Ezen adatkezelési tájékoztató magyar verziójáért látogasson el ide
BudgetMate Adatkezelési Tájékoztató

Privacy Policy

For Subscription-based Software Service

1. Introduction

The protection of personal data is extremely important to me. Therefore, in this Privacy Policy, I will explain what personal data I process about you, for what purpose, and on what legal basis. The Privacy Policy also includes your rights related to the processing of your personal data.

2. Controller's Information

Controller: Dr. Marcell Adorján sole proprietor (hereinafter: Controller)
Headquarters: 1182 Budapest, Dráva street 39.
Registration Number: 60108300
Tax Number: 90772838-1-43
EU VAT identification number: HU90772838
Email Contact mutecode@mutecode.co.uk

3. General Legal Regulations on Which the Data Processing Is Based

Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR)
Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.)
Act V of 2013 on the Civil Code (Ptk.)
Act CXXVII of 2007 on Value Added Tax (VAT Act)
Act C of 2000 on Accounting (Accounting Act)

4. Definitions

Personal Data: Any information relating to an identified or identifiable natural person ("Data Subject"); a natural person is considered identifiable if they can be identified, directly or indirectly, particularly by reference to an identifier such as a name, number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. Typical personal data include: name, address, place and date of birth, mother's maiden name.

Data Processing: Any operation or set of operations performed on personal data or sets of personal data, whether automated or not, such as collection, recording, organization, structuring, storage, transformation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Data Controller: The natural or legal person, public authority, agency, or any other body which, alone or jointly with others, determines the purposes and means of processing personal data; if the purposes and means of processing are determined by Union or Member State law, the Data Controller or the specific criteria for the designation of the Data Controller may also be determined by Union or Member State law.

Data Processor: The natural or legal person, public authority, agency, or any other body which processes personal data on behalf of the Data Controller.

Recipient: The natural or legal person, public authority, agency, or any other body to whom or with whom personal data is disclosed, regardless of whether they are a third party.

5. Principles

In the processing of personal data, the Data Controller adheres to the following principles, ensuring that personal data:

Is processed lawfully, fairly, and in a transparent manner for the Data Subject (lawfulness, fairness, and transparency).
Is collected for specified, legitimate, and clear purposes and is not processed in a manner incompatible with those purposes. Further processing for public interest archiving, scientific and historical research purposes, or statistical purposes is not considered incompatible with the original purpose in accordance with Article 89(1) of the GDPR (purpose limitation).
Is adequate, relevant, and limited to what is necessary for the purposes of processing (data minimization).
Is accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data that is inaccurate, considering the purposes for processing, is promptly erased or corrected (accuracy).
Is stored in a form that allows identification of Data Subjects only for as long as necessary to achieve the purposes of the processing; personal data may be stored for longer periods only if, in accordance with Article 89(1) of the GDPR, it will be processed for public interest archiving, scientific or historical research, or statistical purposes, and if appropriate technical and organizational measures are implemented to safeguard the rights and freedoms of the Data Subjects (storage limitation).
Is processed in a manner that ensures appropriate technical or organizational measures are applied to ensure the security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage (integrity and confidentiality).
The Data Controller is responsible for compliance with the above principles and must be able to demonstrate such compliance (accountability).

6. Processed Personal Data and Purposes

Data Category	Purpose	Legal Basis	Retention Period
Name, email	Registration, login	Contract performance (GDPR 6.1.b)	As long as the account is active
Google email	When logging in with Google	Contract performance (GDPR 6.1.b)	As long as the account is active
Billing details (name, address, phone number)	Invoicing via Stripe + Billingo → NAV	Legal obligation (GDPR 6.1.c), Accounting Act § 169	8 years according to Accounting Act § 169 (1) and (2)
Stripe customer ID, subscription ID	Payment processing	Contract performance (GDPR 6.1.b)	As long as the account is active
Transactions (revenue, expense, saving), goal (amount, date, name), plans data recorded by the user	Financial record keeping	Contract performance (GDPR 6.1.b)	As long as the account is active

If the account is deleted, all data will be deleted except for invoices, which must be kept according to Hungarian regulations.

7. Additional Data Processors

Az alábbi szolgáltatók adatfeldolgozóként működnek:

Stripe Payments Europe, Ltd. (payment processing)
Billingo Technologies Zrt. (invoicing and NAV data reporting)
Google LLC (Google login)
Rackforest Zrt. (VPS hosting provider, server backups)

8. Access to Data

The Data Controller has access to personal data to the extent necessary for performing their duties.

9. Data Security Measures

The Data Controller ensures the protection of the personal data they process through appropriate IT, technical, and organizational measures, including protecting the data against unauthorized access or unauthorized alteration.

