Privacy Policy

AppCorner Kft. as a data controller (henceforward referred to “we” as the plural first person) is obliged to comply with the contents of this legal notice. We have committed ourselves to ensure that all data management related to our business complies with the requirements of this policy along with the applicable national legislation and the legal acts of the European Union.

We reserve the right to change this policy at any time. Any changes will be published here in due time.

We are committed to protect the personal information of our customers and partners, and we always prioritize their privacy.

All personal data is handled confidentially, and we take extensive security, technical and organizational measures that guarantee proper data protection.

What kind of data do we collect and for what purpose?

Our processing is based on voluntary consent and/or other legal grounds detailed below. In the case of voluntary consent, the subject’s consent may be withdrawn at any time. Below you will find Article 6 (1) of Regulation (EU) 2016/679 of the European Parliament and of the Council. Please review this because we will refer to it in many places. You can access the full text of the regulation via this link.

Diagnostic data

Legal grounds for processing: Point (f) of the (first) paragraph in Article 6 of Regulation (EU) No. 2016/679: the enforcement of legitimate interests pursued by the controller

We collect diagnostic data of the page loads on our web site, including page loads and data accesses initiated by our application. The data includes information about the downloaded page, the download method and the result, and the downloader’s IP address. This data is used for the detection of errors and detection and prevention of hostile attacks. The recorded information is stored separately from any other personal data, furthermore, we take all the necessary steps to ensure that such information cannot be used for any purpose other than diagnostics. All recorded data will be automatically destroyed after 14 days, on a daily interval.

Technical data required for normal operation of the mobile app

Legal grounds for processing: Points (b) and (f) of the (first) paragraph in Article 6 of Regulation (EU) No. 2016/679

Registration is not required to use the application, so we utilise randomly generated unique identifiers to ensure normal operation of the application. These identifiers are created and stored on the first launch and are later used for features such as automatically updating transit schedules and displaying news, information and notifications inside the application. These identifiers cannot be associated with real persons and due to their nature, they can no longer be used once the application is uninstalled.

If you are using functionality that requires access to your current location, such as planning trips from or to your current location, searching for stops near your current location, or showing vehicles near your current location, the application might transmit this location to our systems. We are making every reasonable effort to ensure that data transmitted this way remains anonymous and the recipient has no means to identify you as a person.

Technical data required for displaying ads

Legal grounds for processing: Point (f) of the (first) paragraph in Article 6 of Regulation (EU) No. 2016/679: the enforcement of legitimate interests pursued by the controller

The application displays ads using Google AdMob services. To meet the technological requirements for displaying such ads, the application uses "mobile identifiers", which are random unique identifiers similar to cookies. This technical data is used by our partners for the detection of fraud and abuse and the prevention of hostile attacks when serving ads. Storing these identifiers is required to enforce legitimate interest of both the data controller (us) and our partners.

Data used to personalise ads

Legal grounds for processing: Point (a) of the (first) paragraph in Article 6 of Regulation (EU) No. 2016/679: the voluntary consent of the subject

The application displays ads using Google AdMob services. You can choose to opt in to receiving personalised ads, in which case Google Admob will use your data to personalise these ads based on your interests. This personal data will also be shared with external advertising partners, the list of which you can view during your consent. You can also control which partners you allow access to.

A detailed explanation of the way Google stores and uses your data for personalised ads can be found here. The list of partners your data could be shared with can also be found here: AdMob Ad Technology Providers.

Data used for sending newsletters

Legal grounds for processing: Point (a) of the (first) paragraph in Article 6 of Regulation (EU) No. 2016/679: the voluntary consent of the subject

You can subscribe to our newsletter on our website. If you do so, we'll use your e-mail address solely for sending you newsletters. You can also provide us your name, which will only be used to properly address you in outgoing communications. You can unsubscribe from the newsletter at any time. Your name and e-mail address will be stored for an indefinite period unless you withdraw your consent.

Data provided when contacting customer support

Legal grounds for processing: Points (b) and (f) of the (first) paragraph in Article 6 of Regulation (EU) No. 2016/679

Personal data that you provide when contacting our customer support, will solely be used for communication regarding the subject of your inquiry, and for solving your problem itself.

Any data that you provide when contacting customer support, including personal data, will be handled on the above mentioned legal grounds and will be stored indefinitely. Should you provide any personal data for which we have no legal grounds to handle, the data will not be used in any way and will be deleted as soon as possible.

Data provided during other form of communications

Legal grounds for processing: Point (a) of the (first) paragraph in Article 6 of Regulation (EU) No. 2016/679: the voluntary consent of the subject

In the case of any other communication or support request, the personal data of the subject will be used solely in relation with the communication or the fulfillment of any requests communicated. Such data is stored for an indefinite period unless otherwise requested by the subject.

What do we do to secure data?

Security

We store and manage data in accordance with the latest security standards. While designing our internal processes, we concentrate on reducing the potential for human error and making sure we can effectively mitigate any damage resulting from such error.

Access

Our internal processes have been designed in a way that our employees only have access to the data needed to complete their work. Access to personal data is audited and logged. Our employment contract contains a strict confidentiality clause and the importance of protecting personal data is always emphasized to our employers. The performance of our data handling related processes is measured and revised on a regular basis.

With whom do we share data?

