The scope of this information includes both the natural person Users of the RECASH application as well as legal persons and organisations without legal personality using the RECASH application as a Partner.
The operator of the RECASH application shall manage the data, facts and information obtained during or in connection with the use of the RECASH application in accordance with this Information.
At the same time as the registration for the RECASH application as a user or a Partner, the user or Partner shall accept the provisions contained in this Information and voluntarily consent to the processing of their data and information in accordance with this Information.
If you do not agree with the content of this Information, please do not register and do not use the services of the application.
The provisions of this Information under Sections 2-9 about data processing and the protection of personal data are exclusively related to natural persons, i.e. Users using the service, who are regarded as consumers, as well as the natural person employees of companies publishing an offer via the application.
The provisions of this Information under Section 10 below about the protection of commercial secrets shall only be relevant for Partners in terms of the fact that commercial secrets may only be interpreted in relation with a business activity on the basis of Section 2:47 of the Civil Code. Therefore, Section 10 of this Information shall only prevail regarding the commercial secrets of Partners.
Identification of the data controller
The controller of the user and natural person Partner personal data entered into or generated by the RECASH application is Appspect Application Operating Ltd. (56 Hunyadi J. Road, MISKOLC 3530 - HUNGARY) (hereinafter: “Operator”).
During the performance of its activity, the Operator uses the cloud-based Azure service of the Microsoft Corporation (One Microsoft Way, Redmond, Washington, U.S.) to operate the application and the system, thereby the Microsoft Corporation may be considered to be the data processor.
The identification of the data protection officer and the data owner
In accordance with paragraph e) of Section 4 (1) of Government Decree No. 42/2015 (III.12.) on the protection of the IT system of financial institutions, insurance and reinsurance companies as well as investment firms and commodity exchange service providers, the Operator specifies the following person/organisation as the data owner:Gabor Pazmanyi; email: firstname.lastname@example.org.
The legal basis for data processing
Data processing by the Operator is based on the consent of the data subject. Data subjects expressly accept this Information during registration and, by accepting the Information, they give their express and voluntary consent to their data being processed in accordance with this Information. In the absence of the consent of the data subject, the data subject may not use the application.
Data processing by the Operator is also made possible in accordance with Section 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services for the purpose specified therein.
Purpose of data processing
Operator processes the personal data of Users primarily in order to send to the Users the special offers of Partners who have registered in the RECASH application. Operator credits the fee-deducted cashback amount to Users’ accounts after every card purchase at its Partners.
The Operator processes the personal data of employees of its Partners just for communication purposes.
Description of data processing
Operator processes the personal data of Users in the following ways and for the following purposes:
Displaying the special offers of Partners who have registered in the RECASH application on the smartphones of Users;
Detecting Users’ bankcard payments at Partners for the purpose of crediting the fee-deducted cashback amount repayed by Partners to the accounts of Users.
Sending newsletters to the email addresses of Users specified upon registration about new services and developments of the RECASH application, as well as other useful information about the use of the RECASH application;
Ensuring the efficient operation of the services of the RECASH application at the highest possible standard;
Creating statistics about User habits regarding the use of the RECASH application.
The application works on the principle that it detects Users’ payments made at stores of Partners who are offering cashback. Getting the cashback requires no additional steps for Users, whilst for the Partners the app detects Users payments at competitors and draws the attention of Users to their stores in different ways (highlighting, push notifications, etc.).
The Operator processes the personal data of natural person employees of Partners in the following ways and for the following purposes:
Creating the cooperation agreement to be concluded with the Partners and defining the content thereof;
Following up the performance of cooperation agreements concluded with the Partners as a result of the registration, invoicing the relevant fees and enforcing any other relevant claims;
Amending the cooperation agreements concluded with the Partners as a result of the registration;
Sending newsletters to the email addresses of Partners specified upon registration about new services and developments of the RECASH application, as well as other useful information about use of the RECASH application;
Ensuring the efficient operation of the services of the RECASH application at the highest possible standard;
Creating statistics about User habits regarding the use of the RECASH application as well as User interest in the Partner’s special offers.
Scope of the processed data
The Operator processes the following personal data of Users:
current and regular locations of the User based on GPS coordinates,
special offers that have been added to favourites by the User and/or have been validated;c
new offers based on the evaluation of User data and preferences specified in sections above in an automated manner.
The Operator processes the following personal data of natural person Partners:
scope of activities;
location of sites and business premises of the company with GPS
bank account number;
name, email address and telephone number of contact person.
