Battlejungle Privacy Policy

In brief

Personal data are collected and handled in accordance with the law. DM letter is sent only in the case of specific consent. System messages, however, can be sent without specific consent. Personal data are stored as secure as possible. Personal data are given to a third party only with Customer consent. Anyone can be given information on the data stored considering him/her or the deletion of personal data asked on any of our availability.  

Introduction

The Battlejungle Kft. (48. Soroksári Road, 1095 Budapest, tax number: 25953936-2-43) (further on: Service-provider: SP, and Data Handling Company DHD) subdues itself under the following policy.

Chapter (1) § 20 of Act CXII of 2011 on information self-determination right and freedom of information states that those concerned (user of the website in the present case: Customer henceforward) have to be informed prior to starting data management whether this data management is based on consent or it is compulsory.

Customer has to be informed clearly and in detail regarding all facts related to the management of his/her data prior to starting data management. Special attention has to be paid to the aims and legal bases of data management, the person entitled to data management and processing and the time interval of data management.

Customer has to be informed based on chapter (1) § 6 of the Act on information on that personal data can be managed if obtaining the consent of the concerned person is impossible or would require disproportionate costs

  • it is required for completing legal obligations related to the data manager or
  • required for enforcing the rightful interest of the data manager or a third party and the enforcement of these interests is proportional to the limitation of the privacy protection right.

This privacy policy information has to cover the rights of those concerned in relation to data management and the possibilities of legal redress as well.

In case the personal data of those concerned is not possible or would require extremely high costs (as in the present case in a website), giving information is also possible via publishing the information as well:

  • the fact that data are collected,
  • list of those concerned,
  • aim of data collection,
  • time constraints of data management,
  • possible data managers entitled to know the data,
  • rights and legal redress possibilities of those concerned in data management together with
  • The registry number of data management in case there is a place for registering data management in data protection.

The present privacy policy guide regulates privacy of the following websites: http://www.battlejungle.com, http://battlejungle.com (and all of its subdomains) is based on the above specification. Information can be obtained from: https://battlejungle.com/privacy-policy

Modifications to the data become effective when they appear on the webpage above. After each chapter heading of this guide the reference to the law also appear.

Explanatory terms (3.§)

  1. concerned/Usessr: natural person identified or can be identified – directly or indirectly – based on any particular personal data;
  2. personal data: any data that can be related to the Customer – especially the name, username of the customer and any knowledge characteristic for one or more physical, physiological, mental, economic, cultural, or social identity of the Customer – and any conclusion related to the Customer drawn from the data;
  3. data manager: the natural or legal entity or organization without legal personality that determines individually or together with others the aim of data management, concludes and implements or have decisions related to data management executed by the data processor charged by him/her/it.
  4. data management: any measure or measure series made in relation to the data independent from the applied method, especially collection, record, ordering, storage, modification, query, forwarding, publication, harmonization or connection, blocking, deletion and destruction and impeding the further use of data, preparing photo, sound or film record and recording the physical characteristics suitable for the identification of the person (e.g. fingerprint, palm print, DNA sample, iris photo);
  5. data processing: performing technical measures related to data management procedures independent from the method and device applied to performing the procedures, also independent from the place of application given that the technical task was performed on the data;
  6. data processer: the natural or legal entity or organisation without legal personality, who based on a contract made with the data manager – including contract made on the basis of legal regulations – performs the processing of data;
  7. dataprotection incident: unlawful usage or processing of personal data, especially unauthorized access, modification, forwarding, publishing, deleting, or accidental annihilation and lesion

