Compocity Kft. 

Privacy Policy 

Effective date: 2024.08.01

​

PRIVACY POLICY 

​

We are very keen on being compliant with the European data protection rules and principles to protect you and your  personal data. We at Compocity will always go the extra mile to protect your privacy data and never sell it to any third  parties. This Privacy Policy contains all information related to the data controlling of Compocity, concerning the collection,  use, storage, disclosure and erasure of data. Please, revise this Privacy Policy carefully before you disclose any of your  personal data to us. 

​

1. Preamble 

​

1.1. Compocity Kft. as data controller (hereinafter: ’Compocity’) is a natural science, technical research and development  company registered in Hungary, operating a complex sustainability Service, offering to the Users an Application  which helps to use the Compo Robot in a more effective and playful way (hereinafter: ‘Service’). If you, as an  Application User, use our Service or are interested in it (hereinafter: ‘User’ or ‘Data Subject’), you may disclose  certain personal data to us. 

1.2. For the purposes of this Privacy Policy, the terms ‘we’ or ‘our’ etc. shall mean Compocity. 1.3. Capitalized words and terms used in this Privacy Policy have the same meaning as described in our General General  Terms and Conditions for the Application (‘GTC’) 

1.4. This Privacy Policy requires your expressed consent, which you may withdraw at any time. You give your consent  by placing a tick in the box before you finalize your registration. Your consent shall be voluntary, expressed and  based on the related, detailed information we provide to you. 

1.5. Compocity is responsible for the conclusion, enforcement, updating and amending of this Privacy Policy. Compocity may amend this Privacy Policy unilaterally, at any time as the business processes and the relevant legal requirements  develop. If you don’t agree with the modifications, you can delete your Account anytime, by sending us such a  request e-mail to the info@compocity.help; upon such request, we will erase all for your personal data without  delay, but no later than 48 hours. 

1.6. This Policy shall be effective as of 04.01.2021 until withdrawal. The prevailing (current) version of this Policy is  available on the bottom of the Website footer section: https://www.compocity.help/ and in the Settings menu of  the Application. 

1.7. Compocity handles your personal data confidentially and is committed to take all the safety, technical and  organizational measures that guarantee the security of your data. 

1.8. Compocity is also committed to process your personal data lawfully, fairly and in a transparent manner; we only  collect and process data that are suitable and relevant for the purposes of data processing, and are necessary to  achieve such purposes. 

1.9. Compocity attempts to ensure the accuracy and up-to-date nature of the personal data; therefore, we take all  necessary measures for the immediate erasure or rectification of inaccurate data. 

1.10. Your personal data is only yours, therefore, you can request the restriction of data processing, rectification or  erasure of your data and you can object to our data processing at any time, free of charge via email:  info@compocity.help. We respond to you without undue delay, but the latest within one month from the receipt of  the request. If we have to reject to perform your request, we will provide a proper justification of rejection. In  justified cases, depending on the complexity and number of requests, we may extend the deadline by two further  months. We will inform you about such extension within one month of the receipt of your request, together with  the reasons for the delay. 

​

2. Service provider’s data 

​

Service Provider’s name: Compocity Kft. 

Registered seat: H-2481 Velence, Régiposta utca 27.

Company registration number: 07-09-032785

Name of the registering authority: Company Court of the Székesfehérvár Regional Court

Tax number: 27961025-2-07

E-mail address: info@compocity.help 

Phone number: +36703348428 

Website: https://www.compocity.help/

​

3. Applicable laws 

​

Compocity hereby declares to process your personal data in compliance with the prevailing laws and regulations, with  special regard to the following: 

- The related EU regulation: the General Data Protection Regulation of the European Union (Regulation 2016/679  (EU), the ‘GDPR’) 

- Act CXII of 2011 on Informational Self-Determination and Freedom of Information ("Privacy Act"). 

