(valid from 10 October 2020 until revoked)
Please read this Privacy Policy carefully.With this Privacy Policy (hereinafter referred to as the "Policy"), Sparking Invest Zrt. (company registration number: Cg. 01-10-141040; tax number: 28797481-2-42; registered office: 1146 Budapest, Szabó József utca 6.;) as the data controller (hereinafter referred to as the "Service Provider") provides information on the use of the Service Provider's https://www.rollet.app(hereinafter referred to as the "Website"), as well as the Service Provider's parking service called "Rollet" (hereinafter referred to as the "Service") and the application that can be run on a mobile phone or other suitable mobile device (hereinafter referred to as the "Application"): "Application") and other individuals (Website Visitors, Users and other individuals together hereinafter referred to as "Data Subjects") about the processing of their personal data by the Service Provider. In order to use the Service, the User must be familiar with this Notice and must expressly consent to the processing of his/her personal data as described in this Notice. You can do so by checking the box for data processing when you install the Application. The full Notice is available on the hyperlinks provided next to the checkbox before you select the checkbox during installation. If the User does not consent to the processing of the data, the Service cannot be used.
The Service Provider uses short texts, anonymous user identifiers, so-called cookies, on its Website to enhance the user experience and to make the use more convenient. Cookies store unique computer identifiers and profile information on the computer or device of the Website Visitor. Cookies cannot be used to identify the Website Visitor personally, but they can be used to identify and recognise the Website Visitor's computer or device.The Website Visitor can set his/her browser to prevent cookies from being placed on his/her computer or device. The Service Provider may use the advertising services of third-party service providers, whereby the third-party advertising service provider may save the Website Visitor's data, in particular the fact of the visit, the time of the visit, the time spent on the Website, etc., using cookies, in order to enable the Website Visitor to receive targeted advertising for the Service. The Website Visitor will be informed of this separately and will be required to give his/her separate consent to receive such advertising.
The Service can only be accessed by downloading, installing and using the Application. During the installation of the Application, the Service Provider obtains from the online store that enables the download of the Application the download data (such as the time of download of the Application and the name of the online store that enables the download of the Application), as well as the following personal data of the User: the type of software of the mobile device used by the User and information on whether the User is over 18 years of age. By installing the Application, the User consents to the processing of these data by the Service Provider.If the User consents to this during the installation or use of the Application, the Application will access the following applications of the mobile device on the User's mobile device: camera, photos, location data. Authorisation to access the camera and photos is not essential to use the Service, but without access to location data, the Service cannot be used.
1. Scope of personal data required for registration. The Service is available only to Users registered on the Application. The Service Provider requests the following personal data from the User for the User's registration:
For registration, the User can choose to provide the following information:
2. The User's Facebook or Google account. If the User chooses to access the Application with his/her existing Facebook or Google account instead of entering a separate username and password, by entering and confirming this, the User agrees that the Service Provider may receive certain data from Facebook or Google in accordance with Facebook and Google's policies, or that the Service Provider may access the User's following personal data:
In addition to the above, the Service Provider does not receive any other data from Facebook or Google.3. The personal data necessary for the User to pay the fees and charges for the Service (see below) are not processed by the Service Provider, but by iCard AD, the operator of the myPOS service used by the User. The personal data processed by the Payment Service Provider as a data processor for the purposes of payment transaction processing, payment transaction authentication and prevention of possible fraud are the following: the bank card number provided by the User, the expiry date, the name of the holder, the CVC code, the name of the holder (the bank issuing the bank card), the User's name, telephone number, e-mail address, the amount of the transaction, the IP address of the device sending the transaction, the date and time of the transaction, the billing address. The sub-activities performed by the Payment Service Provider as a data processor include the recording, storage, transmission to authorization partners, deletion of all these personal data. The Payment Service Provider may use the following sub-processors to authenticate payment transactions and prevent fraud:
The Payment Service Provider shall be responsible for the sub-processors it uses as if it were performing the sub-processing activities itself. The Payment Service Provider shall only be entitled to use a sub-processor that complies with the applicable data protection legislation and the provisions applicable to the data processor under the Payment Service Provider's General Terms and Conditions, in particular, but not limited to, data security requirements.The Service Provider shall not automatically receive from the Payment Service Provider all such personal data provided by the User to the Payment Service Provider, but shall only receive a series of accounts generated by the Payment Service Provider on the basis of all such personal data. The above personal data provided by the User to the Payment Service Provider cannot be decrypted from the number series generated on the basis of the credit card data and cannot be accessed by the Service Provider, however, upon the Service Provider's request, the Payment Service Provider may provide the Service Provider with credit card data.4. As set out in the General Terms and Conditions for the use of the Service ("GTC"), it is the User's responsibility to ensure that no persons are included in the photographs or short video clips of the Vehicle and it is the User's responsibility to ensure that he/she legally owns the copyright of these images and can legally provide copies of them to the Service Provider for the purpose of providing the Service.Given the fact that a User may register more than one Vehicle within the Application, by accepting this Policy, the User declares that he/she understands that he/she is under an obligation to inform all users of the Vehicle registered in the Application of the scope of the data processed by the Service Provider, as provided for in the GTC.