In accordance with the above, the Operator performs “profiling” of Users, i.e. evaluates the personal characteristics of Users in an automated manner to deliver relevant offers to the User. This profiling is based on the relevant User’s consent. If the User does not wish to enable the Operator to perform this activity, the User may not use the application, since the purpose of the application is to deliver relevant offers to the User based on their continuously changing preferences. In the absence of consent, withdrawal of the registration for the application as well as of consent after registration makes it impossible for the User to use the application. If the User objects to the management of their personal data and preferences for profiling purposes, we suggest that the User should not download the application and should not register, or if it has already taken place, the User should delete the registration and the application from the device. After this point, all personal data for profiling and about the User are deleted from all systems of the Operator, so the duration of data processing lasts only until the deletion of the application or registration.
If, during use of the RECASH application, the user or the Partner specifies additional personal data on the mobile or web interface of the application, by specifying those personal data, the User or Partner also consents to the processing of such data by the Operator in accordance with this Information.
The Operator does not process sensitive payment data within the scope of the data processing activity. Pursuant to paragraph 5a of Section 2 of Act LXXXV of 2009 on the provision of payment services, sensitive payment data are data that can be used to commit fraud, including personal credentials, with the provision that the name of the account holder and the payment account number are not considered to be sensitive payment data with regard to the payment initiation service or account information service. In relation to the account information service, the Operator processes the name and payment account number of the account holder, which are not regarded as sensitive payment data in accordance with the above.
Duration of data processing
Data processing starts upon the registration of the User or Partner (by providing the consent of the data subject) and lasts until the deletion of the registration or application (withdrawal of the consent of the data subject).
If the User or Partner deletes the registration and the application, the Operator ends data processing and deletes the data of the User or Partner concerned without delay, except if fee-related or other claims exist against the Partner, in which case the Operator may maintain the processing of data required for the enforcement thereof, for the purpose of enforcing the claim.
Data transfer to third persons
The Operator may make available (traffic) data related to the use of the application in a manner unsuitable for identifying individual Users and organised or grouped according to different aspects in order to demonstrate the effectiveness and efficiency of the RECASH application and to enable Partners to develop their services in accordance with the interests of Users. The Operator may make available certain information in a statistical form in order to inform interested parties about the effectiveness and efficiency of its services.
The court, the public prosecutor and the authorities may contact the Operator for the purpose of seeking the provision of information, disclosure of data and issue of documents.
The Operator shall provide personal data to the court, the public prosecutor and the authorities – if the specific purpose and the scope of data have been specified by the court, the public prosecutor or the authorities – only to the extent that is indispensable for the achievement of the purpose of their request.
The Operator may use the data of the data subject that have been lawfully recorded and registered in order to settle any legal disputes between them, either during the negotiations for avoiding a legal dispute and/or the official litigation or non-litigation proceedings for settling the legal dispute.
Besides the content of this information, the Operator is entitled to transfer the personal data to third persons exclusively based on legal authority.
Rights and remedies of the data subject regarding data processing
The data subject may request information from the Operator about the processing of their personal data and may request the correction, deletion or blocking of their personal data and may object to data processing by the Operator.
Upon the request of the data subject, the Operator shall provide information about the data processed by them and – if any – the data processed by any data processor commissioned by them, the source of such data, the purpose of data processing, the legal basis, duration thereof, the name, address (registered office) and data processing-relevant activity of the data processor (if any), and to whom the data of the data subject are or have been transferred for what purpose and on what legal basis.
The Operator shall provide the information to the data subject in a clear manner in writing within the shortest possible time after the submission of the request, but within 30 days at the latest. This information provision is free of charge if the requester has not submitted any information requests to the data controller for the same data scope in the same year. In other cases, the Operator may set a fee.
The Operator shall delete the personal data of the data subject if its processing is unlawful, if it is requested by the data subject, if the purpose of data processing has ceased to exist, or if the legally defined deadline for data storage has expired, or if it has been ordered by the courts or the Hungarian National Authority for Data Protection and Freedom of Information (the “Authority”). The Operator solely and exclusively manages data that are absolutely necessary for providing the services to the Users and Partners. This means that if any data subject requests the deletion of their data, in accordance with Section 1.4 above, the data subject will not be able to use the application thereafter and the registration will be deleted.