Registration

  1. Based on chapter (1) 20 of Act CXII of 2011 on informatic self-determination right and the freedom of information the following has to be determined regarding the operation of the functionality of the website of the website:
    • the fact of data collection,
    • the range of customers,
    • the aim of data collection,
    • the time period of data management,
    • the potential data managers entitled to know the data,
    • giving data on the rights of the Customers related to data management.
  2. Fact data collection, the range of managed data and the aim of data management:
    Password It is for the secured login of the user account.
    Surname and Christian Name It is necessary for maintaining contact, shopping, and for proper billing.
    E-mail address Contact maintaining.
    Address and name for invoice The proper billing, the formation of the contract, the definition and modification of the contract’s content, the fulfillment of the contract, billing of the charges, and the enforce of the contract’s claims.
    Date of birth Providing information when using the service, statistics, identification.
    Place of residence Providing information when using the service, statistics, identification.
    Profile picture Identification, effective use of the service.
    Date of registration Fulfillment of technical operation.
    IP address for registration Fulfillment of technical operation.
    Neither the username, nor the e-mail address don’t need to contain personal information.
  3. Range of Customers: All registered / online paying users on the website.
  4. Time period of data management, deadline of data deletion: Right away after the deletion of the registration. Except for accounting documents as these data have to be retained for 8 years according to chapter (2) 169 of Act C of 2000. Accounting documents supporting directly or indirectly book-keeping accounts (including ledger invoices, analytic and detailed records) have to be retained for at least 8 years in readable format and in a way that enables the searching of the documents on the basis of references of accounting notes.
  5. Possible data managers entitled to know the data: Personal data can be managed by the sales and marketing staff of the data manager respecting the above principles.
  6. Giving information on the rights of Customers related to data management: Deletion or modification of personal data can be initiated by the User as follows:
    • On the website, on the profile page.
    • By post at the address: 48 Soroksári Road, 1095 Budapest
    • Via e-mail: info@battlejungle.com
    • By telephone: +36 70 363 9851 (Hungary)
  7. Details of the data processor (storage provider) used for data processing: DigitalOcean Inc. 101 Ave of the Americas 10th Floor New York 10013 UNITED STATES contact@digitalocean.com
  8. Legal base of data management: Consent of the Customer, chapter (1) 5 of the Act on information and chapter (3) § 13/A of Act CVIII of 2001 on electronic trade services and on certain issues of services related to the information society (Electronic act hereinafter):
  9. Service Provider may manage personal data that are essential technically for providing the service. Service Provider in the case of similar other conditions has to select and operate the devices applied in the course of providing service in relation to the information society so that management of personal data takes place only when they are essential for providing the service and for realizing other aims determined in this act and only in the grade and time period required.

    Use of Cookies

    1. Based on chapter (1) 20 of Act CXII of 2011 on information self-determination right and on freedom of information the followings have to be determined in relation to the use of cookies on the website of the website:
    • a) the fact of data collection,
    • b) the range of customers,
    • c) the aim of data collection,
    • d) the time period of data management,
    • e) the potential data managers entitled to know the data,
    • f) giving data on the rights of the Customers related to data management.
    1. The fact of data collection, range of managed data: individual identification number, dates, times.
    1. The range of customers: All Customers visiting the website.
    1. The aim of data collection: identify and track visitors.
    1. The time period of data management and the deadline of deletion of data: Time period of data management is as follows:
    • In case of session cookies, until the visit ends,
    • In case of the “remember me” function the cookie lasts for 1 year,
    • Cookies for measuring other user experience live for 1-2 months.
    1. The potential data managers entitled to know the data: With the use of cookies the data processer does not use Personal data.
    1. Giving information on the rights of the Customers related to data management: Customers can delete cookies in the Tools/Settings menu of the browser generally at the menu item Data protection.
    1. Legal base of data management: No consent is required in case the sole aim of using cookies is to pass data via electronic messenger networks or if Service Provider needs the data for providing services related to the information society asked for by the Customer.