1. Scope of personal data. The Service Provider processes personal data that is essential for the safe use of the Service through the Application, in addition to the personal data required for registration for the Service (see 3.1), the User's personal data related to parking, which are the following: the place and time of arrival and departure of the Vehicle to and from the parking space (Parking Garage), the parking fee and location, the photograph or video image of the Vehicle (and its driver, passengers) at the time of arrival and departure.2The camera surveillance system installed by the Service Provider in the parking garage. The Service Provider shall operate a separate, uninterrupted camera system at the access gates of the parking garage(s). One camera shall scan the license plates of all vehicles entering the Car Park and another camera shall be activated when the camera scanning the license plates evaluates a license plate registered by a User to use the Service. Their operation is governed by the provisions of Act CXXXIII of 2005 on the Rules of Personal and Property Protection and Private Investigation (hereinafter referred to as the "Act on the Protection of Personal and Property Protection and Private Investigation"). The purpose of the recordings is asset protection: to reduce the risk that the Service may not be unlawfully used by a person entering the parking space (parking garage) at the User's expense with a vehicle having the same license plate number as the Vehicle but with a different vehicle from the Vehicle, and thus to protect the User's property, since the detection of infringements, the detection of the perpetrator in the act or the prevention of such infringing acts, their proof cannot be achieved by other methods, and the use of these technical means is indispensable and does not entail a disproportionate restriction of the right to informational self-determination. The Service Provider shall store the recordings in a closed IT system separate from the Parking Garage. The Service Provider shall inform third parties in an appropriate manner of the fact and the angle of view of the camera surveillance. The Service Provider shall delete the recordings without delay, but within the time limit set by the applicable legislation (see III.3 below).3. Parking garages providing parking spaces for use by the Service Provider (hereinafter referred to as "Parking Garage(s)") may operate camera surveillance systems. The Service Provider is not responsible for the operation of these cameras, the User can obtain information about them from the Parking Garage. The User who has authenticated his/her Vehicle within the Application by means of a photograph or a video recording shall benefit from the following advantages:
In comparison, the User who does not authenticate his/her Vehicle can only know the date and the current duration of the parking, the current parking fee, the Vehicle's registration number and the total amount of the parking at the end of the parking, but not the approximate location (parking area) and the exact duration of the parking in the Application during and after the parking.For the avoidance of doubt, the Service Provider will process the personal data listed above even if the User does not authenticate his/her Vehicle, the difference resulting from the authentication is that the unauthenticated User will only be able to know certain information if and to the extent that he/she requests information from the Service Provider regarding the processing of his/her personal data and only in relation to his/her personal data.
The User can make a complaint about the Service as described in the GTC. In connection with the handling of complaints, the Service Provider shall process the personal data provided by the User in the course of the complaint (in particular, but not limited to, the time and manner of the complaint, the detailed description of the complaint, the circumstances of the use complained about, the documents submitted in connection with the complaint), as well as the personal data processed in the course of the provision of the Service to the User to the extent necessary for the handling of the complaint. The Service Provider shall inform Users separately about the procedure for handling complaints.