​

4. Legal Ground for Data Processing 

​

4.1. The legal ground for personal data processing is one or more of the followings:  

a) your voluntary consent (Article 6 (1) (a) of GDPR) 

b) contract concluded by and between Compocity and the User for contractual performance (Article 6(1) (b) of  GDPR) 

c) the processing of the personal data is necessary for the performance of Compocity’s legal obligations (Article  6(1) (c) of GDPR). 

d) for the enforcement of the legitimate interest of Compocity or a third party (Article 6(1) (f) of GDPR). 

​

5. The Data Processed by Compocity 

​

5.1. In order to be able to use the Application or our Website, you shall disclose certain personal information to  Compocity through its Application or Website. If you refuse to comply with such a request; Compocity is entitled to  lawfully refuse the provision of Service, so you may be unable to use the Application or all function of the Website. 

5.2. Within the scope of data processing, we can in particular pursue the following activities: to collect, record, register,  systematize, store and use the personal data for the purposes of data processing, to query, block, erase and destruct  your data and to prevent the further use thereof. In lack of a related legal obligation, we never publish, align or  coordinate your personal data with each other. 

5.3. Data provided by User that are necessary to contact Compocity or register in the Application 5.3.1. Compocity may process the following data provided by the User. The process of these data is necessary for  the provision of the Service with special regard to the registration process in the Application:

​

Data Subject: User registering in  the Application

​

Legal grounds 

4.1. a) 

​

Data category: Email address

Purpose of Data Processing: 

Conclusion, amendment and performance of  the contract. 

Identification and verification of the User and  ensuring the communication. 

Establishment and maintenance of a reliable  and safe environment. 

Enforcement of claims and rights.

​

Data category: Name/short name 

Purpose of Data Processing: 

Conclusion, amendment and performance of  the contract. 

Identification and verification of the User and  ensuring the communication. 

Establishment and maintenance of a reliable  and safe environment. 

Enforcement of claims and rights.

​

Data category: Password 

Purpose of Data Processing: 

Conclusion, amendment and performance of  the contract. 

Identification and verification of the User and  ensuring the communication. 

Establishment and maintenance of a reliable  and safe environment. 

Enforcement of claims and rights.

​

Data Subject: Visitor’s message via Website

​

Legal grounds 

4.1. a) 

​

Data category: E-mail address 

Purpose of Data Processing: 

Identification and verification of the visitor and  ensuring the communication.

​

Data category: Name/short name 

Purpose of Data Processing: 

Identification and verification of the visitor and  ensuring the communication.

​

5.3.2. Compocity may process the following data provided by the User to Compocity in the course of the  performance of Service. 

​

Data Subject: Complainant,  claimant, inquirer 

​

Legal grounds 

4.1. a), c) 

​

Data category: Data provided in the  complaint/ claim/  inquiry when  contacting Compocity

Purpose of Data Processing:

Conducting the complaint management  process, carrying out a request or claim  submitted to Compocity. 

Identification and verification of the user and  ensuring the communication.

​

5.4. Optional data provision by Users 

5.4.1. Compocity may process the following data provided by the Users voluntarily and manually. 

​

Data Subject Registered User in  the Application

​

Legal grounds 

4.1. a), b) 

​

Data category: Access to the  camera to read a QR  code.

Purpose of Data Processing:

Conclusion, amendment and performance of the  contract.

​

The Service provider does not record or store camera images, so no data processing takes place here. Due to the need  for completeness, the function is recorded. 

​

5.5. Data collected from third parties 

5.5.1. We only collect or process your personal data collected by third parties in order to comply with our legal  obligations, or, in other cases, if you have given your explicit consent to the data transfer directly to those  third parties, which is your responsibility to arrange. We do not supervise that your consent is properly  given, we trust both you and those third parties who shall also be compliant with the data protection rules.  Therefore, we are not liable for the collection and processing of such data by third parties. 

5.5.2. If you use the services of a third-party service provider (such as Facebook, Linkedin, Instagram, Google,  Skype, etc.) in order to register (possible only via Google) or search friends (possible only via Facebook) or  contact Compocity, we do not request any data of yours from the concerned third party. To the provision  or change of such data, the privacy policies of the concerned third-party service providers shall apply. 

