Privacy Policy

The purpose of this Privacy Policy is to provide comprehensive information regarding the data protection principles of I18Nature. The protection of users' personal data is of paramount importance; such data is handled and stored with the utmost care. This Privacy Policy has been designed to comply with the European Union's General Data Protection Regulation (hereinafter: "GDPR").

Data Controller

Sipos Dániel E.V. (registered office: Hungary 9090 Pannonhalma, Tóthegy 49/A., business registration number: EV-52820627, tax number: 69184518-1-28, e-mail: info@i18nature.com, phone: +36/20 952-0471, representative: Sipos Dániel, hereinafter: "Data Controller")
The Data Controller conducts data processing in accordance with Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter: "Infotv."), as well as Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the GDPR).
The Data Controller is an intermediary service provider as defined in Section 2(l) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (hereinafter: "E-Commerce Act"): a Service Provider providing information society services, which

1. transmits information provided by the user over a telecommunications network or provides access to the telecommunications network (mere conduit and access provision);

2. transmits information provided by the user over a telecommunications network and serves primarily to make the transmission of information initiated by other users more efficient (caching);

3. stores information provided by the user (hosting);

4. provides tools to assist users in locating information (search engine services);

5. application service provider.

Data Processors

In the course of its operations, I18Nature cooperates with so-called data processors. Data processing, as defined by the Infotv. (Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information), means "the performance of technical tasks related to data management operations (regardless of the method and means used to perform the operations, and the place of application)". A data processor is "a natural or legal person, or an organization without legal personality, that processes data on the basis of a contract concluded with the data controller — including contracts concluded on the basis of legislative provisions — for the purpose of data processing".

I18Nature cooperates with the following data processors:

• Meta Platforms, Inc. (1 Meta Way, Menlo Park, CA 94025, United States)

• Google LLC. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States)

• Apple Inc. (1 Apple Park Way Cupertino, California, 95014-0642 United States)

• Stripe Inc. (510 Townsend Street, San Francisco, CA 94103, United States)

• Mailgun Technologies Inc. (535 Mission St. San Francisco, CA 94105, United States)

Data processors may not freely dispose of the processed personal data. The overseas data processors cooperating with I18Nature operate within the EU-US Data Privacy Framework.

Data Processing

Under this Privacy Policy (hereinafter: "Policy"), the Data Controller processes both personal and non-personal data. Personal data, as defined in Section 3(2) of the Infotv. (Act CXII of 2011), means data that can be associated with the Data Subject — in particular, the identifying mark of the person using the Application (hereinafter: "Data Subject"), as well as one or more characteristics specific to their physical, physiological, mental, economic, cultural, or social identity — and any conclusion drawn from the data relating to the Data Subject. Non-personal data is therefore information that cannot be directly or indirectly associated with a person and is not suitable for their identification.

Personal Data

The Data Controller records personal data during the use of the Service as follows:

• Data provided by the Data Subject: data voluntarily provided during the use of the Service, such as registration data and data provided while browsing the Application or using certain parts or Features thereof, are recorded by the Application. Such personal data includes, but is not limited to, the Data Subject's last name, first name, e-mail address, which are suitable for identifying the Data Subject.

  Data processed	Purpose of processing	Legal basis of processing
  last name, first name, e-mail address	registration	Your consent

• Automatically collected data: data automatically sent by the Data Subject's computer, mobile device, or browser when accessing the Data Controller's Service. Such automatic data includes, but is not limited to, unique identifiers relating to the device and browser providing access: IP address, characteristics of the software environment regarding the device and browser used, activity data relating to the use of the Service, information relating to the connection with the Service, as well as data collected by Cookies, Pixel Tags, Local Shared Objects and Web Storages technologies. The guidelines regarding the use of cookies and other technologies are set out in the Technologies and Principles section.

  Data processed	Purpose of processing	Legal basis of processing
  IP address, characteristics of the software environment	secure operation of our servers	Legitimate interests of the Data Controller

Personal data provided during registration or by other means may be linked by the Application with non-personal data (including non-personal data of third parties), in which case such linked data shall also be treated as personal data for as long as the link exists.

