Parenting Intelligence Agency Kft. respects your privacy and is committed to protecting your personal data. The present privacy policy informs you in particular as to how we process your personal data when you use The Phenomenals App (App) and tells you about your privacy rights, furthermore, how the law protects you.
1. IMPORTANT INFORMATION AND WHO WE ARE
1.1 PURPOSE OF THIS PRIVACY NOTICE
This privacy policy aims to give you information on how Parenting Intelligence Agency Kft. collects and processes your personal data through your use of the App.
1.2 DATA CONTROLLER
The App is operated and maintained by Parenting Intelligence Agency Kft. and it is therefore qualifies as data controller (hereinafter referred to as “Data Controller”; “we”, “us”, or “our”) in respect of your personal data.
Contact details:
- Seat: 1021 Budapest, Hűvösvölgyi út 119. 2. em. 3.
- Email address: info@thephenomenals.family
2. THE DATA WE COLLECT ABOUT YOU
2.1
Personal data means any information relating to an identified or identifiable natural person (data subject).
2.2
We may in particular collect, use, store and transfer the following kinds of personal data about you:
Children’s Data (nickname, birthday, behaviour)
Contact Data (such as email address)
Identity Data (user name, date of birth)
Transaction Data (such as details about payments to and from you and other details of services you have purchased from us)
Technical Data (such as IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this application)
Profile Data (such as username and password, purchases or orders made by you, your preferences, feedback, your interests, age, gender, location, education, employment status, work hours per week, marital status, household composition, household income, language, role in family, activity level in child’s life, living situation, number of people living in the family, schooling, nationality, place of birth, profile picture)
Special Categories of Data (ethnicity, religion, political views, sexual orientation)
Usage Data (such as information about how you use our App)
2.3 IF YOU FAIL TO PROVIDE PERSONAL DATA
In case we need to collect personal data by law or under the terms of contract we have concluded or will conclude with you and you fail to provide the requested data, we may not be able to perform the contract we have or are trying to enter into with you (e.g. to provide you with the App). We will however notify you if this is the case.
3. PURPOSES FOR WHICH WE USE YOUR PERSONAL DATA, LEGAL BASIS FOR PROCESSING AND DATA RETENTION PERIOD
We have set out below, in a table format, a description of all the ways we use your personal data, and which of the legal bases we rely on to do so.
Purpose and activity
Type of data
Legal basis
Retention period
To register in our App
- identity data
- contact data
Art. 6 (1) b) GDPR – performance of a contract
until you delete your account
To register in our App via Facebook
- identity data
- contact data
- profile picture
Art. 6 (1) b) GDPR – performance of a contract
until you delete your account
To register in our App and to use our App
- children’s data
Art. 6 (1) f) GDPR – legitimate interest of the Data Controller (to enable a full use of the App)
until you delete your account
To use our App
- special categories of data
- profile data
In case of special categories of data: Art. 6 (1) a) and Art. 9 (2) a) GDPR – consent
In case of profile data: Art. 6 (1) a) GDPR – consent
You have the right to withdraw your consent at any time (see details below). The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
until you withdraw your consent but no later than you delete your account
To use our App
- identity data
- contact data
Art. 6 (1) b) GDPR – performance of a contract
until you delete your account
To administer and protect our business, App (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
- identity data
- contact data
- technical data
Art. 6 (1) f) GDPR – legitimate interest of the Data Controller (running our business, provision of administration and IT services, network security, preventing fraud)
as long as it is necessary to fulfil the purposes we collected the data for
Direct marketing (sending marketing communications related to the App’s new features, services, etc.)
- contact data
Art. 6 (1) a) GDPR – consent
You have the right to withdraw your consent at any time (see details below under Section 7.7). The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
until you withdraw your consent but no later than you delete your account
Please note that in case of processing of children’s data based on consent, the consent must be obtained from the legal guardian (parent), if the respective child is under 16.
4. DATA RECIPIENTS
(A) DISCLOSURE TO DATA PROCESSORS
4.1
The Data Controllers works with companies that help us run the App. These companies provide services such as delivering customer support, sending emails on our behalf (these are called data processors). In some cases, these companies have access to some of your personal information in order to provide services to you on our behalf. They are not permitted to use your information for their own purposes.
4.2
Currently, we are using the following data processors:
Name
Postal address
Activity
WRD
1051 Budapest, Sas utca 10-12
App development & operation
Mailchimp
675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USANewsletter management
(B) DISCLOSURE TO OTHER DATA CONTROLLERS
4.3
In other cases, we provide your data to other entities to use such data under their own name and for their own benefit. Sometimes we may need to do this to comply with a legal obligation (such as when we need to provide certain transactional, technical or identity data to the police or other authorities), and in other cases, we rely on other legal grounds, such as our legitimate interests or your consent.
4.4
Alternatively, if we have a good-faith belief that the disclosure is necessary to prevent or respond to fraud, defend our websites or applications against attacks, or protect the property and safety of the Data Controller, our customers, users, the public, or specific companies retained to assist us to combat piracy.