5.6. Cookies applied by Compocity 

5.6.1. What is a cookie? Cookies are small data files of information that our Application or Website transfers to  your hard drive or mobile device to store and sometimes track information about you. Although cookies do  identify a User’s or a visitor’s device, cookies do not personally identify Users or visitors. 

5.6.2. Why we use cookies: Our Application and Website uses cookies to distinguish you from other Users or  visitors. This helps us to improve our Application and Website and to provide you with a good experience  when you browse. 

5.6.3. Types of cookies we use:  

Strictly necessary cookies: these are cookies that are required for the operation of a website, such as to  enable you to log into secure areas. 

Performance cookies: these types of cookies recognise and count the number of visitors to a website and  are used to see how users move around. This information is used to improve the way the website works. Functionality cookies: these cookies recognise when you return to a website, enable personalised content  and recognise and remember your preferences. 

Targeting cookies: these cookies record your visit to a website, including the individual pages visited and  the links followed. 

Generally, the strictly necessary cookies and some performance and functionality cookies only last for the  duration of your visit to a website or expire when you close the website: these are known as ‘session  cookies’. The functionality cookies and some targeting and performance cookies will last for a longer period  of time: these are known as ‘persistent cookies’.

​

Third party cookies: Some of the persistent and session cookies used by our website may be set by us, and  some are set by third parties who are delivering services on our behalf. For example, we use Google  Analytics to track what users do on the website so we can improve the design and functionality. 

5.6.4. Blocking cookies: Most browsers, mobile devices and apps automatically accept cookies but, if you prefer,  you can change your browser, device or app settings to prevent that or to notify you each time a cookie is  set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional  useful information on cookies and how to block cookies using different types of browser or device. To block  the IDFA on your iOS mobile device, you should follow this path: Settings > General > About > Advertising  and then turn on ‘Limit Ad Tracking’. To block Android ID on your Android device, you should follow this  path: Google Settings > Ads and then turn on ‘Opt out of interest-based ads’. 

​

6. The method and term of the use of the data collected 

​

6.1. We only process your personal data if it is essential, suitable for and limited to the extent and duration required to  the achievement of the purposes set for processing.

 

Purpose of Data Processing

Conclusion, amendment and  performance of the contract.

​

Justification of purpose 

​Compocity shall use the data collected by the  Application for the following purposes: to  create, modify and perform the contract. The  personal data collected during the use of the  Service serves to facilitate and enable the  activity initiated by the User. Compocity uses  the User's personal data to enable the creation  of the contractual background of the User’s  service order and to facilitate the fulfilment of  the contract.

​

Duration of data processing

Compocity shall process the  personal data during the  term of the contractual  relationship or in case a  contractual relationship has  not been established, until  the purpose of processing  has ceased, or erases them in  case further processing of  such data is no longer  necessary for the purpose of  processing. User may  request for the erasure of  his/her data in a letter sent  to the info@compocity.help email address. For the  purposes of evidencing in the  case of a dispute, the data of  the concerned User shall be  processed during the term of  the general limitation period  and for five (5) years when  the User didn't process a  transaction or for ten (10)  years following erasure  provided in the Privacy Act  where relevant (Section 25/F (4) of the Privacy Act).

​

Purpose of Data Processing 

Identification and verification  of the User and ensuring the  communication.

​

Justification of purpose 

​Compocity shall use data collected by the  Application in order to supply the Service  effectively, to carry out analyses, as well as to  assess User satisfaction using the contact details  provided by the User. In this context, Compocity  may perform the following activities: access to  and use of the Application, providing for its  operation, safety, repair, development and  optimisation, sending support, update and  security related information.

​

Duration of data processing

Compocity shall process the  personal data during the  term of the contractual  relationship or in case a  contractual relationship has  not been established, until  the purpose of processing  has ceased, or erases them in  case further processing of  such data is no longer  necessary for the purpose of  processing. User may  request for the erasure of  his/her data in a letter sent  to the info@compocity.help email address. For the  purposes of evidencing in the  case of a dispute, the data of  the concerned User shall be  processed during the term of  the general limitation period  and for five (5) years when  the User didn't process a  transaction or for ten (10)  years following erasure  provided in the Privacy Act  where relevant (Section 25/F (4) of the Privacy Act).