    Use of Google Adwords conversion following

    1. The data processer uses the „Google AdWords” online commercial program, and it makes use of the Google’s conversion following service. The Google conversion following is the Google Inc.’s analyst service (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; „Google“).
    1. When the User reaches a website via a Google-advertisement, a necessary conversion following cookie gets on the computer. The validity of these cookies are restricted, and they do not contain any personal data, this way a User can not be identified by them.
    1. When the User searches specific pages of a website , and the cookie is not expired, then the Google and the data processer can see too that the User has clicked on an advertisement.
    1. Every Google AdWords client gets another cookie, then these cookies can not be followed through the websites of the AdWords client.
    1. The informations - which were got by the conversion follower cookies - provides conversion statistics for the clients of AdWords conversion following. The clients get informations this way about the number of the users, who has clicked on their advertisement and about “conversion follower” signed sites. But they do not get informations, which can be used for identifying any user.
    1. If you do not want to take part in the conversion following, you can decline it, if you block the possibility of the setup of the cookies. After that you will not be in the conversion following statistics.
    1. Further information on the privacy Policy of Google can be read at http://www.google.hu/policies/privacy/ads/

    The service of Google Analytics

    1. This website uses the service of Google Analytics, which is the webanalyser service of the Google Inc. („Google”). The Google Analytics uses so called „cookies”, textiles, which are saved on your computer, and they help the analysis of the website usage of the Users.
    1. The cookies of the websites which were visited by the User and their connecting informations are sent and stored on one of the Google’s servers in the USA. With the activation of the IP-anonymisation on the websites the Google can shorten the time of the IP-anonymisation of the Users in the European Union or in the member states of the European Economic Region.
    1. Only in unique cases the full IP-addresses are sent to the servers of Google in the USA and they get shorten there. Operators of these websites commit the Google to use these informations for interpretations about the usage of the website, furthermore to create reports about the activity of the website, and to do their website and internet usage related duties.
    1. In the Google Analytics, the forwarded IP-address of the Users will not be matched with others data by the Google. The store of the cookies can be prevented in the settings of the web browsers, but in this way it can happen, if some features of the websites will not work. You can prevent Google from collecting datas about the website usage habits of the users (including IP-addresses too), if you download and setup this web browser plugin. https://tools.google.com/dlpage/gaoptout?hl=hu

    Newsletter, DM activity

    1. According to 6 of Act XLVIII of 2008 on the fundamental conditions of economic advertising activity the Customer may give consent in advance to the Service Provider for sending him/her advertisement and other consignment via the addresses given at registration.
    1. Furthermore, the Customer may give consent to the Service Provider for managing the personal data for sending advertisements bearing in mind the regulations of the present guide.
    1. Service Provider sends no unwanted advertisement and the Customer has the option to unsubscribe the sending of advertisements without any limitations and justification. In such case the Service Provider deletes every information – required for sending the messages – from the register and sends no further offers. Customer can unsubscribe the sending of advertisement by clicking on the link in the message.
    1. Based on chapter (1) § 20 of Act CXII of 2011 on information self-determination right and on freedom of information the followings have to be determined in relation to newsletter sending data management:
    • the fact of data collection,
    • the range of customers,
    • the aim of data collection,
    • the time period of data management,
    • the potential data managers entitled to know the data,
    • giving data on the rights of the Customers related to data management.
    1. The fact of data collection, range of managed data and the aim of data management:
    Personal data Aim of data management
    Name, e-mail address. Identification, admit of subscription on the newsletter.
    Date of subscription The fulfillment of technical operation.
    IP address at the time of subscription The fulfillment of technical operation.
    1. The range of customers: All Customers subscribing for the newsletter.
    1. The aim of data collection: sending electronic messages (e-mail, sms, push notification) containing advertisements to the Customer giving information on actual products, discounts, new functions, etc.
    1. The time period of data management and the deadline of deletion of data: until the withdrawal of the consent, i.e. unsubscribing from the newsletter.
    1. The potential data managers entitled to know the data: Personal data can be managed by the staff of the data manager in respect for the above principles.
    1. Registration number of data management: NAIH-112679/2017.
    1. Data processer used during the data management:
    The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA
    1. Giving information on the rights of the Customers related to data management: Customers can unsubscribe from the newsletter at any time at no cost.
    1. Legal base of data management: voluntary consent of the Customer, chapter (1) 5 of the Act on information and chapter (5) § 6 of Act XLVIII of 2008 on the fundamental conditions and limits of economic advertisement activity:
    The advertiser, advertisement provider and the advertisement publisher – in the range determined in the consent – holds a register of the personal data of people giving consent to them. Data given in this register – related to the recipient of the advertisement – can be managed according to the consent declaration until its withdrawal and can be passed to a third party only with the consent of the Customer in advance.