Use of Personal Data

The Data Controller collects and uses personal data in accordance with this Policy as follows:

• Purpose-limited use
  Personal data provided for a specific purpose may only be used by the Data Controller in accordance with that purpose.
  

• Access and use
  Where personal data is provided for the purpose of user access or the use of an external service or any of its features, the Data Controller may only use such data for the purpose of providing, accessing, or monitoring the service.
  

• Internal business use
  The Data Controller may use personal data for internal business purposes, including facilitating the content and features of the Service, better understanding the needs of Data Subjects, developing the Service, protecting against and identifying malicious activities, enforcing the Terms of Service, supporting user profiles, providing customer support, and generally supporting the business operations of the Service and the Data Controller.
  

• Other use
  If the Data Controller wishes to use personal data in a manner inconsistent with this Policy, it shall inform the Data Subject before or during the use of the Service and request their consent before collecting and using the data.
  

Disclosure and Transfer of Personal Data

• Exclusion of revenue-generating use
  The Data Controller does not sell personal data in any way, which is the most important element of the cooperation with the Data Subject; however, it may transfer such data to certain third parties without notice in the manner regulated below.
  

• Business transfer
  In the course of business developments, certain assets or the business itself may be sold; therefore, in cases where the business is sold, merged, reorganized, or liquidated, or in other similar cases, personal data may be among the transferred assets. By accepting this Policy, the Data Subject acknowledges that in the event of succession, the acquirer of the personal data is obliged to process the personal data under the same conditions as the Data Controller.
  

• Owner, subsidiaries, and affiliated companies
  The Data Controller is entitled to share personal data with its owner, subsidiaries, and affiliated companies for the purposes set out in this Policy, all of which are obliged to comply with this Policy.
  

• Agents, consultants, and services
  The Data Controller is entitled to transfer personal data to its partners who process personal data on its behalf in order to carry out certain business functions, including contracted companies providing database management, backup and disaster recovery, and e-mail services. The Data Controller only transfers the information — including personal data — necessary for the performance of the given task to such companies.
  

• Online payment service providers
  In the case of online payments, the Data Controller transfers the Data Subject's personal data to its contracted Stripe service provider. By accepting this Policy, the Data Subject expressly acknowledges and accepts that the personal data stored in the Data Controller's user database will be transferred to Stripe Inc. as an external data processor. The scope of transferred data includes: billing last name, billing first name, phone number, e-mail address, billing address. The purpose of the data transfer is: providing customer support to users, confirming transactions, and fraud-monitoring for the protection of Data Subjects.
  

• Court and authority requests
  The Data Controller is obliged, on the basis of a relevant decision, to disclose personal data to courts and authorities where required by law, for the protection of its rights, for the prevention of bad faith activities related to the Service, or where necessary for the protection of the personal safety of Data Subjects or the public.
  

Storage of Personal Data

The Data Controller stores personal data itself or through its contracted partners to whom personal data has been transferred in accordance with this Policy. The Data Controller takes all reasonable measures to protect the personal data received during the provision of the Service, in order to prevent loss, misuse, unauthorized use and access, negligent disclosure, alteration, and destruction of personal data. Data Subjects should be aware that no network, server, database, internet, or e-mail connection can be completely free from potential errors, and therefore they should pay particular attention when disclosing personal data. The Service Provider is not liable for any misuse arising from the improper storage of a forgotten password or e-mail address, where such unauthorized use resulted from the fault, intentional or negligent carelessness of the Data Subject.

Retention Period of Personal Data

The Data Controller stores personal data for the duration of the Data Subject's registration for the use of the Service. The Data Subject may request the deletion of their registration from the Data Controller or may do so themselves through their profile. Data storage beyond this scope is governed by applicable data protection legislation. Even after the deletion of personal data, data may remain in backups or media archives, which the Data Controller may use for legal, tax, or other regulatory requirements, or for legitimate and demonstrable business purposes.

Cookies, Pixel Tags, Local Shared Objects and Web Storages

The Technologies and Principles section contains the provisions relating to cookies and other similar tracking technologies.

