DATA MANAGEMENT INFORMATION
This Privacy Policy is the Privacy Policy of iBar Experience Kft. (registered office: 7800 Siklós, Petőfi Sándor utca 3.; tax number:27342992-2-02; hereinafter referred to as the Data Controller) concerning the users (hereinafter referred to as the User or Users) of the iBar application (hereinafter referred to as the Application) and the ibar. ai website (hereinafter referred to as the Website) operated by the iBar (hereinafter referred to as the Service). In all cases, the personal data provided by users are subject to Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR), Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.), Act V of 2013 on the Civil Tenth Book (Civil Code), Act XLVIII of 2008 on Basic Conditions and Certain Limits of Economic Advertising Activities Act CVIII of 2001 on Certain Issues of Information Society Services and the provisions of this information are handled properly and to the extent necessary for the purpose to be achieved by the data processing. The Data Controller reserves the right to change the provisions of this Information. The Data Controller will inform the registered users of the changes on the Website by means of a short notice or in case of significant changes by e- mail. If the affected user continues to use the Service after the notification, this will be deemed to be acceptance of the amended provisions of this Policy. The data processing of websites to which a link on the Website leads is not covered by this information. The processing of data by service providers who collect data for the purpose of analysing user habits in relation to the Website and who do not cooperate with the Data Controller in this respect is not covered by this information. The personal data received directly from users and received from other data controllers will be handled by the Data Controller in accordance with this information. For the purposes of applying this Notice, personal data shall mean any information relating to an identified or identifiable natural person (“data subject”) in accordance with the GDPR; it is possible to identify a natural person who, directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person,- is identifiable. Personal data shall retain this quality during
the processing as long as the natural person can be identified on the basis of that information. Additional terms used in this Information also have the same meaning at all times as defined in the GDPR.
1. Data of the Controller
Name: iBar Experience Kft.
Registered seat: 7800 Siklos, Petofi Sandor Street 3
Contact: info@ibar.ai
Company registration number: 02 09 084938
Tax number: 27342992202
Name of the registering authority: Court of Justice of the General Court of Pécs
2. Storage of personal data processed by the Data Controller
The Data Controller stores the personal data processed by the Data Controller
on the servers of the following service providers:
Name of service provider: DigitalOcean, LLC
Server name of the provider: FRA1
The provider's website: https://www.digitalocean.com/
3. The scope, the purpose of processing, the legal basis, the duration of
storage of personal data processed by the Data Controller
The Data Controller processes the data of the users that the users provide when subscribing to the newsletter, when filling in a questionnaire or when sending a request to the Data Controller, or that they receive from other data controllers.
The personal data thus provided and processed by the Data Controller may be as follows: name, e-mail address, telephone number. The Data Controller treats the other data given in the questionnaire (position, number of alcoholic beverages, who make beverage accounts, how long does it take, name of the bar, address of the bar) are handled by the Controller as company data. Data received from other data controllers for registration for the Application (company name, restaurant name, restaurant address, user name, account name, IP address, type and beginning of subscription, catering software name) are processed by the Data Controller as company data, but data are essential for the use of the Service. Additional data collected when using the application (date of the inventory, product inventory, inventory volume) are handled by the Data Controller as company data.Visiting the Website without using the Services does not require user identification, in which case no data processing takes place. Downloading the Application without using the Services does not require user identification, in this case no data processing takes place. It is not possible to subscribe to the newsletter without specifying your name and e-mail address, without providing further data, no personalization of the Service may take place. Purpose of data processing: contact with users who register for the newsletter, sending newsletters and advertising (direct marketing), personalization of media content and advertisements, even on the basis of profiling, use of the Application Service Personalisation of ads is usually done by automated actions performed by computing programs without human intervention. Legal basis for data processing: voluntary, specific and informed consent of users (Art. 6 (1) (a) GDPR). The user has the right to withdraw his consent to the processing of all or part of the personal data relating to him or her at any time by sending an e-mail to info@ibar.ai. The consent shall not affect the lawfulness of data processing based on consent prior to withdrawal. The Data Controller does not offer information society services directly to children, but nevertheless it is possible that the Service is also used by children. Consent for data processing of children under 16 years of age is lawful only if the consent was given or authorized by the person exercising parental control over the child. The User warrants that the consent complies with the above legality condition. Duration of data storage: the Data Controller stores the data provided when subscribing to the newsletter (name, e-mail address) and the data provided on the questionnaire (e-mail address, bar name, bar address) for the 30th day after unsubscribing from the newsletter, and the additional data provided on the questionnaire will be used anonymously after unsubscribing (position, number of spirits, who performs inventory, how long does it take). The data provided in the case of a request sent to the Data Controller will be manaaged for 60 days after the closure of the case.
Without prejudice to the foregoing, the Data Controller will finish the processing of all or some personal data relating to the user, even if the purpose of processing indicated in this Policy has ceased to exist or the user has withdrawn his consent. In the latter case, the erasure of personal data shall take place within 30 days of receipt of the withdrawal of consent by the Data Controller. In case of withdrawal of consent, the Controller is also entitled to process the personal data of the user if it has a different legal basis for the processing (e.g. processing is necessary for the fulfilment of a legal obligation or for the enforcement of legitimate interests). All users shall provide their data truthfully, and the Data Controller shall not be liable to the user concerned or to any other third party in connection with the untruthfulness, misrepresentation or misprinting of data. If any third party makes a claim against the Data Controller in connection with the untruthfulness of the personal data provided, the user is responsible for satisfying the claim on behalf of the Data Controller.User: When entering his e-mail address the user assumes responsibility for the fact that only he uses the service from the specified e-mail address. Accordingly, all liability in connection with access to the specified e-mail address lies solely with the user who registered the e-mail address. Subscrption to the newsletter is possible in a specially designed text box with the e-mail address and name. The Service Provider may send the information detailed in Section 3.1 of the Terms of Use by e-mail to the users who subscribed to the newsletter. The subscribed user is entitled to unsubscribe from the newsletter at any time, without giving reasons or having legal consequences by sending a letter to info@ibar.ai.