​

Purpose of Data Processing 

Maintenance and  development of the Service.

​

Justification of purpose 

​Compocity shall use the data collected by by the  Application for the purposes of maintenance  and development of the Service. Compocity shall use the personal data of the User to enable  the continuous development and improvement  of the Service within the Application. 

​

Duration of data processing

Compocity shall process the  personal data during the  term of the contractual  relationship or in case a  contractual relationship has  not been established, until  the purpose of processing  has ceased, or erases them in  case further processing of  such data is no longer  necessary for the purpose of  processing. User may  request for the erasure of  his/her data in a letter sent  to the info@compocity.help email address. For the  purposes of evidencing in the  case of a dispute, the data of  the concerned User shall be  processed during the term of  the general limitation period  and for five (5) years when  the User didn't process a  transaction or for ten (10)  years following erasure  provided in the Privacy Act  where relevant (Section 25/F (4) of the Privacy Act).

​

​

Purpose of Data Processing 

Establishment and  maintenance of a reliable and  safe environment,  enforcement of claims and  rights

​

Justification of purpose 

Compocity may use the personal data of the  User to secure the legitimate interests of Users in the course of the use of the Service. In the  scope of the above, Compocity shall be entitled  to the following activities: the prevention and  termination of fraud, spam, misuses and other  harmful activities, to perform security  investigations and risk analysis, to check and  verify the data provided by the User. 

​

Duration of data processing

Compocity shall process the  personal data during the  term of the contractual  relationship or in case a  contractual relationship has  not been established, until  the purpose of processing  has ceased, or erases them in  case further processing of  such data is no longer  necessary for the purpose of  processing. User may  request for the erasure of  his/her data in a letter sent  to the info@compocity.help email address. For the  purposes of evidencing in the  case of a dispute, the data of  the concerned User shall be  processed during the term of  the general limitation period  and for five (5) years when  the User didn't process a  transaction or for ten (10)  years following erasure  provided in the Privacy Act  where relevant (Section 25/F (4) of the Privacy Act).
 

Purpose of Data Processing 

Conducting the complaint  management process,  carrying out a request or  claim submitted to  Compocity

​

Justification of purpose 

Documentation and verification of the conduct  of the procedure, the actual examination.

​

Duration of data processing

Compocity processes the  data until when the purpose  of data processing exists, or  it shall erase such data if  their further processing is  unnecessary for achieving  the purpose of data  processing. According to the  consumer protection rules,  Compocity shall retain the  data for 5 years, or for 10  years following erasure  provided in the Privacy Act  where relevant (Section 25/F (4) of the Privacy Act).

​

​

Purpose of Data Processing 

Compliance with legal  obligations relating to  employment (e.g. informing  necessary authorities)

​

Justification of purpose 

Compliance with relevant information,  reporting obligations, taxation, contributions,  etc.

​

Duration of data processing

Compocity shall retain the  data for five (5) years  following the end of the  calendar year in which the  relevant person quits,  provided that the labour,  salary and social security  contribution registers shall  not be disposed of.  Otherwise, the labour law  claims prescribe after three  (3) years.

 

7. The persons having access to the data processed, data transfers 

​

7.1. To be able to provide you with undisturbed Services, for quality assurance purposes, as well as to enable the  investigation of user claims and complaints, we might have to transfer your data to third parties. By accepting this  Privacy Policy, you give your expressed consent to these data transfers. 

7.2. Data transfer may take place in the following cases:

​

Recipient of data transfer

Transfer of data to employees 

 

Scope of data that may be transferred

The personal data processed by us shall also be made available to the  employees of Compocity, but only if their access to and processing of  personal data is required for the purposes of data processing related to  the given data category and only in relation to their employment tasks. 

​

Recipient of data transfer

Transfer of data to Compocity’s  subcontractors

 

Scope of data that may be transferred

​Some of the members of our team are not employees of Compocity,  and are in a contractual relationship with us. The personal data shall  also be made available to these subcontractors of Compocity, but only  if their access to and processing of personal data is required for the  purposes of data processing related to the given data category and only  in relation to their relevant tasks.

