Privacy and Data Management Policy

  1. Purpose of the regulations

The purpose of these regulations is to record the data protection and data management policy of Actlico Kft.( Headquarter: 8411, Veszprém, Buzogány köz. 2, tax number: 26302120-2-19, company registration number: 19-09-519762, registration authority:Veszprém Company Court) taking into account the principles of data protection and data management, which should secure the personal rights of the data subjects during the use of all the Service Provider’s services, in particular the right to the protection of personal data during the processing and handling of data subjects’ personal data.

  1. Interpretative provisions

2.1. Data controller: a natural or legal person or an organization without legal personality who, alone or together with others, determines the purpose of data processing, makes and implements decisions on data processing (including the means used) or implements it with the data processor.

2.2. Data management: any operation or set of operations on data, irrespective of the procedure used, in particular their collection, recording, recording, systematisation, storage, alteration, use, interrogation, transmission, disclosure, coordination or linking, blocking, erasure and destruction, and to prevent further use of the data, to take photographs, sound or images, and to record physical characteristics capable of identifying the person (eg fingerprint or palm print, DNA sample, iris image recording).

2.3. Personal data: data which can be contacted with the data subject, in particular the name, identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities, and the conclusion which can be drawn from the data.

2.4. Consent: a voluntary and firm expression of the will of the data subject, based on adequate information and giving his or her unambiguous consent to the processing of personal data concerning him or her in full or in certain operations.

2.5. Data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.

2.6. Data processor: a natural or legal person or an organization without legal personality who carries out the processing of data on the basis of a contract, including a contract concluded on the basis of a provision of law.

2.7. Data subject: Any natural person identified or identifiable, directly or indirectly, on the basis of personal data.

  1. Name of the data controller

Name of data controller: ACTLICO Kft.

Address of the data controller: 8411 Veszprém, Buzogány köz 2.

Data controller tax number: 26302120-2-19

Company registration number of the data controller: 19-09-519762

Data controller’s representative: Antal Dittrich 

Data controller e-contact:

In this regulation, we refer to ourselves as Actlico Kft. hereinafter as the “Data Controller”.

The Data Controller handles the personal data provided to it in all cases in compliance with the applicable Hungarian and European legislation and ethical requirements, and in all cases takes the technical and organizational measures necessary for the proper secure data management.

  1. Description of applicable legislation

The Data Controller is a legal entity registered in Hungary, so in the course of the processes carried out by it, it is primarily obliged to comply with the legislation in force in Hungary. However, as Hungary is a member of the European Union, in addition to the primacy of Hungarian law, the law of the European Union is also applicable in the event that Hungarian law does not clarify certain issues or European Union regulations are directly applicable to the given issue.

Therefore, during the data management process presented in these Regulations, the following legal regulations apply to the Data Controller:

Infotv .: 2011 CXII. Act on the Right to Information Self-Determination and Freedom of Information – this is our so-called data protection law which hereinafter we refer to in the Regulations as the Information Act.

– GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) – this is the data protection regulation of the European Union applicable from 25 May 2018, but already in force from May 2016, which is directly applicable in all Member States, including Hungary, hereinafter referred to in the Regulations as the GDPR.

  1. Data management rules

As a data controller, we inform users of the Actlico application (my.actlico.com website and the iOS and Android Actlico application) that we only process personal data in accordance with the provisions of this privacy statement. The scope of these Regulations extends to all processes implemented using the my.actlico.com website and the iOS and Android Actlico application, during which the personal data defined in Section 2 of these Regulations (as defined in Section 3 (2) of the Information Act at the legal level) are managed. As the Data Controller, we declare that we process the processed personal data only in accordance with the principles of data protection (named in the Infotv. and the GDPR), in particular the purpose limitation principle, therefore we process personal data only in this way and to the extent which we introduced to the data subject, namely to you, in these Regulations before starting the data management. If the purpose of the data processing is terminated or you request the termination of the data processing, the personal data will be deleted. In data management, we use a physical and logical protection solution that provides adequate data security while protecting data. The purpose of this information is to enable you to know the purpose of the data processing, the legal basis of the data processing and all relevant facts related to the data processing before collecting the data. That is why we only process personal data with the consent of the data subject, i.e. your prior consent. Prior consent constitutes your installation of the application, registration and acceptance of this information as part of the registration process, after reading and acknowledging  these terms.

  1. Scope of personal data processed

In order to provide the services you use, we ask you to provide certain personal information.