Rights of Data Subjects

Right of access

In this regard, Data Subjects are entitled to request confirmation from the Data Controller as to whether personal data relating to them is being processed; where applicable, they may access the data and receive information about the purpose of processing, the scope of personal data, the persons to whom the data has been or will be transferred; they are entitled to know the duration of processing, or where this is not possible, the criteria for determining such duration; they may request the rectification or erasure of personal data, anonymization — as a result of which the data can no longer be associated with the Data Subjects — or, under certain conditions, restriction of processing; they may object to processing; they may lodge a complaint with the competent supervisory authority and exercise their other rights as set out in the applicable legislation.

Right to rectification

The Data Subject has the right to request the Data Controller to rectify inaccurate personal data without undue delay, and — having regard to the purpose of processing — to have incomplete personal data completed.

Right to erasure

The Data Subject has the right to request the Data Controller to erase personal data relating to them without undue delay, and the Data Controller is obliged to erase personal data relating to the Data Subject without undue delay where one of the following grounds applies:

1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

2. the Data Subject withdraws their consent in accordance with applicable law and there is no other legal basis for the processing;

3. the Data Subject withdraws the consent on which the processing is based in the cases specified by law, and there is no other legal basis for the processing, and the Data Subject objects to processing for such purposes;

4. the personal data have been unlawfully processed;

5. the personal data must be erased for compliance with a legal obligation under Union or Member State law applicable to the Data Controller.

Right to restriction of processing

The Data Subject has the right to request the Data Controller to restrict processing where one of the following applies:

1. the accuracy of the personal data is contested by the Data Subject, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the personal data;

2. the processing is unlawful and the Data Subject opposes the erasure of the data and requests the restriction of their use instead;

3. the Data Controller no longer needs the personal data for the purposes of processing, but they are required by the Data Subject for the establishment, exercise, or defence of legal claims; or

4. the Data Subject has objected to processing on grounds relating to their particular situation — on the basis that processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, however, the interests or fundamental rights and freedoms of the Data Subject which require the protection of personal data override those interests, in which case the restriction applies for the period during which it is determined whether the legitimate grounds of the Data Controller override those of the Data Subject.

Right to data portability

The Data Subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format, and has the right to transmit such data to another controller without hindrance from the Data Controller to which the personal data was provided.

Right to object

The Data Subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data where such processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require the protection of personal data, including profiling based on those provisions. In such cases, the Data Controller shall no longer process the personal data, unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject, or for the establishment, exercise, or defence of legal claims.

Data Subjects expressly acknowledge that in the event they exercise the rights listed above — in the absence of the erased or otherwise restricted personal data — some or all of the Features of the Service may become unavailable to the given Data Subject, and may result in the temporary or permanent unavailability of the given Data Subject's profile.

Exclusions

Personal data disclosed to third parties

This Policy does not apply to personal data that the Data Subject has disclosed to other users during the use of the Service.

Third-party sites

The provisions and procedures described in this Policy apply exclusively to the Service. The Application may contain links to third-party sites; however, the Service Provider assumes no responsibility for the content of such sites or for the policies and data protection provisions of third parties.

Aggregated data

In order to develop the Service and better understand user habits, the Service Provider frequently conducts surveys among its clients regarding their demographic data, interests, and habits, based on the personal data provided and other information. Given the aggregate collection and consolidated processing of the information thus obtained, which is not suitable for the personal identification of individual Data Subjects, aggregated data does not constitute personal data.

Enhanced protection of children's rights

The Service Provider does not collect data from children under the age of 18. Parents and legal guardians are responsible for monitoring and supervising their children's use of the internet, including compliance with this Policy. If a parent or legal guardian reasonably believes that a child under 18 has provided personal data to us, the Service Provider will delete it from the Application upon their request.

Right to amend

In accordance with changes to the Service and business considerations, the need to amend this Policy may arise; therefore, the Service Provider reserves the right to update or modify it at any time. The Service Provider shall publish the amendments in the Application and, where necessary, notify Data Subjects by e-mail or through a notice in the Service, including the effective date of the amendment. If any Data Subject finds the indicated amendment unacceptable, they should not use the Service.