As our company uses third-party services to carry out certain tasks, some of the data will be transmitted to third-party service providers acting as either data controllers or data processors. We are very careful when picking these third-party service providers, making sure that they can guarantee the confidentiality and security of the data, and they are in compliance with the national legislation in force and the legal acts of the European Union. Below you will find a list of such data processors and the scope of the data being transmitted.

• DigitalOcean, Inc.
  The majority of our private servers are virtual private servers provided by DigitalOcean. Servers that are involved in our data processing run on hardware physically placed in DigitalOcean data centres of the Netherlands and Germany. here.
• Hetzner Online GmbH.
  Some private servers are virtual private servers provided by Hetzner. Servers that are involved in our data processing run on hardware physically placed in Germany. Website: hetzner.com, address: Industriestr. 25, 91710 Gunzenhausen, Germany.
• Rackforest Kft.
  Some of our services utilise virtual private servers provided by Rackforest. These servers are physically located in Budapest, Hungary. Rackforest's privacy policy can be found here.
• Amazon Web Services (AWS)
  We store backups in an encrypted format in AWS's data centers located in Ireland and Germany. AWS's privacy policy can be found here.
• Cloudflare, Inc.
  To ensure reliable operation of our website and mobile application, we use security and content optimisation services from Cloudflare. You can find Cloudflare's privacy policy here.
• Google Firebase
  We use Firebase to send push messages and to store anonymous analytical data collected by the application. You can find Google’s privacy policy here.
• Google AdMob
  We use Admob to display ads inside the application. You can find Google’s privacy policy here.
• Huawei Ads Kit
  When downloading the application from Huawei AppGallery, we might use Huawei's ad services to display ads inside the application. You can find Huawei's privacy policy here.
• Google G Suite
  Our company uses G Suite apps for everyday communication, email and other daily activities. Emails sent to us are also received through this service and stored on Google’s servers. You can find Google’s privacy policy here.
• Mailgun
  We use Mailgun to ensure incoming and outgoing e-mails are delivered to the proper recipient. If you contact our support via e-mail, it will go through Mailgun's data center, which is located in the EU. If you've signed up for the newsletter, Mailgun will also be used to deliver them to you. You can find Mailgun’s privacy policy here.
• Help Scout
  We use Helpscout for customer support related tasks, as part of which we can store personal information. The service is used to handle user requests we receive to our support email address ([email protected]). The privacy policy of Help Scout can be found here.

About your rights

We would like to inform you that in case the legal basis for data processing is point (a) of the (first) paragraph in Article 6 of Regulation (EU) 2016/679, i.e. the voluntary contribution of the subject, in accordance with national legislation in force and acts of the European Union you are entitled to the following rights:

Right to be informed

As the data subject, you shall have the right to access all of the information relating to data processing referred to in Articles 13 and 14 of Regulation (EU) 2016/679, and Articles 15-22 and 34 in a short, concise, easily understandable and accessible form. You can access the full text of the regulation on this link.

Right to access

As the data subject, you shall have the right to access personal data or any other information that may arise in the data processing: the purposes of data management; the categories of personal data concerned; the categories of recipients or recipients with whom personal data was shared or will be shared, including in particular third-country addressees or international organizations; the intended duration of the storage of personal data; the right for rectification, deletion or the restriction of data processing and the right to object; the right to file a complaint addressed to the supervisory authority; information about data sources; the fact of automated decision making, including profiling, as well as easily understandable information based on the applied logic of such data management and the likely consequences for the data subject. The data controller shall provide the information required within 25 days of the submission date.

Right to rectificate

As the data subject, you shall have the right to ask for the correction of inaccurate data and have incomplete personal data completed during data processing.

Right to be erased

As the data subject, you shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay where one of the following grounds apply:

• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
• the data subject objects to the processing pursuant and there are no overriding legitimate grounds for the processing;
• the personal data have been unlawfully processed;
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• the personal data have been collected in relation to the offering of information society related services.

Erasure of data cannot be initiated if data management is necessary: with the aim of exercising the right to freedom of expression and the right of access; the fulfilment of an obligation under EU or Member State law applicable to the data controller for the processing of personal data, if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for the performance of a task carried out in the exercise of public authority exercised in the public interest or on the data controller; for the purpose of public health or archiving, scientific and historical research or statistics, out of public interest; or for the submission, validation or protection of legal claims.

Right to restrict processing

As the data subject, you shall have the right to obtain from the controller restriction of processing where one of the following applies:

• the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
• the data subject has objected to processing pursuant pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Right for data portability

As the data subject, you shall have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

Right to object

As the data subject, you shall have the right to object, on grounds relating to your situation, at any time to processing of personal data concerning you or the existence of appropriate safeguards, which may include encryption or pseudonymisation, or data processor or the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In case of objection, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Automated individual decision-making, including profiling

As the data subject, you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Right to withdraw

As the data subject, you shall have the right to withdraw consent at any time.

Right to go to judicial authorities

As the data subject, should you feel that your rights have been violated, you may be directed to the court against us. The court proceeds out of turn.

Right to file a complaint

To file a complaint please contact Nemzeti Adatvédelmi és Információszabadság Hatóság at:
Nemzeti Adatvédelmi és Információszabadság Hatóság
Registered office: 1055 Budapest, Falk Miksa utca 9-11.
Mailing address: 1363 Budapest, Pf.: 9.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
Email: [email protected]
Website: www.naih.hu

Latest update: Jan 6, 2024.