When using the Actlico service, we store the following personal and other user data:

Data category Data source Purpose of data management Duration of data management
Surname and first name User specified User registration, identification, addressing during communication until the registration is cancelled
Username User specified Addressing user during communication until the registration is cancelled
E-mail address User specified Registering and identifying user, providing communication until the registration is cancelled
Password User specified User registration, identification until the registration is cancelled
User start date and general time of work User specified Scheduling the exercise program  until the registration is cancelled
General time of user’s lunch time User specified Scheduling the exercise program until the registration is cancelled
Suspension status User specified Pausing the exercise programme until the registration is cancelled
Completed and missed exercises  Measured and recorded by system Statistical purpose until the registration is cancelled
Posture details Measured and recorded by system User warning for incorrect posture until the registration is cancelled
Workplace and Home Office location address information  User specified Location-based alert for the use of the maintenance monitoring tool  until the registration is cancelled
User location information  Data measured by the mobile phone and transmitted to the application based on user’s permission Location-based alert for the use of the maintenance monitoring tool  until User’s permission is valid, or registration is  cancelled
  1. Legal basis, method and purpose of data processing

7.1. The data will be processed on the basis of a voluntary, duly informed statement by the users of the content on the website http://my.actlico.com and in the IOS and Android applications (hereinafter: Actlico system), which includes the expressed consent of the users, that their personal data provided when using the site will be used. The legal basis for data processing is the voluntary consent of the data subject. The consent is given by the User with the expressed acceptance of the above-mentioned data after prior acquaintance with this data protection policy – by ticking the relevant box – or by registration, voluntary provision of the data in question and use of the Actlico system.

7.2. The purpose of data management is to provide the services provided by the Actlico system developed and operated by Actlico Kft. to the user. The Service Provider stores the data provided by the Customer for a specific purpose, exclusively for the concluded license agreements and for the performance of the services.

We process the Customer’s data exclusively with data processing performed by a computer device.

7.3. The purpose of the automatically recorded data is the production of statistics, the technical development of the IT system, and the protection of users’ rights.

7.4. The data controller may not use the personal data provided for purposes other than those described in these sections. The release of personal data to third parties or authorities, unless otherwise required by law, is only possible with the prior express consent of the user.

7.5. The data controller does not check the personal data provided to him. The person who provided the data is solely responsible for the accuracy of the information provided.

  1. Duration of data management

8.1. The processing of data that is mandatory during written messaging starts with the sending of the message and lasts until it is deleted. In the case of non-mandatory data, the data processing lasts from the date of providing the data until the deletion of the data in question. The registered Customer may initiate the change or deletion of the data recorded during the written messaging after the login.

8.2. The above provisions do not affect the fulfillment of retention obligations set out in legislation (e.g. accounting legislation).

  1. Persons entitled to access the data

9.1. The data is primarily accessible to the Data Controller and the Data Controller’s internal employees, however, they are not published or passed on to third parties.

9.2. In the framework of the operation of the underlying IT system, the fulfillment of orders and the settlement of settlements, the Data Controller may use a data processor (e.g. system operator, accountant). Service Provider is not responsible for the data management practices of such external parties.

9.3. In addition to the above, the transfer of personal data concerning the Customer may only take place in cases specified by law or on the basis of the Customer’s consent.

  1. Customer Rights

10.1. The Customer is entitled to request information about the personal data managed by the Data Controller at any time. Customer is also entitled to request the deletion of its data via the contact details provided in this section.

10.2. At the request of the Customer, the Data Controller shall provide information about the data processed by him / her, the purpose, legal basis and duration of the data processing, as well as who and for what purpose receives or has received his / her data. The Service Provider shall provide the requested information in writing within 30 days of the submission of the request.

10.3. The data subject may exercise his / her rights at the following contact details:

Mailing address: 8411 Veszprém, Buzogány köz 2.

Email:

The Customer may contact the Data Controller’s employee with any questions or remarks related to data management via the above contact details.

10.4. The Customer has the right at any time to request the correction or deletion of incorrectly recorded data. Some of your data may be corrected by the Customer on the Website; in other cases, the Data Controller shall delete the data within 15 working days from the receipt of the request, in which case they will not be recoverable. The deletion does not apply to the data processing required by law (e.g. accounting regulations); they will be retained by the Data Controller for the required period of time.

10.5. The customer can enforce his rights in court and also seek the assistance of the Data Protection Commissioner.

10.6. If the Customer has provided third party data during the registration for the use of the service, or has caused damage in any way during the use of the Website, the Data Controller is entitled to enforce compensation against the Customer. In such a case, the Data Controller shall provide all possible assistance to the acting authorities in order to establish the identity of the infringer.

10.7 Data Protection Authority Procedure
Remedies and complaints can be lodged with the National Authority for Data Protection and Freedom of Information:
National Data Protection and Freedom of Information Authority
Headquarters: Falk Miksa utca 9-11, 1055 Budapest.
Postal address: 1373 Budapest, Postafiók 9., Pf. 603
Phone: +36 1 391 1400, +36 (30) 683-5969 or +36 (30) 549-6838
Fax: + 36-1-391-1410
E-mail: Website: http://www.naih.hu