Use and Privacy Statement
1.1 The Operator
The eNNYI mobile application and the related backend services are provided by Innovus International Service and Trading Ltd. (official seat: Istvánmezei út 2. C. lház. fszt. 127. 1146 Budapest, HUNGARY; company registration number: 01-09-950028; e-mail: firstname.lastname@example.org, furthermore: the Operator)
1.2 The User
Anyone who downloads the eNNYI mobile application and registers and uses its services based on his / her data is determined as User.
1.3 Scope and amendment of the policy
This Scope of Use and Privacy Statement (hereafter referred to as the “Disclaimer”) covers the services and data management provided by the Operator for this mobile application (hereinafter referred to as the Application). The Operator reserves the right of modifying the Disclaimer. The Operator informs the Users about earlier modifications on demand. The Operator publishes the revised policy, the modifications only apply after the publication. The Operator is not obliged to notify the users of the changes separately.
The Application primarily carries out data collection and data management tasks related to the meter usage of the utility services utilized by Users based on data provided by Users. The purpose of data processing in the service provided for a registered user is to enable the user concerned to directly provide consumer information to the provider of the service, and to provide access to information related to billing. In this activity, the User’s name, email address, and telephone number are used by the Operator in the exchange of data with the public service providers contractually associated with it.
2.1 Legal basis and principles of data management
The personal data manager of the Operator. The legal basis of the data management is the voluntary contribution of the persons concerned. Persons affected by the voluntary registration of the Application will accept this Declaration. This Declaration is considered to be the information of the person concerned. The Operator handles personal data generated by the data subject and the personal data created in connection with the related Application. The Operator shall endeavor to fully enforce the rights of the data subject. The Operator handles all personal data for the purposes of providing and developing the Services of the Application. Thus, the purpose of personal data management is to provide services and to analyze and develop the Application. The Operator does not handle data that is not needed to access the targets. The Operator seeks to ensure that the following principles of personal data management are fully enforced:
2.2 Scope of managed data
Data managed during registration:
Data managed during providing the service:
Data management time: data related to property and meters can be handled by the system until the data can be initiated by the data subject. The registration information will be automatically deleted after the one-year inactivity concerned.
2.3 Place of data management, governing law
Personal data is handled at the Operator’s head office, branch office, site or in the data processing room assigned by the operator. Data management decisions are made by the Operator. The Operator is a Hungarian legal entity, the place of data management is Hungary. Based on the above the processing of personal data is governed by Hungarian law, in particular the Act CXII of 2011 Law on the right to information, self-determination and freedom of information. The Operator shall take account of the provisions of Directive 95/46 / EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data by the European Parliament and the Council.
During registration, the user provides the information specified on the registration form. The purpose of the data provided is to provide a registration-related service and to identify the person concerned. The Operator reserves the right to make certain information on the registration form as a condition of registration. The data entered during the registration is handled by the Operator, but the address of the meter, identifying data and actual position of the meter(s), and any photographs that may have been uploaded will be handed over to the competent public utility provider(s), if the user initiates a separate registration through the Application to the certain public utility provider.
2.5 The purpose and main rules of handling personal data
The primary purpose of managing the data entered during registration is to identify and to keep in touch with the user. In addition, the purpose of the data management is to provide the services of the application and to improve the services; and – as defined in this Statement – communication to public utility providers contractually related to the Operator. In the course of data management, the Operator shall comply with the applicable laws, in particular to the Act CXII of 2011 Law on self-determination and the freedom of information. The legal basis for data handling is in each case the consent of the party concerned. The Operator reserves the right to change the contents of the registration form, to delete some data fields or to create new data fields, especially if this is necessary or justified by user needs or changes in legislation. The Operator informs the Users about the changes. The Operator has no right to change the data provided. In addition to the above, additional services may be associated with certain services. Details of these voluntary contributions will be provided by the Operator in every case.
2.6 Access to managed data, data transfer, use of data
The data are accessible to those persons who act in the interest of the Operator, in particular agents, employees, who are required to do so and who are aware of the obligations to manage the data. The data processed by the Operator will only be transmitted or made accessible to third parties if the person concerned expressly consented to it or ordered by law. The Operator shall only make available to the public utility suppliers contractually related to those relevant to the provision of the service they provide. The person involved in the direction of the public utility supplier through voluntary registration within the System will use his / her data for this purpose. The Operator is entitled to use a data processor for certain technical operations in accordance with applicable law. The data processor is only entitled to execute the Operator’s decisions in accordance with the Operator’s instructions. The use of the data processor shall not affect the responsibility of the Operator. The Operator is entitled to use the data for statistical purposes in a non-personally identifiable manner. Data for other purposes other than the purpose may not be used by the Operator.
2.7 Advertising-related data management
The Operator is entitled to use the contact details provided during registration (e-mail address, postal address, telephone number, other identifiers used for contact purposes) of the User to send promotion emails, newsletters and other messages and notification related to the Operator, Operator’s activity and /or the Application, if the User enables this function in the Application.
2.8 Duration of data handling
The Operator deletes data entered, if:
The user may request the deletion of personal data processed in connection with the Application. Upon request by the affected party, of the Operator the data will be deleted within five business days. Deleting the data required to register will result in deletion of the registration. When deleting personal data, the data will be unrecognizable in such a way that the data and the connection between the affected person can no longer be recovered.