    Community websites

    1. Based on chapter (1) 20 of Act CXII of 2011 on information self-determination right and on freedom of information the followings have to be determined in relation to the community sites:
    • the fact of data collection,
    • the range of customers,
    • the aim of data collection,
    • the time period of data management,
    • the potential data managers entitled to know the data,
    • giving data on the rights of the Customers related to data management.
    1. The fact of data collection, range of managed data: name and public profile image of the Customer registered at Facebook/Google+/Twitter/Pinterest/YouTube/Instagram etc.
    1. The range of customers: All Customers registered at Facebook/Google+/Twitter/Pinterest/YouTube/Instagram etc. and gave like to the website.
    1. The aim of data collection: sharing and giving like to certain content of the website, its products, sales or the website itself.
    1. The time period of data management, the potential data managers entitled to know the data and giving information on the rights of the Customers related to data management: Customer can obtain more information regarding the source of data, their management, the method and legal base of the passing of data at the website itself. Data management is carried out at the community sites, therefore the time period and method of data management, the deletion and modification possibilities of data are regulated by the terms and conditions of the community site.
    1. Legal base of data management: voluntary consent of the Customer for the management of personal data at community sites.

    Data transmission

    1. Based on chapter (1) 20 of Act CXII of 2011 on information self-determination right and on freedom of information the followings have to be determined in relation to the passing of data activity of the website:
    • the fact of data collection,
    • the range of Users,
    • the aim of data collection,
    • the time period of data management,
    • the potential data managers entitled to know the data,
    • giving data on the rights of the Users related to data management.
    1. The fact of data collection, range of managed data:
      • The scope of the data transmitted in order to issue the invoice: Billing name, billing address, e-mail address.
      • The scope of the data transmitted in order to fulfill online payment: Name and address for invoice, e-mail address.
    1. The range of Users: All Users subscribing on the website.
    1. The aim of data management: Execution of online payment, confirmation of the transactions and the fraud-monitoring (checking abuses) in the interest of the users’ security, and the issue of online invoice.
    1. The time period of data management and the deadline of deletion of data: Until the online payment is executed (until the affected party asks for stopping the payment, termination of the subscription) / until the online invoice is issued.
    1. The potential data managers entitled to know the data: Personal data can be managed by the following in respect for the above principles:
    2. Braintree:
      Name: PayPal (Europe) Sárl et Cie, S.C.A
      Address: R.S.C  Luxemburg B 118 349
      Contact: https://www.braintreepayments.com

      Billingo:
      Name: Octonull Ltd.
      Address: 1074 Budapest, Hutyra Ferenc utca 11.
      Contact: https://www.billingo.hu

    1. Giving information on the rights of the Users related to information management: User can ask the online payment provider to delete the personal data as soon as possible.
    1. Legal base of passing of data: consent of the User, chapter (1) 5 of the Act on information and chapter (3) § 13/A of Act CVIII of 2001 on electronic trade services and on certain issues of services related to the information society

    Customer services and other data management

    1. If you have question during using some of the services of the data processor, or the customer has some problem you can get in contact with the data processer on the website (on phone, e-mail, community sites, etc.).
    1. The data processer deletes the incoming e-mails, messages, on phone, on any community site,etc. what contains the name and e-mail address or any other given personal information of the customer, after 2 years from the start of the service.
    1. We give information about the privacy policy which is not in this guide at the start of the service.
    1. For exceptional magisterial request, or in case of law accumulation the service provider is bound for guidance, information providing, transferring, or making documents available for these organisation.
    1. In these cases the service provider only gives personal informations for the request (if they pointed out the exact aim and the necessary informations) what are essentials for the aim of the request.

