Privacy Statement (GDPR)

The purpose of the following Data Management Information is for Access4you International Ltd. (Registered office: 1094 Budapest, Páva utca 13., company registration number: 01-09-336139) to inform the user of the data management operations performed by the European Parliament and the Council Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) Regulation (hereinafter: GDPR) and in accordance with the Hungarian legislation in force.

This Prospectus also covers data management through the Access4you mobile application operated by Access4you (hereinafter: the Application), so in addition to the functions available on the Website, the Services also mean the services made available by Access4you on the Application, and where this Prospectus refers to the Website, what is stated there also applies to the surface of the Application when using the Application, with any meaningful exceptions arising from the operation.

With regard to the data management related to the operation of the websites and the sending of newsletters, Access4you International Ltd. Qualifies as a data controller (hereinafter: Data Controller). Contact details of the data controller: phone: +36 30 329 10 30, e-mail: info@access4you.io. In the course of its data management processes, the data controller complies with the requirements of the legislation in force at any time and fully respects the protection of the fundamental rights and privacy of individuals when developing its data management practices, paying special attention to the requirements of the GDPR.

In order to facilitate the use of the website operated by it, the data controller provides registration, the primary purpose of which is to provide convenience services:
■ storage of previously visited places
■ storing your favorite or selected locations and related data in an account,
■ view special offers available to registered users.

■ data provided during registration (name, e-mail), profile picture taken from Facebook in case of using Facebook registration, name, email address, date of birth, date of registration, profile ID;
■ the telephone number, date of birth, mailing address provided in the My Account menu of my account;
■ details of selected locations, date marked, deleted, details of searched and viewed places.

Data management is based on the consent voluntarily given by the given user (legal basis for data management). If you withdraw your consent or do not provide your details, we will not be able to provide the convenience of registration. The data provided during registration and generated during the use of the account will be processed until the registration is canceled (duration of data management). Once deleted, the date, the user's email address and, if provided, the reason for unsubscribing will be stored in order to prove the fact of unsubscription, however, your data will no longer be used in any other way. The data will not be transmitted and will only be accessed by the employees of Access4you International Kft. The stored data is stored in our own IT systems and in the DigitalOcean system (headquarters: 101 Avenue of the Americas, 10th Floor New York, NY 10013), to which our colleagues have access for 10 years.

If a user uses the website for information purposes, ie if he does not subscribe or otherwise provide his data, we will only collect the personal data that your internet browser transmits to our server. When viewed, we collect the information necessary to display our website and to ensure its stability and security. Only in the case of suspected abuse will we use this reference information to determine the identity of the person responsible. This is based on Article 6 (1) of the GDPR: - IP address, date and time of inquiry, time offset from Greenwich Mean Time (GMT), content of the request (specific page), access status / HTTP status code, the amount of data transmitted is, in some cases, the website of the receiving website, the Internet browser, the operating system and its user interface, language, and the version of the browser software.

When a user emails the Data Controller, we store the user-provided email address and phone number so that we can answer your questions. These data are explicitly reported on a voluntary basis and with the consent of the user - in accordance with Article 6 (1) (a) of the GDPR. If this concerns information about communication channels (such as a user's email address or telephone number), the user also agrees to be contacted through this communication channel if necessary to answer your question. User may revoke this consent for future reference at any time. Data arising in this connection will be deleted after they are no longer required to be stored or restricted if their retention is required by law.

The data controller provides a number of opportunities for private interested parties to subscribe to their personalized newsletters using the “newsletter subscription” feature. The subscription option always contains information on the most important features of data management.

The data controller's newsletters are tailored to the user's personal, useful, interesting, valuable information, etc. by inserting it in a newsletter. In order to personalize and send newsletters, the Data Controller uses the following data:
■ data provided during registration on www.access4you.io, stories.access4you.io, e-audit.access4you.io (hereinafter access4you.io subpages) (eg name, e-mail address, date of birth);
■ the activity shown on the pages of www.access4you.io (eg fact and date of opening, fact and number of clicks on links in newsletters);
■ newsletter subscription data (eg date of subscription, content of consent, source of subscription).

We use user data solely for the purpose of sending personalized newsletters. We will not pass this data on to any other data controller. The data management is based on the user's voluntary consent (the legal basis for the data management), which entitles the Data Controller to send newsletters. If the consent is revoked or the cancellation function available in the newsletter is used, the User's data will be deleted immediately (duration of data management). After unsubscribing, we will store the date, the user's e-mail address and, if provided, the reason for unsubscribing, in order to prove the fact of unsubscribing, however, the data will no longer be used in any other way. Within 365 days, we will review the accuracy of our information once and delete email addresses that have become inactive (e.g., you have not opened any of our newsletters) or are inoperative (newsletters bounce back), even if you do not cancel.

The data controller complements its services provided in the online environment with customer service administration via telephone or electronic mail. The purpose of the data management implemented in this way

■ investigation and adjudication of complaints,

The data controller complements its services provided in the online environment with customer service administration via telephone or electronic mail. The purpose of the data management implemented in this way

■ name, e-mail, telephone number, other contact details;
■ request, subject of request, details, date, method;
■ the steps and suggestions necessary for the conduct and conclusion of the case;
■ user feedback on administration.