10. Data Subject Rights Related to Data Processing and Their Content

Data Subject Right Related to Data Processing	Content of the Data Subject's Right Related to Data Processing
Right to Information (GDPR Articles 13-14)	You have the right to be informed about the processing of your personal data at the time of its collection. The Data Controller will provide additional information to ensure fair and transparent data processing, considering the specific circumstances and context of the personal data processing. You must also be informed about the fact of profiling and its consequences.
Right of Access (GDPR Article 15)	You have the right to request information regarding whether your personal data is being processed. If such processing is ongoing, you are entitled to know the following: What personal data is being processed On what legal basis For what purpose the data is being processed For how long the data will be processed To whom, when, on what legal basis, and which personal data has been made accessible or transferred From which source your personal data originates (if not provided by you to the Data Controller) Whether automated decision-making is being applied, including the logic involved, such as profiling.
Right to Rectification /GDPR Article 16/	You have the right to request the Data Controller to rectify inaccurate personal data concerning you or to complete incomplete personal data. This means that you can ask the Data Controller to modify any of your personal data (for example, you can change your email address or other contact details at any time).
Right to Erasure ("Right to be Forgotten") /GDPR Article 17/	You have the right to request the Data Controller to delete your personal data if any of the following reasons apply: The personal data is no longer necessary for the purpose for which it was collected or otherwise processed You withdraw your consent, which was the legal basis for the data processing under Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing You object to the processing under Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing under Article 21(2) of the GDPR The personal data has been unlawfully processed The personal data must be erased to comply with a legal obligation under EU or member state law that applies to the Data Controller The personal data was collected in relation to the offer of information society services as defined in Article 8(1) of the GDPR.
Right to Restriction of Processing (Article 18 of the GDPR)	You are entitled to request that the Data Controller restrict the processing of your personal data if any of the following reasons apply: You dispute the accuracy of your personal data (in this case, the restriction applies for the period that allows the Data Controller to verify the accuracy of the personal data) The processing is unlawful, and you oppose the deletion of the data and instead request the restriction of its use The Data Controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims You have objected to the processing of your data under Article 21(1) (in this case, the restriction applies for the period until it is determined whether the Data Controller's legitimate grounds override your legitimate interests).
Right to Data Portability /GDPR Article 20/	You are entitled to receive the personal data concerning you, which you have provided to a Data Controller, in a structured, commonly used, machine-readable format, and you are also entitled to transmit those data to another Data Controller without hindrance from the Data Controller to whom you have provided the personal data, if: The processing is based on consent under Article 6(1)(a) or Article 9(2)(a) of the GDPR, or on a contract under Article 6(1)(b), and The processing is carried out by automated means. You are entitled to request the direct transfer of your personal data between Data Controllers, where technically feasible.
Right to Object /GDPR Article 21/	You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. In this case, the Data Controller may no longer process your personal data unless the Data Controller demonstrates that the processing is based on compelling legitimate grounds that override your interests, rights, and freedoms, or is related to the establishment, exercise, or defense of legal claims. If the processing of your personal data is for direct marketing purposes, you are entitled to object at any time to the processing of your personal data for such marketing purposes, including profiling to the extent that it is related to direct marketing.
Right to Withdraw Consent /GDPR Article 7(3)/	You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Before granting consent, you must be informed about this right. The withdrawal of consent must be as easy to perform as giving the consent.

11. Rights of Data Subjects in Relation to Data Processing and their Remedies

Remedy	Description of the Remedy
Right to lodge a complaint with a Supervisory Authority /GDPR Article 77/	If you believe your rights related to the protection of personal data have been violated, you may lodge a complaint with the following Authority: National Authority for Data Protection and Freedom of Information Headquarters: 1055 Budapest, Falk Miksa Street 9-11. Mailing address: 1363 Budapest, P.O. Box 9. Phone: +36 (1) 391-1400 Email: ugyfelszolgalat@naih.hu Website: www.naih.hu
Right to an effective judicial remedy against the Data Controller or Processor (initiation of judicial proceedings) /GDPR Article 79/	You have the right to take legal action against the Data Controller or Processor if you experience unlawful processing of your personal data. The court will handle the case as a matter of priority. In this case, you can freely choose whether to submit your claim to the court of your domicile or residence. The contact details of the courts: https://birosag.hu/torvenyszekek

12. In Case of Legal Disputes

This privacy notice is governed by the laws of Hungary, and in the event of any legal dispute, Hungarian courts shall have jurisdiction.

13. Update of the Privacy Notice

The Data Controller reserves the right to amend this Privacy Notice unilaterally. The notice may be amended particularly in the case of changes in legislation, data protection authority practices, business needs, or other circumstances.

Ezen adatkezelési tájékoztató magyar verziójáért látogasson el ide BudgetMate Adatkezelési Tájékoztató