In order to promote the Service among Users, to promote the awareness and use of the Service and to increase the quality of the Service, the Service Provider shall process the surname, first name (gender), e-mail address, home or postal address, telephone number and mobile phone number of Users.Data processing for marketing purposes may be processed by the Service Provider only with the express consent of the User, and the Service Provider shall immediately cease processing data for this purpose upon the express request of the User. When subscribing to the newsletter, the date of subscription and the IP address at the time of subscription may also be recorded.By subscribing to receive the newsletter and direct marketing materials, the Data Subject consents to the Service Provider sending the Data Subject an electronic message containing advertising, information about current information, promotions, new features, games, etc.
The Service Provider monitors and manages the number of cars entering the Car Parks for business development purposes, and generates statistics and statements from other anonymised data in order to improve the Service.
In order to provide the Service in a complete and smooth manner, the Service Provider shall, as necessary, closely cooperate with the Parking Houses, and shall transmit to them the Vehicle registration number, the time of arrival and departure of the Vehicle at the Parking House (i.e. the parking time), the images and video recordings of the Vehicle (entry and exit), the approximate location of the parking (parking area), the parking fee and the pricing of the parking passes per parking space. In the event that the remaining parking fee exceeds the bail amount requested by the Service Provider when registering for the Application, the Service Provider shall transmit to the Parking Garage, for the purpose of payment of the parking fee, in addition to the above, the surname, first name and telephone number of the User. The Parking Houses act as independent controllers of all these personal data, as parking is carried out on the basis of a contract with the Parking House.
The Service Provider prepares and issues the invoice for the Service using a software operated by KBOSS.hu Kft. (headquarters: 1031 Budapest, Záhony utca 7.). This company may know the content of the invoices (the User's surname, first name (gender), address or postal address, billing address (if different from the address), as well as the duration of the User's parking and the parking fee) to the extent and for the minimum time necessary to perform all these tasks in order to operate, maintain and troubleshoot the invoice-issuing software. In this context, KBOSS.hu Kft. acts as a data processor on behalf of the Service Provider.
In cases provided for by law or by a final court decision, the Service Provider may disclose all personal data processed to law enforcement authorities (in particular, but not limited to, the police, defence and national security services).
The Service Provider may transfer the personal data described in this Notice to advisors (including, but not limited to, accountants, financial and legal advisors) engaged by the Service Provider in order to comply with its legal obligations or to secure its claims and enforce its rights and legitimate interests.
1.The Service Provider shall retain personal data related to the visit of the Website for a period of five (5) years from the date of the visit (or, if the limitation period for the enforcement of claims is longer, until the end of this period) in order to enforce its rights and legitimate interests.2.Personal data relating to the installation of the Application and registration for the Service will be retained by the Service Provider for a period of five (5) years from the date of termination of the User's registration (or, if the limitation period for any claim is longer, until the end of that period) in order to enforce its rights and legitimate interests.3The Service Provider shall retain personal data relating to the provision of the Service and to the maintenance of contact for a period of five (5) years from the date of the User's parking (or, if the limitation period for asserting any claims is longer, until the end of this period) in order to assert its rights and legitimate interests, except for
4. The Service Provider shall retain the personal data related to the handling of complaints for five (5) years from the date of the complaint (or, if the limitation period for the assertion of claims is longer, until the end of this period) in order to enforce its own and the User's (consumer's) rights and legitimate interests.5.
The Service Provider keeps the personal data at its headquarters (1146 Budapest, Szabó József utca 6.).
The legal basis for the processing (collection, storage, transmission, etc.) of the personal data listed in this Notice by the Service Provider is the voluntary consent of the Data Subjects (Website Visitor, User, etc.), in accordance with Section 5 (1) a) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: "Infotv") and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation; hereinafter referred to as "GDPR") pursuant to Article 6 (1) a). The Service Provider shall process personal data related to the handling of complaints in accordance with Act V of 2013 on the Civil Code and Article 17/A of Act CLV of 1997 on Consumer Protection.