The data processing is handled in accordance with the provisions of § 6 1) b) of the Decree in order to conclude the “Terms of Use” agreement for the use of the access4you.io site accepted by the user. If you do not provide your information, we will not be able to fulfill your customer service request. We store the managed data in our own IT systems, which can only be accessed by our colleagues.

When using the website, cookies are placed on the user's device. Cookies are small text files stored on the hard drive assigned to the Internet browser used, through which certain data is stored at the location specified in the cookie. Cookies cannot run any program or infect a user's device with any virus. Cookies help the website to operate more user-friendly and efficiently, and to identify the user on successive visits. Temporary cookies are automatically deleted when the user closes their Internet browser. These save the “session ID” that can be used to assign different web browser requests to the shared session. This makes the user’s device unrecognizable when they return to the website. Session cookies are deleted when you log out or close your Internet browser. Persistent cookies are deleted after a set period of time; this duration may depend on the particular cookie. The user can delete cookies at any time in the security settings of their Internet browser. The user can configure the settings of his / her Internet browser and application as desired, for example by disabling the acceptance of cookies from third parties or all cookies.

The security of the user's personal and business data is important to us. To this end, during the data processing performed by the Data Controller, data is requested only through an encrypted channel, all data traffic and communication takes place via an encrypted channel. The transferred data is stored encrypted by the Data Controller, thus ensuring that the risk of a possible security incident is minimized. Only data that is necessary for the Data Service to be able to provide the best service is requested. We store your data on servers provided by our contractual partner, Google LLC (Gordon House, Barrow Street, Dublin 4, Ireland) ("Data Processor"). Its data management servers are housed at one of the largest ISO 27001-certified Internet and cloud service providers, who operate the service in two physically separate server rooms under constant technical and security supervision, in parallel with a georedundant infrastructure. The servers are protected by a firewall from unauthorized intruders. Data centers are protected by security guards, access is only possible after proper card identification.

Data center addresses: Our contractual partner in the operation of the newsletter sending service and in the personalization of the newsletters, The Rocket Science Group LLC d / b / a Mailchimp (headquarters: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA) (hereinafter: Data Processor2) supports us. About the security of data processed during newsletters as a data processor The Rocket Science Group LLC takes care of.The Rocket Science Group LLC Mailchimpfollowing the requirements of the GDPR, in order to ensure the provision of its services:
■ It has audited and strengthened its security infrastructure and practices for data encryption, data during transmission, inactive data, backups, logging, and security alerts.
■ It introduced a new risk analysis and data retrieval process. Anonymizes and then deletes and all data, except for the previously mentioned data set necessary to prove the unsubscription, if the user unsubscribes or requests the deletion of his data
■ It guarantees that the services provided in the data centers meet the criteria of the GDPR and are ISO 27001 certified.
■ The services provided by the owner of the Mailchimp software comply as much as possible with the specifications and standards described in the ISO 27001 certification. The workflow for convergence and compliance with standards is based on the ITIL framework.

The user can enforce his / her rights at the e-mail address info@access4you.io, on the basis of which - within the limits specified by law:

■ request access to the processed personal data or a copy thereof; (Article 15)
■ request information on the main features of data management (purpose, scope of data processed, data processors involved, duration of data management); (Article 15)
■ you can withdraw your consent at any time; (Article 7 (3)) may request the correction of inaccurate personal data concerning the User without undue delay or the addition of incomplete personal data; (Article 16)
■ request the deletion of the relevant personal data without undue delay (Article 17) if
 ■ personal data are no longer required for the purposes indicated in points 1 and 2 (provision of professional materials, sending of newsletters);
 ■ withdraws its consent and there is no other legal basis for further processing;
 ■ protests against sending newsletters;
 ■ your data has been processed unlawfully;

Data may not be deleted if it is necessary for the submission, enforcement or protection of a legal claim.

■ You can request a restriction on the use of the data (Article 18) if:
 ■ disputes the accuracy of personal data - in this case the restriction applies to the period of time that allows us to check the accuracy of the personal data;
 ■ the processing is unlawful, opposes the deletion of the data and instead calls for restrictions on their use;
 ■ we no longer need personal data for data processing purposes but require it to make, enforce or protect legal claims; obsession
 ■ protested against the data processing - in this case the restriction applies for the period until it is determined whether our legitimate reasons take precedence over the legitimate reasons of the User;
 ■ may object to the sending of newsletters - after the protest, your data may not be processed for this purpose (Article 21 (2) - (3));
 ■ may institute proceedings before the supervisory authority of the place of residence, employment or the place of the alleged infringement (Article 77).

In Hungary, the supervisory authority is the National Data Protection and Freedom of Information Authority. (Budapest, 1125, Szilágyi Erzsébet fasor 22 / c.) In case of infringement, it is also possible to institute legal proceedings against the Data Controller or the Data Processor before the court of the Member State where the Data Controller or the Data Processor is established and In case of requesting information, we will respond to the user's request - after identification - within a maximum of 30 days, at the given contact details.