    Data security (7.§)

    1. Data manager is obligated to plan and execute data management procedures so that the protection of the private sphere of the Customers is ensured.
    1. Data manager and in the course of its activity the data processor are obligated to provide the security of the data (with passwords or antivirus programs). They are also obligated to take the technical and organisational measures and form the procedure regulations required for Info tv., or enforcing the Act of information and other data and secret security regulations.
    1. Data have to be protected using the appropriate measures especially against
    • illegal access
    • modification
    • passing
    • publication
    • deletion or destruction
    • accidental destruction or damage
    • inaccessibility as a result of changing the applied technology.
    1. Applying the adequate technical solution it has to be ensured that data stored in the registry cannot be connected to each other and cannot be related to the Customer.
    1. In the course of illegal access, modification and illegal publication or use of personal data the data manager and processor ensures with further measures:
    • about the forming and operating of a proper information technological and technical environment
    • about the monitored choice and control of the fellow workers who participate in the service
    • about the publish of detailed operation, risk managing and utilizing services
    1. On the bases of above, the service provides that the managed data:
    • is available for the entitled
    • the authenticity and authentication is insured
    • uniformity can be confirmed
    1. The informational system of the data processer and storage provider protects against:
    • deceit of computer technology
    • spying
    • virus
    • spams,
    • hacks
    • other attacks.

    Customer rights (14.-19.§)

    1. The Customer has the right to request the Service Provider to give information on the management of personal data. Customer can also request the correction of his/her personal data and also for the deletion or blocking of the personal data – except for compulsory data management.
    1. In reply to the request the data manager gives information on the processed data of the Customer, their source managed and processed by the data processor, the aim, legal base of data management, the name, address and data management activity of the data processor and on the legal base and recipient of the data in case of data passing.
    1. Data manager keeps a register of data passing in order to legality control and to give information to the Customer. The register contains the time, legal base and recipient of personal data passing together with the type of personal data passed and other data the determination of which is found in the legislation prescribing data management.
    1. The data manager makes a register about data transferring, because of informing the customer and to monitor the lawfulness of the data transferring. This register contains the date of the passing of the personal datas, the aim of it, the recipient, the range of the personal datas, and the other informations what are necessary because of the law.
    1. Upon request from the Customer the Service Provider gives information regarding the data, their source managed by him/her, also the aims, legal bases, time period, name, address and activity of the potential data processor associated with data processing. Service Provider has to ask any request as soon as possible but no later than 25 days of the submission of the request in writing. The information is free of cost.
    1. Service Provider in case his/her personal data are not real but real personal data are available for the data manager it may replace personal data.
    1. Service Provider blocks the personal data instead of deleting them in case the Customer asks for it or based on the available information it would threat the legal interest of the Customer. Blocked personal data can be managed only until the data management aim has not been over stepped.
    1. Service Provider deletes the personal data if its management is illegal, the Customer requests the deletion, the managed data are deficient or inaccurate – and this condition cannot be corrected legally – provided that deletion is not precluded by the law, the aim of data management terminated, or the time period of data storage determined by the law has passed, or deletion of the data was ordered by the court or by the Hungarian National Authority for Data Protection and Freedom of Information.
    1. Data manager marks the personal data if the Customer debates their correctness or accuracy but the correctness or accuracy of the controversial data cannot be determined clearly.
    1. In the case of correcting, blocking, marking or deleting personal data the Customer and everyone to whom the data were passed for management have to be notified. Notification can be omitted if this does not interfere the interest of the Customer regarding the purpose of data management.
    1. In case the data manager does not perform the correction, blocking or deletion request of the Customer the data manager has to issue the reasons and legal bases of rejecting the correction, blocking or deletion request in writing, within 25 days of receiving the request. In the case of rejecting the correction, deletion or blocking request the data manager informs the Customer on the possibilities of legal redress and authority complaint.