1.It is of paramount importance to the Service Provider that the personal data it handles or processes are secure and that no data security incident occurs that could lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed (a data breach).2. The Service Provider shall raise and develop the data protection awareness of these persons through data protection training in order to prevent data breaches from occurring and to facilitate the efficient, prompt and reassuring handling of any data breach that may occur.3The Service Provider shall implement appropriate technical and organisational measures to ensure a level of data security appropriate to the level of risk, taking into account the state of the art and the cost of implementation, the nature, scope, context and purposes of the processing, and the varying likelihood and severity of the risk to the rights and freedoms of natural persons, including, where appropriate, ensuring the pseudonymisation and encryption of personal data, the continued confidentiality, integrity, availability and resilience of the systems and services used to process personal data.4In the event of a physical or technical incident, the Service Provider shall restore access to and availability of personal data in a timely manner and shall keep the measures taken under constant review.5. The Service Provider shall ensure a procedure for the regular testing, evaluation and assessment of the effectiveness of the technical and organisational measures taken to guarantee the security of data processing.6.
1. The right to transparent information and communication. The Service Provider shall take appropriate measures to provide the Data Subject with all information and communications concerning the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language. The current version of this Notice on the processing of personal data by the Service Provider is available to the Data Subject on the Service Provider's website and within the Application. The Data Subject shall have the right to obtain from the Service Provider feedback as to whether or not his/her personal data are being processed and, if such processing is ongoing, the right to access the scope of the personal data, the purposes of the processing, the recipients of the processing, the envisaged duration of the storage of the data, information on the source of the data or other information specified by law.3. The Data Subject shall have the right to obtain from the Service Provider, upon his/her request and without undue delay, the rectification or integration of inaccurate personal data relating to him/her. The Service Provider expressly requests all Data Subjects to initiate the correction of inaccurate personal data with the Service Provider in the event of any change of data, the detection of incorrect data or the provision of false data.4. The Data Subject shall have the right to obtain from the Service Provider, upon his/her request, the restriction of processing where the Data Subject contests the accuracy of the personal data, the processing is unlawful and the Data Subject requests the restriction of the use of the data instead of the erasure of the data, the Controller no longer needs the personal data for the purposes of processing but the Data Subject requires them for the establishment, exercise or defence of legal claims or the Data Subject has objected to the processing.5. The Data Subject has the right to receive personal data concerning him or her that he or she has provided to the Service Provider in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without hindrance from the Service Provider to whom the personal data have been provided.6. The Data Subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or where the processing is necessary for the purposes of the legitimate interests pursued by the Service Provider or a third party, including profiling based on the aforementioned provisions. In such a case, the Service Provider may no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.7. The Data Subject may exercise the rights set forth in this Section VII by sending a request to the Service Provider's e-mail address support@rollet.app.8. The Service Provider shall designate a Data Protection Officer, given that the Service, as the core business of the Service Provider, involves processing operations which, by their nature, scope and/or purposes, require a systematic and systematic high level of monitoring of Data Subjects. The DPO can be contacted directly by e-mail at support@rollet.app.
If the Service Provider fails to comply with its obligations in relation to any of the above claims of the data subject, the National Authority for Data Protection and Freedom of Information (hereinafter referred to as "NAIH") shall, upon the request of the data subject, open an investigation or conduct an official procedure.Contact details of the NAIH:National Authority for Data Protection and Freedom of InformationAddress: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.Phone: 061/391-1400Fax: 061/391-1410E-mail address: ugyfelszolgalat@naih.huWeboldal: https://www.naih.hu A Irrespective of the decision of the NAIH, the Data Subject may appeal to the competent court in the event of a violation of his or her rights.
1. The User may only provide his/her real data for the registration or use of the Service. The Service Provider shall not be liable for any legal consequences arising from the fact that the User has provided false or not his/her own data.2. The Service Provider shall be entitled to request verification of the data in accordance with the general terms and conditions of the contract concluded between the Service Provider and the User for the use of the Service.3.The Service Provider reserves the right to modify this Notice at its own discretion in the future, in particular in the event of changes in legislation, in order to ensure that the information contained in this Notice provides adequate information about the collection and processing of the Data Subjects' personal data.5.In the event of a modification of the Notice, the Service Provider shall send the fact of the modification, a concise summary of the changes, indicating the modified provisions, the date of entry into force of the modification and the full text of the modified Notice to the Users at the e-mail address provided by them during registration at least ten (10) days before the entry into force, and shall also publish it on the Website.6.