2.9 Rights of the data subjects, privacy protection
The user has the right to correct his/her data, or request the correction of incorrect data from the Operator. The user has the right to delete some of his data or complete registration by activating the deletion features available within the system. The user can request information on how to handle his / her data. Information may also be provided by the Operator via e-mail. The person concerned may request information, correction or deletion of data on contacts detailed on point I / 1.
2.10 Data security
The Operator shall take all reasonable steps to ensure the security of the data, and shall ensure an adequate level of protection, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage. The Operator ensures the security of the data with appropriate technical and organizational measures.
3.1 Obligations and responsibilities of the user
The User has to take due care when entering his / her data. The Operator shall not be liable for damages resulting from incorrectly handling the user’s data by the User. Any user may only use the Application at their own risk. The Operator shall not be liable for any damages or inconveniences caused by the use of the Application due to the fact that the User did not use the due diligence when using the Application. The User is obliged to act honestly when using the Application, with due regard for the rights and interests of others. The User is obliged to respect the applicable laws and must refrain from using any activity that is illegal or harms the interests of others. Within this, the user is obliged to respect the privacy, personal rights, intellectual property rights of others, in particular the rules on the protection of literary, scientific and artistic works, inventions, designs, utility patterns, trademarks and signs under copyright. The user is obliged to refrain from committing a misdemeanor or offense, and also to abstain from any obscene or other expression that is likely to cause indignation in others. All users are required to refrain from any activity that prevents the proper use of the Application. All users are required to abstain from any activity that violates the interests of the Operator. Within this, the user is obliged in particular:
Users can only enter their own personal data when signing up. Specifying the details of other persons is considered to be unlawful data management, which may have consequences as defined in specific legislation. In the event of misuse of other personal data, the Operator shall assist the determining authorities in identifying the infringement in order to identify the offender. The restrictions described in this section apply to all users of the Application.
3.2 Procedure against offending users
If the user violates this Statement or violates statutory provisions, the Operator may cancel the registration of the user. In this case, the user’s registration will be terminated and will no longer be able to access the services of the Application. In the event that it is necessary to start an administrative, judicial proceeding on the basis of the user’s behavior, the Operator can store the data necessary for the identification of the user and the data on the breach independent of the cancellation of the registration and transfer it to the acting organizations. If the user violates any third party rights and this third party is authorized to initiate proceedings The Operator may transfer the data to the third party if the third party demonstrates its legitimate interest.
The Operator undertakes to take all reasonable measures to ensure its smooth and continuous service. The Operator does not warrant the uninterrupted access to the Application and can not be held responsible for suspending or terminating the Service. The Operator seeks to resolve possible disturbances or operational problems during the operation of the Application, but can not be held responsible for them. The Operator does not take responsibility for the behavior of users.
5.1 Right to information
Interested parties may request information about how to handle their data. The information concerned can primarily be requested through the customer support functions built into the system. The data controller shall endeavor to inform the data subjects of the details of the data management prior to the processing of the data. At the request of the person concerned, the data controller shall provide information about the data he or she manages, the source, the purpose, the legal basis and the duration of the data, the public utility provider having access to the data, its address, its activity regarding the data and – in case of transferring the personal data of the person concerned – the legal basis and the address of the addressee of the data transfer. The data controller shall provide the information in writing in the shortest possible time, but not later than 30 days, in an understandable form, at the request of the person concerned. Information is free of charge if the applicant for information has not yet submitted an information request for the same data field in the current year. In other cases, reimbursement can be made. The reimbursement already paid must be refunded if the data was unlawfully handled or the request for information resulted in a correction. The data controller may only refuse to inform the data subject if it is permitted by law. The data controller shall inform the data subject of the reasons for refusing the information. In this case, the data controller informs the person concerned of the remedies available.
5.2 Right to rectification
The person concerned may request that the personal data of the misdemeanor be corrected by the data controller.
5.3 Right to cancellation and protest
The person concerned may request the deletion of his / her personal data except for the data management ordered by law. The data manager informs the affected party of the cancellation. The person concerned may object to the handling of his / her personal data as specified in the 2011 CXII. law on freedom of information and the right to information self-determination.
5.4 Validating the rights of the concerned person
If the data controller fails to comply with the concerned correction, block or deletion request, it shall within 30 days of receipt of the request make a written statement of the factual and legal grounds for rejecting the request for rectification, blocking or cancellation. In case of refusal of an application for rectification, cancellation or blocking, the data controller shall inform the person concerned of the remedies available to the court and of the possibility of appeal to the authority. In the case of information, correction, deletion or protest, the data controller shall act in accordance with the applicable law. In the event of a violation of the law concerned, the person concerned may request a senior manager of the person acting on behalf of the data manager. The person concerned may sue the court for violations of his or her rights in order to enforce these rights based on the 2011 CXII. law on information self-determination and freedom of information and the Civil Code. In case of breach of the right to the protection of the personal data of the person concerned, he or she may contact the National Data Protection and Information Authority and request the Authority’s investigation.