    Legal redress

    1. Customer may complain against the treatment of his/her personal data if
      • management and passing of personal data are necessary solely for completing legal obligations related to the Service Provider or necessary for enforcing the legal interest of the Service Provider, the data receiver or a third party except for it was ordered by the data management law;
      • use or passing of personal data are made for directly obtaining business, public opinion research or scientific research;
      • in other cases determined by the law.
    1. Service Provider studies the complaint within 15 days at the most from the submission of the request and decides regarding the founding of the request informing the requester in writing on the decision. If the Service Provider states the correct founding of the complaint of the Customer, data management is terminated – including further data collection and passing – and data are blocked and inform all of those to whom personal data affected by the complaint were passed earlier and who are obligated to take measures in order to enforce the right of complaint on the complaint and the measures based on it.
    1. In case the Customer should not agree to the decision of the Service Provider he/she can turn to court – within 30 days of the publication of the decision. The court has to consider the case out of turn.
    1. Complaint regarding the possible breaching of the law by the data manager can be made to the Hungarian National Authority for Data Protection and Freedom of Information:

    Hungarian National Authority for Data Protection and Freedom of Information
    1125 Budapest, Szilágyi Erzsébet fasor 22/C.
    Postal address: 1530 Budapest, P.O.Box: 5.
    Telephone: +36 -1-391-1400
    Fax: +36-1-391-1410
    E-mail: ugyfelszolgalat@naih.hu

    Enforcement of rights on court (22.§)

    1. Data manager is obligated to prove that data management is in accordance with the law. Legal data passing has to be proved by the data receiver.
    1. Judgement of the legal action is the authority of the court. Legal action can be initiated – according to the opinion of the Customer – on courts in the location of either the residence or the dwelling of the Customer.
    1. Party in the legal action can be someone who has no legal capacity in the legal action. Authority may interfere into the legal action in the interest of the success of the Customer.
    1. In case the court supports the request, it obligates the data manager to give the information, correct, block or delete the data, to eliminate the decision made using automated data processing, to account with the complaint right of the Customer and to give out the data requested by the data receiver.
    1. In case the court rejects the request of the data receiver the data manager is obligated to delete the personal data of the Customer within 3 days of issuing the verdict. Data manager is obligated to delete the data even if the data receiver does not take on court within the given time limit.
    1. The court may order the publication of its verdict – with publishing the identification data of the data manager as well – if data protection interests and the protected rights of a greater number of Customers require.

    Compensation and complaint refund(23. §)

    1. In case the data manager caused loss to someone by illegal management of Customer data or breaching the requirements of data security he/she is obligated to refund the loss.
    1. In case the data manager offends the personality right of the Customer by illegal management of his/her data or by breaching the data security requirements the Customer is entitled to request complaint refund. Data manager is exempted from responsibility of loss or from the payment of the complaint refund if he/she proves that the loss or damage of the personality right of the Customer was caused by an unavoidable reason outside the sphere of data management.
    1. Refund for loss or complaint refund have not to be paid if the loss or damage was caused by the deliberate or significantly careless behaviour of the Customer.

    Closing remarks

    The following regulations were accounted in the course of composing the guide:
    • Act CXII of 2011 – on information self-determination and the freedom of information;
    • Act CVIII of 2001 – on electronic trade services and certain issues of services related to the information society (mainly § 13/A);
    • Act XLVII of 2008 – on prohibiting dishonest trade practice against consumers;
    • Act XLVIII of 2008 – on the fundamental conditions and certain limitations of economic advertisement activity (especially § 6);
    • Act XC of 2005 – on the freedom of electronic information;
    • Act C of 2003 - on electronic information (especially § 155);
    • Opinion 16/2011 – on the EASA/IAB directive related to the adequate practice of behaviour based online advertisement
    • The recommendation of the Hungarian National Authority for Data Protection and Freedom of information about the previous data protection requirements