4. Rights of the data subjects
4.1. Right to information: The Data Controller shall take appropriate measures to make available to data subjects information relating to the processing of personal data pursuant to Articles 13 and 14 of the GDPR and to provide the data subjects with information pursuant to Articles 15 to 22 and 34 of the GDPR. The Data subjects may request information regarding the processing of their personal data by the Data Controller by means of a letter sent to the contact details of the Data Controller indicated in point 1.
4.2. Right of access The data subject has the right to receive feedback from the Controller as to whether his personal data are being processed and, if such processing is ongoing, the right to have access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be communicated; the duration of storage of the personal data; the rights which the data subject may exercise (rectification, deletion, objection, processing of data ); the right to lodge a complaint to the supervisory authority; information on data sources and the fact of automated decision- making. At the request of the data subject, the Data Controller shall provide the data subject with a copy of the personal data processed in respect of him; first free of charge and then for a reasonable fee.
4.3. Right to rectification The data subject shall have the right to request the Data Controller to rectify inaccurate personal data relating to him or to request the completion of incomplete personal data. If the data subject cannot perform these operations independently on the website interface, he may send his request to the contact details of the Data Controller in accordance with point 1.
4.4. Right to erasure: The Data Controller shall erase the personal data relating to the data subject within 30 days of receipt of the request if the data subject is based on the grounds set out in Article 17 (1) GDPR (e.g. the purpose of processing has been terminated; the data subject has withdrawn his consent and there is no other legal basis for the processing; the data subject is unlawful; the data subject objects to the data processing and there are no legitimate grounds for the processing; personal data must be deleted on the basis of a legal obligation). The Data Controller has the right to refuse erasure on the grounds set out in Article 17 (3) GDPR (e.g. processing for the purpose of exercising the right to freedom of expression and information or fulfilling legal obligations or for the enforcement or protection of legal claims).
4.5 Right to restrict data processing If the data subject contests the accuracy of the personal data relating to him or her, he or she may request that the Data Controller restrict the processing of the personal data concerned for the period of verification of their accuracy. The data subject may also request the restriction of data processing if the processing is unlawful, but the data subject opposes the erasure of personal data, or if the Data Controller no longer needs the personal data for the purposes of data processing, but the data subject requires them for the enforcement of his legal claim. The data subject is entitled to request a restriction of processing even if he has objected to the processing; in this case the restriction applies for the period until it is determined whether the legitimate reasons of the Data Controller have priority over the legitimate reasons of the data subject. During the period of the restriction, personal data may only be
processed in exceptional cases, except for storage.
4.6. Right to data portability: The data subject shall have the right to obtain from the controller personal data concerning him or her in a structured, commonly used, machine-readable format and to have those data transmitted by him or her or, where technically feasible, by the controller to another controller, where the processing is based on consent or a contract and the processing is carried out by automated means.
4.7. Right to object. If the processing is necessary for the exercise of the legitimate interest of the Data Controller or third party, the data subject may object to the processing of his personal data (including profiling). In this case, the Data Controller shall no longer process the personal data unless it proves that the processing is justified by compelling legitimate reasons that have priority over the interests, rights, freedoms of the data subject or which relate to the establishment, exercise or defence of legal claims. If the processing is carried out for the purpose of direct marketing, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for this purpose.
4.8. Enforcement of rights Data subjects may contact the Data Controller directly with their complaints and objections by sending a letter to the contact details indicated in point 1, who will do everything in his power to eliminate and remedy any infringements. In case of infringement of his rights, the data subject may apply to the competent court or complain to the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c).
5. Method of data processing, data transfer, data security
5.1. The Data Controller does not disclose the data of the data subjects without prior written receipt of the data subject and does not transfer them to third parties, unless it is obliged to do so on the basis of a judicial or regulatory decision or legal provision or if the Data Controller transfers the provision of the Service to third parties in whole or in part.
5.2. The Data Controller cooperates with a media agency (Google Analytics) that collect personal data from the users of the Website independently, by placing cookies or using click meters, for the purpose of assessing, analysing user habits, preferences and statistics. For this purpose, they can record users' IP address, visit data and search history. The data processing of these service providers is not covered by this Information, the service providers process the personal data in accordance with their own data protection information.
5.3. The Data Controller shall take all security, technical and organisational measures appropriate to the state of science and technology and the cost of implementation, to the nature, scope, context and purposes of the processing and to the risk to the rights and freedoms of natural persons, to ensure the security of the data, to provide an adequate level of protection, in particular against unauthorised access, alteration, disclosure, erasure or destruction, accidental destruction or accidental damage and against possible loss of access.
Siklós, March 31, 2023.
iBar Experience Ltd.
3 Petőfi Sándor Street,
7800 Siklós
© 2023 iBar Experience