4.5
We may share or publish aggregate data that doesn’t specifically identify you, such as statistical information about visitors to our websites or statistical information about how customers use our applications.
5. DATA TRANSFERS
5.1
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
5.2
Please do contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
6. IS MY PERSONAL DATA SECURE, AND WHERE WILL IT BE STORED?
6.1
We understand that the security of your personal information is important. We provide reasonable administrative, technical, and physical security controls to protect your personal information. All information you provide to us is stored on secure servers. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot warrant or guarantee the security of your data transmitted to us; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
6.2
Also, we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
6.3
Finally, we have put in place procedures to deal with any suspected personal data breach and will notify you.
7. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
In order to exercise any of your rights listed below, please contact us through the contact details indicated in Section 1.2 above.
7.1 Your right to access
You have the right to access your personal data, including requesting information on whether we process your data, which data are processed, and you may also request a copy of the data you provided to us.
7.2 Your right to rectification
You have the right to the correction of your personal data. This enables you to ask that any incomplete or inaccurate data we hold about you be corrected.
You also have the right to provide us with additional information, and documents and a supplementary statement. We may verify any and all data provided to it. We shall communicate the rectification of your personal data to recipients of such personal data (if any). However, we shall not communicate the rectification of personal data to recipients if the communication to such recipients is either impossible or involves a disproportionate effort.
7.3 Your right to erasure
Subject to certain conditions and in certain cases, you have the right to the erasure of your personal data. This means that you may request that we delete your personal data that we may have processed unlawfully or where the use of your data is no longer needed for a purpose. Please keep in mind that we may not be able to meet your request for specific legal reasons that will be notified to you, if applicable.
We shall communicate the erasure of your personal data to recipients of such personal data (if any). However, we shall not communicate the erasure of personal data to recipients if the communication to such recipients is either impossible or involves a disproportionate effort.
7.4 Your right to the restriction of processing
You may also request the restriction of the processing of your personal data. For instance, you may request that we suspend the processing of your personal where our use of the data is unlawful but you do not want us to delete it.
We shall restrict the processing of your personal data for a period to verify the accuracy of such data if you request to obtain the restriction of the processing of your personal data, and you contests the accuracy of such data.
We shall restrict the processing of your personal data if you request to obtain the restriction of the processing of such data, the processing of which is unlawful, and you opposes the erasure of such data.
We shall restrict the processing of your personal data if we do not need such data for the purposes of its processing, but you require your data for the establishment, exercise or defence of legal claims.
We shall restrict the processing of your personal data if you object to the processing of your personal data that are necessary for the purposes of the legitimate interests that we pursue, and you wait to verify that our processing of your personal data has a legitimate ground that does not override your objection.
We shall communicate the restriction of processing of your personal data to recipients of such personal data (if any). However, we shall not communicate such restriction to recipients if the communication to such recipients is either impossible or involves a disproportionate effort.
7.5 Your right to data portability
Where the processing of your data is either based on your consent (e.g. in respect of electronic direct marketing), or is necessary for the performance of a contract, you may request the provision of your personal data that you have provided to us in a standard format, and you may also request that such data be transferred to another entity.
7.6 Your right to object
Importantly, when we process your data on the basis of our legitimate interests you may object to such processing and request that any of those activities be stopped. In such cases we shall no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
7.7 Your right to withdraw consent
Also, you have the right to withdraw your consent at any time where we rely on your consent for processing your data. Remember that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal and that in some cases we may need time to process request. With regard to electronic direct marketing, you may withdraw your consent by sending us a letter to our postal address, or a message to our email address indicated above, or by clicking on the unsubscribe link to be found in each email.
In case of processing your special categories and profile data, you may exercise your right to withdrawal by amending your profile settings (e.g. by deleting the data you do not want us to process further). Once you deleted any personal data from your profile, we will stop processing such data.
We shall communicate your objection/withdrawal of consent to recipients of such personal data (if any). However, we shall not communicate such restriction to recipients if the communication to such recipients is either impossible or involves a disproportionate effort.
7.8 Your right to lodge a complaint
Without prejudice to any other administrative or judicial remedy that you may have (such as the right to claim compensation for damages suffered as a result of our breach of the GDPR), you have the right to lodge a complaint with the Hungarian Data Protection and Freedom of Information Authority (NAIH) supervisory authority, or another data protection supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The contact details of the NAIH are as follows: H-1363 Budapest, Pf. 9.; phone: +36 1 391-1400; telefax: +36 1 391 1410; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu.
In any case, we would highly appreciate the chance to deal with your concerns before you approach the regulatory authority above, so please contact us in the first instance if any problems.
If you wish to exercise any of your rights mentioned above, please contact us at the addresses set out in clause 1.3.
7.9 No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
7.10 Verification of you identity
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
8. CHANGES TO THIS PRIVACY POLICY
This Privacy Policy is current as of 11th November, 2022. Earlier versions may be obtained by contacting us. We will inform you in case of any changes to this Privacy Policy in due course.