​

Recipient of data transfer

Accounting Company 

 

Scope of data that may be transferred

Data on employees, contributors and invoicing will be forwarded to our  partner providing accounting services.

​

Recipient of data transfer

​Law Firm 

 

Scope of data that may be transferred

All data necessary for the performance of the activity of the Law Firm  shall be forwarded to our legal advisory partner.

​

Recipient of data transfer

Publicly displayable information 

 

Scope of data that may be transferred

Compocity may only display your information publicly in case you have  consented to their disclosure on the social media or other platforms of  Compocity or our partners. We never display any information publicly  without your explicit consent. 

​

Recipient of data transfer

Compliance with Laws 

 

Scope of data that may be transferred

Except for the cases defined in this section 7., Compocity may not  transfer the personal data provided to it to third parties.

​

Recipient of data transfer

Other service providers 

 

Scope of data that may be transferred

Compocity uses different software to make available the Service, but  we do not send any personal information to these services.

​

7.3. To be able to provide you with undisturbed Services, we use the contribution of the following third-party service  providers: 

​

Hosting service provider, or a  company providing system  operation services to Compocity upon contractual relationship (Data Processor)

​

Name: Webonic Kft. 

The address of the hosting service provider: H-8000 Székesfehérvár, Budai  út 9-11. 

Company registration number: 07-09-025725 

E-mail: support@webonic.hu 

Phone number: +36 22 78 76 74 

Website: https://www.webonic.hu/ 

​

Name: Google Firebase Inc. 

The address of the hosting service provider: San Francisci Bay Area, West Coast, Westren US 

E-mail: support@firebase.com 

Phone number: 408-400-3656 

Website: https://firebase.google.com/

 

7.4. The Data Processor assists Compocity in the smooth operation of the IT infrastructure that facilitates the storage of  personal data provided to Compocity, Data Processor has no direct access to personal data. We expressly declare  that we have no direct or indirect liability with respect to the data processing activity of the Data Processor and the  security of personal data in the course thereof; in this regard, the privacy policies and regulations of the Data  Processor shall apply. 

7.5. If we need to involve further Data Processors, we will notify you about that by the modification of our Privacy Policy. 

 

8. Rights and obligations of the Parties 

​

8.1. Processing of User data, rights of information, access to data 

8.1.1. You can access your personal data which have been collected by us. Please, notify us of any change in your  data, at info@compocity.help. You are responsible for ensuring the up-to-date status of the personal data.  In order to protect you, in case of any requests coming concerning your data, we need to verify the person.  We do not retain personal data for the sole purpose of being able to react to potential requests. 

8.1.2. Compocity shall take appropriate measures to provide you with all information concerning the processing  of personal data, in a concise, transparent, comprehensible and easily accessible form, in a clear and  comprehensible way. The information is mainly provided electronically on request at the e-mail address info@compocity.help. Proof of your identity is always required for the information. 

8.1.3. Compocity shall, without undue delay, but in any case within one month from the receipt of the request,  inform you of the action taken following his/her request. If necessary, taking into account the complexity  of the application and the number of applications, this time limit may be extended by a further two months.  Compocity shall inform you of the extension of the deadline, indicating the reasons for the delay, within  one month from the receipt of the request. 

8.1.4. If Compocity does not take action at your request, it shall inform you without delay, but no later than within  one month from the receipt of the request, of the reasons for non-action and that you may lodge a  complaint with one of its supervisory authorities and may exercise its right of judicial review. 

8.1.5. The first request is free of charge. The second and all additional requests repeatedly filed can be subject to  a fee, if the request is related to the same subject or subject matter in the ongoing year, the request is not  for information purposes and Compocity legally disregards the rectification, erasure or restriction of the  personal data handled on the basis of the repeated application. If a repeated request is justified because  the act giving rise to the request has been caused by omission or activity attributable to Compocity,  Compocity may waive the charges set out.

