earned at the end of the game

• Data subject’s location - If geolocation is enabled (optional)

• Purpose of data management: Contacting the data subject for information and assistance

• Legal basis for data processing: According to Article 6 (1) (a) of the GDPR, the consent of the data subject

• Data deletion deadline: Until the data subject's consent is withdrawn.

During data management, the Data Controller may contact the data subject through the communication channel chosen by the data subject and provide them with assistance or information regarding the use or results of the application and its functions.

IV. Data management related to inquiries for advertising and direct marketing purposes

• Data set: Name, email address or phone number of the data subject

• Data management purpose: The data will not be used for marketing and direct marketing purposes

• Legal basis for data processing: According to Article 6 (1) (a) of the GDPR, the consent of the data subject

• Data deletion deadline: Until the data subject's consent is withdrawn.

During data management, the Data Controller sends advertising messages and direct marketing inquiries to the data subject via the communication channels chosen by the data subject (e.g.: sending news, business offers, financial needs assessment, etc.).

4. The source of personal data and the provision of data and the consequences of failure to do so

The source of the data is You, voluntarily providing your personal data to the data controller. The provision of personal data is not based on the fulfilment of a legal obligation or contractual obligation, so you are not obliged to provide us with personal data.

5. Recipients of personal data, international data transfer

With regard to the above data management, JATECH INNO Kft. (Registered office: 1188 Budapest, Rákóczi utca 51 / B.) acts as a data processor, which provides IT development and operation services. The data controller does not transfer personal data to a third country or to an international organization.

6. Rights of data subjects in relation to data processing

The data subject may exercise their data management rights in person or in writing (info@mariaut.hu). The data controller shall inform the data subject of the action taken within one month of receiving the request. If the issue to be assessed is complex or if the controller needs to obtain information in order to comply with their request, this time limit may be extended by a maximum of two months. The controller shall not be charged for any measures taken to exercise the data subject's rights, but the controller shall reserve the right - if the request is manifestly unfounded or, in particular because of its repetitive nature, excessive, or if the level of administrative costs involved in providing the information justifies it - to charge a reasonable fee or refuse to act on the request. For more information on the rights of data subjects below, see Annex III of the GDPR. 

6.1. Right of access

All data subjects may request information on the personal data stored or otherwise handled by the controller(s). For example, if the data subject wishes to ascertain what data is being processed in connection with the above data processing, the data controller will collect this data and provide copies of this data or send it to the data subject.

The data subject will receive a copy of the personal data processed by the data controller free of charge for the first time. Should an additional copy be required thereafter, the controller may charge a reasonable fee based on administrative costs for such additional copies. If the data subject requests access to their data by email, their request shall be fulfilled electronically by the data controller, unless the data subject requests otherwise.

6.2. Right to data portability

The data subject also has the right to receive a copy of all personal data processed by the controller in an articulated, widely used, machine-readable form that can be used in the future. This requires that the transfer be made by the controller in a format that allows the data subject to interpret the information contained in it and subsequently use it with another service provider (for example in xls format or, in the case of an audio file, on CD). They shall also be entitled to transfer such data to another controller without being hindered by the controller to whom the data subject has made the personal data available.

6.3. Right to rectification

It is important that the data stored by the data controller is both accurate and up to date. If the data subject considers that the personal data held by the controller are faulty or incorrect, they may request in writing that the personal data be corrected or supplemented.

6.4. Right of cancellation

The controller(s) shall, without undue delay, delete the personal data concerning the data subject at the request of the data subject, unless the controller has another legal basis for processing the data.

A request for erasure should only be rejected by the controller(s) exceptionally, for example if the law obliges the controller to further store the data to be deleted or, for example, if the controller needs them in a legal dispute.

6.5. Right to withdraw consent

Please note that you have the right to withdraw your consent to consent-based data processing at any time, free of charge. Withdrawal of consent shall not affect the lawfulness of the data processing prior to withdrawal.

6.6. Automated decision making and profiling

The data controller(s) do not use automated decision-making and profiling in connection with their above data management.

6.7. Right of appeal

If the data subject is unable to settle their claim or right against the data controller in a way that is reassuring to them, the following remedies are available to them. If the data subject considers that the data controller's processing of their personal data is contrary to the applicable data protection requirements, they have the right to initiate an investigation by the supervisory authority or to apply to a court with jurisdiction and competence. However, the data subject is also entitled to a judicial remedy against the decision of the supervisory authority at any time.

Contact details of the National Data Protection and Freedom of Information Authority:

Headquarters: 1125 Budapest Szilágyi Erzsébet fasor 22 / C; postal address: 1530 Budapest, Pf. 5.

Phone: +36-1-391-1400

email: ugyfelszolgalat@naih.hu website: www.naih.hu

If you wish to exercise any of the above rights, you may do so at the contact details of the data controller above, or you may contact our data protection officers directly. In order to identify you, we may also ask you for additional information, which is a security measure so that the person actually entitled can exercise their rights and to avoid disclosing your personal information to unauthorized persons.

If you have any questions after reading the privacy policy or this statement, please feel free to contact us.

7. Amendments to this prospectus

The controller(s) reserve(s) the right to update or amend this privacy policy at any time. If we make significant changes to our data management information, we will inform you about it on our website (www.mariaut.hu), via the mobile application or, if your email address is available to us, electronically.