The Operator shall inform the data subject and anyone who the data have been transferred to for the purpose of data management or data processing about the correction, deletion or blocking of the personal data. The notification can be omitted if it does not violate the legitimate interest of the data subject with regard to the purpose of data processing.
n the event of a violation of law or a direct risk thereof, the data subject may report it to the Authority and initiate an investigation.
Upon the violation of the rights of the data subject, the data subject may turn to the courts against the Operator. The court shall give priority to the case.
The Operator shall reimburse any damage caused to others by unlawful management of the data of the data subject or by the breach of data security requirements. The Operator shall be liable to the data subject for any damage caused by the data processor as well. The Operator shall be exempt from liability if the damage was caused by an unavoidable cause outside the scope of data processing. The damage shall not be reimbursed if it was due to the intentional or gross negligent conduct of the injured party.
Regarding the management of personal data, the data subject is entitled to contact the Operator’s Data Protection Officer. Name and contact details of the Data Protection Officer: Alexander Soltesz; email: email@example.com.
Confidential management of commercial secrets
During the performance of cooperation agreements with Partners, the Operator may obtain information about the Partners that are regarded as commercial secrets. In each case, the Partner shall inform the Operator if any information is to be regarded as a commercial secret and shall request the confidential management thereof. If no such information is provided, the Operator shall not be liable if the information concerned is made public or learnt of by third parties.
The Operator shall ensure the confidential management of information specified as a commercial secret.
The Operator shall store the data of Partners and Users as well as relevant information in electronic format on the server of the RECASH application.
The Operator shall select and operate the IT devices applied during the provision of the service for the management of personal data so that
the data processed are available to the persons authorised to access them (availability),
their authenticity and authentication (authenticity of data processing) are ensured,
it can be proven that the data have not been changed (data integrity),
the data processed are protected against unauthorised access (data confidentiality).
The Operator ensures the protection of the security of data processing through technical and organisational measures that provide a sufficient level of protection against the risks of data processing. The Operator shall ensure security through server-level and application-level protection procedures.
However, Users and Partners acknowledge that no Internet-based data transfer can guarantee 100% security. Therefore, even though the Operator takes all commercially reasonable security steps to protect the data of Users and Partners, and seeks to contract partners who perform their activity in a similar manner, the Operator cannot guarantee the security of data arriving to or leaving the mobile or Internet interface of the application.
The Operator’s servers automatically register the habits of registered Users regarding what special offers are added to their favourites, what offers they view from the list of offers, and certain other information. This information is used exclusively in an aggregated and processed form for the purpose of increasing the efficiency of services and correcting any possible errors, for improving quality and for statistical purposes. The data are not linked to other data provided by Users and Partners in any form.
The Operator may place a unique identifier, a so-called cookie, on the devices of Users and Partners. Blocking cookies does not prevent the user from using RECASH services. An exception to this is if the Operator informs the user of the contrary in advance.
A cookie is a small text file placed on the devices of Users and Partners for data tracking purposes and containing data about the specific user or Partner. Cookies support RECASH in developing and personalising the mobile and web interfaces of the RECASH application according to User or Partner needs. Cookies track the interests of the User or Partner and enable the Operator to collect data that are not suitable for identifying the person about the user or Partner, e.g. what pages they have visited, which links they have clicked.
Other data tracking tools
The Operator may also use other, professionally accepted techniques, e.g. pixel tag and web beacon to track how the User or Partner uses the mobile and web interfaces of the application and how the Users use the special offers of Partners. In addition, the Operator may allow third party service providers to use these tools as assigned by the Operator.
Pixel tags and web beacons are small graphic elements that are placed on the mobile and web interfaces of the application or in email messages, making it possible to see whether the User or Partner performs a certain activity or not. Pixel tag makes it possible to measure and improve the visitor traffic and behaviour of the application and to measure the success of the special offers of Partners as well as operations of RECASH.
Data protection regulation of third party websites
Third party mobile apps or websites may also be available from the mobile or web interfaces of the RECASH application. This information does not cover the management of data disclosed through a mobile app or website operated by third parties. Such third party mobile apps and websites have their own data protection regulations. The Operator does not take responsibility for the data protection practice of third parties.
Amendment of the Data Processing Information
The Operator reserves the right to unilaterally amend this Information. The Operator shall inform registered Users and Partners about the amendment via email or newsletter.
The amended data processing information shall automatically enter into force at the time specified therein. If, after the entry into force of the amended data processing information, the User or Partner uses the services of the application and does not object to data processing according to the amendment, this shall mean that the data subject accepts the amended data processing information and agrees to be bound by its provisions.