8.2. Rectification and erasure: You can ask us to rectify your personal data if necessary or to delete them where the  retention of such data infringes the provisions of the related laws and regulations or if they are no longer necessary  in relation to the purposes for which they are originally processed. 

8.3. Withdrawal of consent and restriction of processing: In case you withdraw your consent to our processing of your  personal data, we might not do that if processing is necessary for the protection of exercising the right of freedom  of expression and information, for compliance with a legal obligation etc. The processing of personal data is essential  until the proper, contractual completion of the contract concluded by and between Compocity and you. 

8.4. Right to object: You still have the right to object against the processing of your personal data considering your  individual circumstances even if it is lawfully processed by Compocity, for example on grounds of the legitimate  interests of the controller or a third party.  

8.5. Right to data portability: If you need it, we can provide you with a structured, commonly used and machine-readable  format of all of your personal data processed by us and you can transmit those data to another controller. 8.6. The Obligation of the User: You are the only one who is responsible for the lawfulness, reality and accuracy (i.e. the  quality) of your data under criminal liability. 

​

9. Automated decision making, profiling 

​

Compocity do not carry out automated decision making, profiling. If in case of such activity be introduced in the  future, we will notify our Users immediately. 

​

10. Further important information 

​

10.1. Data Protection Officer: In our standpoint, Compocity is not obliged to appoint a data protection officer, as our activities do not involve data processing operations that would allow a regular, systematic and high-scale follow-up  monitoring of the users; furthermore, Compocity does not process any special categories of personal data or crime related data which have relevance from criminal law aspect. 

10.2. Supervisory organs and other authorities: The territorial scope of this Privacy Policy is Hungary, but it may cover  also foreign authorities, if the User download the Application or visit our Website in a foreign country. Our  supervisory authority who you can turn to regarding our data processing is:  

Name of the supervisory  authority: 

Hungarian National Data Protection and Freedom of Information Authority  (‘NAIH’) 

Address: H-1055 Budapest, Falk Miksa u. 9-11. 

Mailing address H-1530 Budapest, Pf.: 5. 

E-mail address: ugyfelszolgalat@naih.hu 

Phone number: +36(1)391-1400 

Website: http://naih.hu 

Foreign data protection authorities may also be involved if you have your location or place of business outside  Hungary. You can search the relevant authority here.  

10.3. Processing of sensitive data 

We do not process any personal data of our Users which are, by their nature, particularly sensitive in relation to  fundamental rights and freedoms, merit specific protection as the context of their processing could create significant  risks to the fundamental rights and freedoms. If we decide to process such sensitive data, this activity shall be  pursued with special care and diligence, having your expressed consent thereto, and only to the extent it is required. We do not process personal data or our Users revealing racial or ethnic origin, political opinions, religious or  philosophical beliefs, or trade union membership, and we do not carry out processing of genetic data, biometric data  for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's  sex life or sexual orientation or criminal data.  

10.4. Processing children’s data 

We do not knowingly collect personal information online from children under the age of 18. 

​

11. Personal data breach 

​

11.1. In case of personal data breach, where the incident is likely to pose a high risk to the rights and freedoms of those  concerned, we submit the report towards the data protection supervisory authority stated in sec. 10.2 and as  required by the laws and regulations, without undue delay, but in any case, within 72 hours from getting aware of  the incident. We have developed internal procedures in case of personal data breach, and personal data breaches are also recorded into a registry. If you are affected by such personal data breach will also be notified, if the prevailing  laws and regulations require so. 

11.2. If you detect a threat of personal data breach, we ask to report it immediately via email at info@compocity.help. Furthermore, in case of personal data breach, you may initiate a court case against Compocity. 

​

12. Changes of the Privacy Policy 

​

12.1. Compocity reserves the right to amend this Privacy Policy at any time. Amendments will be published immediately  on the website. 

12.2. In case of amendment, you will be notified thereof thirty (30) days prior to the date of effectiveness of amendment,  via e-mail or through the website. 

12.3. In case you object to such amendment, you may notify Compocity thereof and disclose your respective comments  and notices via email, furthermore, you may request the erasure of your personal data.